Set usrinfo for AIX

Set adminstrative domain for the process when looking up user's
    password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
    different things.  Fixes warnings on AIX and others.

MANIFEST

@@ -8,6 +8,7 @@ README.LDAP
 WHATSNEW
 aclocal.m4
 common/Makefile.in
+common/aix.c
 common/alloc.c
 common/atobool.c
 common/fileops.c
@@ -177,7 +178,6 @@ plugins/sudoers/tsgetgrpw.c
 plugins/sudoers/vasgroups.c
 plugins/sudoers/visudo.c
 src/Makefile.in
-src/aix.c
 src/conversation.c
 src/error.c
 src/exec.c

common/Makefile.in

@@ -49,7 +49,7 @@ DEFS = @OSDEFS@
 SHELL = @SHELL@
 
 LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo gettime.lo \
-	 lbuf.lo list.lo term.lo zero_bytes.lo
+	 lbuf.lo list.lo term.lo zero_bytes.lo @COMMON_OBJS@
 
 all: libcommon.la
 
@@ -62,6 +62,7 @@ libcommon.la: $(LTOBJS)
 	$(LIBTOOL) --mode=link $(CC) -o $@ $(LTOBJS) -no-install
 
 # Dependencies
+aix.lo: $(srcdir)/aix.c $(incdir)/compat.h $(incdir)/alloc.h $(incdir)/error.h $(top_builddir)/config.h
 alloc.lo: $(srcdir)/alloc.c $(incdir)/compat.h $(incdir)/alloc.h $(incdir)/error.h $(top_builddir)/config.h
 atobool.lo: $(srcdir)/atobool.c $(incdir)/compat.h $(incdir)/missing.h $(top_builddir)/config.h
 fileops.lo: $(srcdir)/fileops.c $(incdir)/fileops.h $(top_builddir)/config.h

common/aix.c

@@ -29,8 +29,11 @@
 # endif
 #endif /* STDC_HEADERS */
 #include <usersec.h>
+#include <uinfo.h>
 
-#include <compat.h>
+#include "compat.h"
+#include "alloc.h"
+#include "error.h"
 
 #ifdef HAVE_GETUSERATTR
 
@@ -52,6 +55,10 @@ struct aix_limit {
     int factor;
 };
 
+#ifdef HAVE_SETAUTHDB
+static char saved_registry[16]; /* 15 chars plus NUL as per setauthdb(3) */
+#endif
+
 static struct aix_limit aix_limits[] = {
     { RLIMIT_FSIZE, S_UFSIZE, S_UFSIZE_HARD, 512 },
     { RLIMIT_CPU, S_UCPU, S_UCPU_HARD, 1 },
@@ -75,13 +82,16 @@ aix_getlimit(char *user, char *lim, rlim64_t *valp)
     return(0);
 }
 
-void
+static void
 aix_setlimits(char *user)
 {
     struct rlimit64 rlim;
     rlim64_t val;
     int n;
 
+    if (setuserdb(S_READ) != 0)
+	error(1, "unable to open userdb");
+
     /*
      * For each resource limit, get the soft/hard values for the user
      * and set those values via setrlimit64().  Must be run as euid 0.
@@ -118,6 +128,64 @@ aix_setlimits(char *user)
 	}
 	(void)setrlimit64(aix_limits[n].resource, &rlim);
     }
+    enduserdb();
 }
 
+#ifdef HAVE_SETAUTHDB
+/*
+ * Look up administrative domain for user (SYSTEM in /etc/security/user) and
+ * set it as the default for the process.  This ensures that password and
+ * group lookups are made against the correct source (files, NIS, LDAP, etc).
+ */
+void
+aix_setauthdb(char *user)
+{
+    char *registry;
+
+    if (user != NULL) {
+	if (setuserdb(S_READ) != 0)
+	    error(1, "unable to open userdb");
+	if (getuserattr(user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
+	    if (setauthdb(registry, saved_registry) != 0)
+		error(1, "unable to switch to registry \"%s\" for %s",
+		    registry, user);
+	}
+	enduserdb();
+    }
+}
+
+/*
+ * Restore the saved administrative domain, if any.
+ */
+void
+aix_restoreauthdb(void)
+{
+    if (saved_registry[0]) {
+	if (setauthdb(saved_registry, NULL) != 0)
+	    error(1, "unable to restore registry \"%s\"", saved_registry);
+	saved_registry[0] = '\0';
+    }
+}
+#endif
+
+void
+aix_prep_user(char *user, const char *tty)
+{
+    char *info;
+    int len;
+
+    /* set usrinfo, like login(1) does */
+    len = easprintf(&info, "NAME=%s%cLOGIN=%s%cLOGNAME=%s%cTTY=%s%c",
+	user, '\0', user, '\0', user, '\0', tty ? tty : "", '\0');
+    (void)usrinfo(SETUINFO, info, len);
+    efree(info);
+
+#ifdef HAVE_SETAUTHDB
+    /* set administrative domain */
+    aix_setauthdb(user);
+#endif
+
+    /* set resource limits */
+    aix_setlimits(user);
+}
 #endif /* HAVE_GETUSERATTR */

common/alloc.c

@@ -34,10 +34,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
 # include <malloc.h>

common/atobool.c

@@ -33,11 +33,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 
 #include <compat.h>
 #include <missing.h>

common/fileops.c

@@ -30,11 +30,10 @@
 #include <stdio.h>
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #include <ctype.h>
 #include <limits.h>
 #ifdef HAVE_UNISTD_H
@@ -48,6 +47,8 @@
 # include <emul/timespec.h>
 #endif
 
+#include <compat.h>
+#include <missing.h>
 #include <fileops.h>
 
 #ifndef LINE_MAX

common/fmt_string.c

@@ -33,11 +33,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 
 #include <compat.h>
 

common/lbuf.c

@@ -32,11 +32,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

common/term.c

@@ -32,11 +32,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #include <termios.h>
 
 #include <compat.h>

compat/fnmatch.c

@@ -42,11 +42,10 @@
 #include <ctype.h>
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 
 #include <compat.h>
 #include "fnmatch.h"

compat/getcwd.c

@@ -44,11 +44,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
 # include <malloc.h>
 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */

compat/getgrouplist.c

@@ -28,11 +28,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #include <grp.h>
 
 #include <compat.h>

compat/getline.c

@@ -29,11 +29,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #include <limits.h>
 
 #include <compat.h>

compat/glob.c

@@ -69,11 +69,10 @@
 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

compat/snprintf.c

@@ -61,11 +61,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
 # include <malloc.h>
 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */

config.h.in

@@ -403,6 +403,9 @@
 /* Define to 1 to enable SELinux RBAC support. */
 #undef HAVE_SELINUX
 
+/* Define to 1 if you have the `setauthdb' function. */
+#undef HAVE_SETAUTHDB
+
 /* Define to 1 if you have the `setenv' function. */
 #undef HAVE_SETENV
 

configure

@@ -854,6 +854,7 @@ SUDOERS_LIBS
 SUDO_LIBS
 SUDO_OBJS
 SUDOERS_OBJS
+COMMON_OBJS
 SUDOERS_LDFLAGS
 LDFLAGS
 CPPFLAGS
@@ -2779,6 +2780,7 @@ $as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
 
 
 
+
 
 
 #
@@ -6964,13 +6966,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
 else
   lt_cv_nm_interface="BSD nm"
   echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:6967: $ac_compile\"" >&5)
+  (eval echo "\"\$as_me:6969: $ac_compile\"" >&5)
   (eval "$ac_compile" 2>conftest.err)
   cat conftest.err >&5
-  (eval echo "\"\$as_me:6970: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+  (eval echo "\"\$as_me:6972: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
   (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
   cat conftest.err >&5
-  (eval echo "\"\$as_me:6973: output\"" >&5)
+  (eval echo "\"\$as_me:6975: output\"" >&5)
   cat conftest.out >&5
   if $GREP 'External.*some_variable' conftest.out > /dev/null; then
     lt_cv_nm_interface="MS dumpbin"
@@ -8175,7 +8177,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 8178 "configure"' > conftest.$ac_ext
+  echo '#line 8180 "configure"' > conftest.$ac_ext
   if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -9436,11 +9438,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9439: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9441: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:9443: \$? = $ac_status" >&5
+   echo "$as_me:9445: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -9775,11 +9777,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9778: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9780: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:9782: \$? = $ac_status" >&5
+   echo "$as_me:9784: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -9880,11 +9882,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9883: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9885: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:9887: \$? = $ac_status" >&5
+   echo "$as_me:9889: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -9935,11 +9937,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9938: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9940: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:9942: \$? = $ac_status" >&5
+   echo "$as_me:9944: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -12302,7 +12304,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 12305 "configure"
+#line 12307 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -12398,7 +12400,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 12401 "configure"
+#line 12403 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -12914,18 +12916,20 @@ fi
 		fi
 
 		# AIX-specific functions
-		for ac_func in getuserattr
+		for ac_func in getuserattr setauthdb
 do :
-  ac_fn_c_check_func "$LINENO" "getuserattr" "ac_cv_func_getuserattr"
-if test "x$ac_cv_func_getuserattr" = x""yes; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_GETUSERATTR 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi
 done
 
-		SUDO_OBJS="$SUDO_OBJS aix.o"
+		COMMON_OBJS="$COMMON_OBJS aix.lo"
 		;;
     *-*-hiuxmpp*)
 		: ${mansectsu='1m'}

configure.in

@@ -20,6 +20,7 @@ AC_SUBST([PROGS])
 AC_SUBST([CPPFLAGS])
 AC_SUBST([LDFLAGS])
 AC_SUBST([SUDOERS_LDFLAGS])
+AC_SUBST([COMMON_OBJS])
 AC_SUBST([SUDOERS_OBJS])
 AC_SUBST([SUDO_OBJS])
 AC_SUBST([LIBS])
@@ -1502,8 +1503,8 @@ case "$host" in
 		fi
 
 		# AIX-specific functions
-		AC_CHECK_FUNCS(getuserattr)
-		SUDO_OBJS="$SUDO_OBJS aix.o"
+		AC_CHECK_FUNCS(getuserattr setauthdb)
+		COMMON_OBJS="$COMMON_OBJS aix.lo"
 		;;
     *-*-hiuxmpp*)
 		: ${mansectsu='1m'}
@@ -2800,7 +2801,6 @@ AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension
 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
 AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
-AH_TEMPLATE(ENV_DEBUG, [Whether to enable environment debugging.])
 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
@@ -2848,7 +2848,6 @@ AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess()
 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
-AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])

include/fileops.h

@@ -24,6 +24,8 @@
 #define SUDO_TLOCK	2		/* test & lock a file (non-blocking) */
 #define SUDO_UNLOCK	4		/* unlock a file */
 
+struct timeval;
+
 int lock_file(int, int);
 int touch(int, char *, struct timeval *);
 char *sudo_parseln(FILE *);

plugins/sample/sample_plugin.c

@@ -35,11 +35,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/alias.c

@@ -32,10 +32,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/afs.c

@@ -34,10 +34,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/aix_auth.c

@@ -33,10 +33,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/bsdauth.c

@@ -34,10 +34,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/dce.c

@@ -48,10 +48,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/fwtk.c

@@ -34,10 +34,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/kerb4.c

@@ -34,10 +34,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/kerb5.c

@@ -37,10 +37,9 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
 #endif /* HAVE_STRING_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>

plugins/sudoers/auth/pam.c

@@ -32,15 +32,11 @@
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-#  include <memory.h>
-# endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/passwd.c

@@ -33,11 +33,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/rfc1938.c

@@ -34,11 +34,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/secureware.c

@@ -33,11 +33,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/securid.c

@@ -37,11 +37,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/securid5.c

@@ -38,11 +38,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/sia.c

@@ -36,11 +36,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/auth/sudo_auth.c

@@ -32,15 +32,11 @@
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-#  include <memory.h>
-# endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/boottime.c

@@ -29,12 +29,14 @@
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #include <limits.h>
 
 #ifdef HAVE_SYSCTL

plugins/sudoers/check.c

@@ -45,11 +45,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/defaults.c

@@ -34,11 +34,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/env.c

@@ -35,11 +35,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/find_path.c

@@ -35,11 +35,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/getdate.c

@@ -41,11 +41,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #if TIME_WITH_SYS_TIME
 # include <time.h>
 #endif
@@ -114,7 +113,7 @@ static int	yyerror(char *s);
 static int	yylex(void);
 static int	yyparse(void);
 
-#line 108 "getdate.y"
+#line 107 "getdate.y"
 #ifndef YYSTYPE_DEFINED
 #define YYSTYPE_DEFINED
 typedef union {
@@ -122,7 +121,7 @@ typedef union {
     enum _MERIDIAN	Meridian;
 } YYSTYPE;
 #endif /* YYSTYPE_DEFINED */
-#line 126 "y.tab.c"
+#line 125 "y.tab.c"
 #define tAGO 257
 #define tDAY 258
 #define tDAYZONE 259
@@ -390,7 +389,7 @@ short *yyss;
 short *yysslim;
 YYSTYPE *yyvs;
 int yystacksize;
-#line 327 "getdate.y"
+#line 326 "getdate.y"
 
 /* Month and day table. */
 static TABLE const MonthDayTable[] = {
@@ -1028,7 +1027,7 @@ main(ac, av)
     /* NOTREACHED */
 }
 #endif	/* defined(TEST) */
-#line 980 "y.tab.c"
+#line 979 "y.tab.c"
 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
 #if defined(__cplusplus) || defined(__STDC__)
 static int yygrowstack(void)
@@ -1234,37 +1233,37 @@ yyreduce:
     switch (yyn)
     {
 case 3:
-#line 126 "getdate.y"
+#line 125 "getdate.y"
 {
 	    yyHaveTime++;
 	}
 break;
 case 4:
-#line 129 "getdate.y"
+#line 128 "getdate.y"
 {
 	    yyHaveZone++;
 	}
 break;
 case 5:
-#line 132 "getdate.y"
+#line 131 "getdate.y"
 {
 	    yyHaveDate++;
 	}
 break;
 case 6:
-#line 135 "getdate.y"
+#line 134 "getdate.y"
 {
 	    yyHaveDay++;
 	}
 break;
 case 7:
-#line 138 "getdate.y"
+#line 137 "getdate.y"
 {
 	    yyHaveRel++;
 	}
 break;
 case 9:
-#line 144 "getdate.y"
+#line 143 "getdate.y"
 {
 	    yyHour = yyvsp[-1].Number;
 	    yyMinutes = 0;
@@ -1273,7 +1272,7 @@ case 9:
 	}
 break;
 case 10:
-#line 150 "getdate.y"
+#line 149 "getdate.y"
 {
 	    yyHour = yyvsp[-3].Number;
 	    yyMinutes = yyvsp[-1].Number;
@@ -1282,7 +1281,7 @@ case 10:
 	}
 break;
 case 11:
-#line 156 "getdate.y"
+#line 155 "getdate.y"
 {
 	    yyHour = yyvsp[-3].Number;
 	    yyMinutes = yyvsp[-1].Number;
@@ -1292,7 +1291,7 @@ case 11:
 	}
 break;
 case 12:
-#line 163 "getdate.y"
+#line 162 "getdate.y"
 {
 	    yyHour = yyvsp[-5].Number;
 	    yyMinutes = yyvsp[-3].Number;
@@ -1301,7 +1300,7 @@ case 12:
 	}
 break;
 case 13:
-#line 169 "getdate.y"
+#line 168 "getdate.y"
 {
 	    yyHour = yyvsp[-5].Number;
 	    yyMinutes = yyvsp[-3].Number;
@@ -1312,56 +1311,56 @@ case 13:
 	}
 break;
 case 14:
-#line 179 "getdate.y"
+#line 178 "getdate.y"
 {
 	    yyTimezone = yyvsp[0].Number;
 	    yyDSTmode = DSToff;
 	}
 break;
 case 15:
-#line 183 "getdate.y"
+#line 182 "getdate.y"
 {
 	    yyTimezone = yyvsp[0].Number;
 	    yyDSTmode = DSTon;
 	}
 break;
 case 16:
-#line 188 "getdate.y"
+#line 187 "getdate.y"
 {
 	    yyTimezone = yyvsp[-1].Number;
 	    yyDSTmode = DSTon;
 	}
 break;
 case 17:
-#line 194 "getdate.y"
+#line 193 "getdate.y"
 {
 	    yyDayOrdinal = 1;
 	    yyDayNumber = yyvsp[0].Number;
 	}
 break;
 case 18:
-#line 198 "getdate.y"
+#line 197 "getdate.y"
 {
 	    yyDayOrdinal = 1;
 	    yyDayNumber = yyvsp[-1].Number;
 	}
 break;
 case 19:
-#line 202 "getdate.y"
+#line 201 "getdate.y"
 {
 	    yyDayOrdinal = yyvsp[-1].Number;
 	    yyDayNumber = yyvsp[0].Number;
 	}
 break;
 case 20:
-#line 208 "getdate.y"
+#line 207 "getdate.y"
 {
 	    yyMonth = yyvsp[-2].Number;
 	    yyDay = yyvsp[0].Number;
 	}
 break;
 case 21:
-#line 212 "getdate.y"
+#line 211 "getdate.y"
 {
 	    if (yyvsp[-4].Number >= 100) {
 		yyYear = yyvsp[-4].Number;
@@ -1375,7 +1374,7 @@ case 21:
 	}
 break;
 case 22:
-#line 223 "getdate.y"
+#line 222 "getdate.y"
 {
 	    /* ISO 8601 format.  yyyy-mm-dd.  */
 	    yyYear = yyvsp[-2].Number;
@@ -1384,7 +1383,7 @@ case 22:
 	}
 break;
 case 23:
-#line 229 "getdate.y"
+#line 228 "getdate.y"
 {
 	    /* e.g. 17-JUN-1992.  */
 	    yyDay = yyvsp[-2].Number;
@@ -1393,14 +1392,14 @@ case 23:
 	}
 break;
 case 24:
-#line 235 "getdate.y"
+#line 234 "getdate.y"
 {
 	    yyMonth = yyvsp[-1].Number;
 	    yyDay = yyvsp[0].Number;
 	}
 break;
 case 25:
-#line 239 "getdate.y"
+#line 238 "getdate.y"
 {
 	    yyMonth = yyvsp[-3].Number;
 	    yyDay = yyvsp[-2].Number;
@@ -1408,14 +1407,14 @@ case 25:
 	}
 break;
 case 26:
-#line 244 "getdate.y"
+#line 243 "getdate.y"
 {
 	    yyMonth = yyvsp[0].Number;
 	    yyDay = yyvsp[-1].Number;
 	}
 break;
 case 27:
-#line 248 "getdate.y"
+#line 247 "getdate.y"
 {
 	    yyMonth = yyvsp[-1].Number;
 	    yyDay = yyvsp[-2].Number;
@@ -1423,68 +1422,68 @@ case 27:
 	}
 break;
 case 28:
-#line 255 "getdate.y"
+#line 254 "getdate.y"
 {
 	    yyRelSeconds = -yyRelSeconds;
 	    yyRelMonth = -yyRelMonth;
 	}
 break;
 case 30:
-#line 262 "getdate.y"
+#line 261 "getdate.y"
 {
 	    yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L;
 	}
 break;
 case 31:
-#line 265 "getdate.y"
+#line 264 "getdate.y"
 {
 	    yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L;
 	}
 break;
 case 32:
-#line 268 "getdate.y"
+#line 267 "getdate.y"
 {
 	    yyRelSeconds += yyvsp[0].Number * 60L;
 	}
 break;
 case 33:
-#line 271 "getdate.y"
+#line 270 "getdate.y"
 {
 	    yyRelSeconds += yyvsp[-1].Number;
 	}
 break;
 case 34:
-#line 274 "getdate.y"
+#line 273 "getdate.y"
 {
 	    yyRelSeconds += yyvsp[-1].Number;
 	}
 break;
 case 35:
-#line 277 "getdate.y"
+#line 276 "getdate.y"
 {
 	    yyRelSeconds++;
 	}
 break;
 case 36:
-#line 280 "getdate.y"
+#line 279 "getdate.y"
 {
 	    yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
 	}
 break;
 case 37:
-#line 283 "getdate.y"
+#line 282 "getdate.y"
 {
 	    yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
 	}
 break;
 case 38:
-#line 286 "getdate.y"
+#line 285 "getdate.y"
 {
 	    yyRelMonth += yyvsp[0].Number;
 	}
 break;
 case 39:
-#line 291 "getdate.y"
+#line 290 "getdate.y"
 {
 	    if (yyHaveTime && yyHaveDate && !yyHaveRel)
 		yyYear = yyvsp[0].Number;
@@ -1512,18 +1511,18 @@ case 39:
 	}
 break;
 case 40:
-#line 318 "getdate.y"
+#line 317 "getdate.y"
 {
 	    yyval.Meridian = MER24;
 	}
 break;
 case 41:
-#line 321 "getdate.y"
+#line 320 "getdate.y"
 {
 	    yyval.Meridian = yyvsp[0].Meridian;
 	}
 break;
-#line 1475 "y.tab.c"
+#line 1474 "y.tab.c"
     }
     yyssp -= yym;
     yystate = *yyssp;

plugins/sudoers/getdate.y

@@ -30,11 +30,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #if TIME_WITH_SYS_TIME
 # include <time.h>
 #endif

plugins/sudoers/getspwuid.c

@@ -34,15 +34,11 @@
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-#  include <memory.h>
-# endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/goodpath.c

@@ -27,11 +27,10 @@
 #include <stdio.h>
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/gram.c

@@ -11,7 +11,7 @@
 #define YYPREFIX "yy"
 #line 2 "gram.y"
 /*
- * Copyright (c) 1996, 1998-2005, 2007-2009
+ * Copyright (c) 1996, 1998-2005, 2007-2010
  *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -48,11 +48,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -119,7 +118,7 @@ yyerror(s)
     }
     parse_error = TRUE;
 }
-#line 113 "gram.y"
+#line 112 "gram.y"
 #ifndef YYSTYPE_DEFINED
 #define YYSTYPE_DEFINED
 typedef union {
@@ -135,7 +134,7 @@ typedef union {
     int tok;
 } YYSTYPE;
 #endif /* YYSTYPE_DEFINED */
-#line 139 "y.tab.c"
+#line 138 "y.tab.c"
 #define COMMAND 257
 #define ALIAS 258
 #define DEFVAR 259
@@ -633,7 +632,7 @@ short *yyss;
 short *yysslim;
 YYSTYPE *yyvs;
 int yystacksize;
-#line 607 "gram.y"
+#line 606 "gram.y"
 static struct defaults *
 new_default(var, val, op)
     char *var;
@@ -824,7 +823,7 @@ init_parser(path, quiet)
     sudolineno = 1;
     verbose = !quiet;
 }
-#line 776 "y.tab.c"
+#line 775 "y.tab.c"
 /* allocate initial stack or double stack size, up to YYMAXDEPTH */
 #if defined(__cplusplus) || defined(__STDC__)
 static int yygrowstack(void)
@@ -1030,127 +1029,127 @@ yyreduce:
     switch (yyn)
     {
 case 1:
-#line 188 "gram.y"
+#line 187 "gram.y"
 { ; }
 break;
 case 5:
-#line 196 "gram.y"
+#line 195 "gram.y"
 {
 			    ;
 			}
 break;
 case 6:
-#line 199 "gram.y"
+#line 198 "gram.y"
 {
 			    yyerrok;
 			}
 break;
 case 7:
-#line 202 "gram.y"
+#line 201 "gram.y"
 {
 			    add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
 			}
 break;
 case 8:
-#line 205 "gram.y"
+#line 204 "gram.y"
 {
 			    ;
 			}
 break;
 case 9:
-#line 208 "gram.y"
+#line 207 "gram.y"
 {
 			    ;
 			}
 break;
 case 10:
-#line 211 "gram.y"
+#line 210 "gram.y"
 {
 			    ;
 			}
 break;
 case 11:
-#line 214 "gram.y"
+#line 213 "gram.y"
 {
 			    ;
 			}
 break;
 case 12:
-#line 217 "gram.y"
+#line 216 "gram.y"
 {
 			    add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
 			}
 break;
 case 13:
-#line 220 "gram.y"
+#line 219 "gram.y"
 {
 			    add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
 			}
 break;
 case 14:
-#line 223 "gram.y"
+#line 222 "gram.y"
 {
 			    add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
 			}
 break;
 case 15:
-#line 226 "gram.y"
+#line 225 "gram.y"
 {
 			    add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
 			}
 break;
 case 16:
-#line 229 "gram.y"
+#line 228 "gram.y"
 {
 			    add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
 			}
 break;
 case 18:
-#line 235 "gram.y"
+#line 234 "gram.y"
 {
 			    list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
 			    yyval.defaults = yyvsp[-2].defaults;
 			}
 break;
 case 19:
-#line 241 "gram.y"
+#line 240 "gram.y"
 {
 			    yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
 			}
 break;
 case 20:
-#line 244 "gram.y"
+#line 243 "gram.y"
 {
 			    yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
 			}
 break;
 case 21:
-#line 247 "gram.y"
+#line 246 "gram.y"
 {
 			    yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
 			}
 break;
 case 22:
-#line 250 "gram.y"
+#line 249 "gram.y"
 {
 			    yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
 			}
 break;
 case 23:
-#line 253 "gram.y"
+#line 252 "gram.y"
 {
 			    yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
 			}
 break;
 case 25:
-#line 259 "gram.y"
+#line 258 "gram.y"
 {
 			    list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
 			    yyval.privilege = yyvsp[-2].privilege;
 			}
 break;
 case 26:
-#line 265 "gram.y"
+#line 264 "gram.y"
 {
 			    struct privilege *p = emalloc(sizeof(*p));
 			    list2tq(&p->hostlist, yyvsp[-2].member);
@@ -1161,51 +1160,51 @@ case 26:
 			}
 break;
 case 27:
-#line 275 "gram.y"
+#line 274 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = FALSE;
 			}
 break;
 case 28:
-#line 279 "gram.y"
+#line 278 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = TRUE;
 			}
 break;
 case 29:
-#line 285 "gram.y"
+#line 284 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, ALIAS);
 			}
 break;
 case 30:
-#line 288 "gram.y"
+#line 287 "gram.y"
 {
 			    yyval.member = new_member(NULL, ALL);
 			}
 break;
 case 31:
-#line 291 "gram.y"
+#line 290 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, NETGROUP);
 			}
 break;
 case 32:
-#line 294 "gram.y"
+#line 293 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, NTWKADDR);
 			}
 break;
 case 33:
-#line 297 "gram.y"
+#line 296 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, WORD);
 			}
 break;
 case 35:
-#line 303 "gram.y"
+#line 302 "gram.y"
 {
 			    list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
 #ifdef HAVE_SELINUX
@@ -1238,7 +1237,7 @@ case 35:
 			}
 break;
 case 36:
-#line 335 "gram.y"
+#line 334 "gram.y"
 {
 			    struct cmndspec *cs = emalloc(sizeof(*cs));
 			    if (yyvsp[-3].runas != NULL) {
@@ -1265,80 +1264,80 @@ case 36:
 			}
 break;
 case 37:
-#line 361 "gram.y"
+#line 360 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = FALSE;
 			}
 break;
 case 38:
-#line 365 "gram.y"
+#line 364 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = TRUE;
 			}
 break;
 case 39:
-#line 371 "gram.y"
+#line 370 "gram.y"
 {
 			    yyval.string = yyvsp[0].string;
 			}
 break;
 case 40:
-#line 376 "gram.y"
+#line 375 "gram.y"
 {
 			    yyval.string = yyvsp[0].string;
 			}
 break;
 case 41:
-#line 381 "gram.y"
+#line 380 "gram.y"
 {
 			    yyval.seinfo.role = NULL;
 			    yyval.seinfo.type = NULL;
 			}
 break;
 case 42:
-#line 385 "gram.y"
+#line 384 "gram.y"
 {
 			    yyval.seinfo.role = yyvsp[0].string;
 			    yyval.seinfo.type = NULL;
 			}
 break;
 case 43:
-#line 389 "gram.y"
+#line 388 "gram.y"
 {
 			    yyval.seinfo.type = yyvsp[0].string;
 			    yyval.seinfo.role = NULL;
 			}
 break;
 case 44:
-#line 393 "gram.y"
+#line 392 "gram.y"
 {
 			    yyval.seinfo.role = yyvsp[-1].string;
 			    yyval.seinfo.type = yyvsp[0].string;
 			}
 break;
 case 45:
-#line 397 "gram.y"
+#line 396 "gram.y"
 {
 			    yyval.seinfo.type = yyvsp[-1].string;
 			    yyval.seinfo.role = yyvsp[0].string;
 			}
 break;
 case 46:
-#line 403 "gram.y"
+#line 402 "gram.y"
 {
 			    yyval.runas = NULL;
 			}
 break;
 case 47:
-#line 406 "gram.y"
+#line 405 "gram.y"
 {
 			    yyval.runas = yyvsp[-1].runas;
 			}
 break;
 case 48:
-#line 411 "gram.y"
+#line 410 "gram.y"
 {
 			    yyval.runas = emalloc(sizeof(struct runascontainer));
 			    yyval.runas->runasusers = yyvsp[0].member;
@@ -1346,7 +1345,7 @@ case 48:
 			}
 break;
 case 49:
-#line 416 "gram.y"
+#line 415 "gram.y"
 {
 			    yyval.runas = emalloc(sizeof(struct runascontainer));
 			    yyval.runas->runasusers = yyvsp[-2].member;
@@ -1354,7 +1353,7 @@ case 49:
 			}
 break;
 case 50:
-#line 421 "gram.y"
+#line 420 "gram.y"
 {
 			    yyval.runas = emalloc(sizeof(struct runascontainer));
 			    yyval.runas->runasusers = NULL;
@@ -1362,86 +1361,86 @@ case 50:
 			}
 break;
 case 51:
-#line 428 "gram.y"
+#line 427 "gram.y"
 {
 			    yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
 				yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
 			}
 break;
 case 52:
-#line 432 "gram.y"
+#line 431 "gram.y"
 {
 			    yyval.tag.nopasswd = TRUE;
 			}
 break;
 case 53:
-#line 435 "gram.y"
+#line 434 "gram.y"
 {
 			    yyval.tag.nopasswd = FALSE;
 			}
 break;
 case 54:
-#line 438 "gram.y"
+#line 437 "gram.y"
 {
 			    yyval.tag.noexec = TRUE;
 			}
 break;
 case 55:
-#line 441 "gram.y"
+#line 440 "gram.y"
 {
 			    yyval.tag.noexec = FALSE;
 			}
 break;
 case 56:
-#line 444 "gram.y"
+#line 443 "gram.y"
 {
 			    yyval.tag.setenv = TRUE;
 			}
 break;
 case 57:
-#line 447 "gram.y"
+#line 446 "gram.y"
 {
 			    yyval.tag.setenv = FALSE;
 			}
 break;
 case 58:
-#line 450 "gram.y"
+#line 449 "gram.y"
 {
 			    yyval.tag.log_input = TRUE;
 			}
 break;
 case 59:
-#line 453 "gram.y"
+#line 452 "gram.y"
 {
 			    yyval.tag.log_input = FALSE;
 			}
 break;
 case 60:
-#line 456 "gram.y"
+#line 455 "gram.y"
 {
 			    yyval.tag.log_output = TRUE;
 			}
 break;
 case 61:
-#line 459 "gram.y"
+#line 458 "gram.y"
 {
 			    yyval.tag.log_output = FALSE;
 			}
 break;
 case 62:
-#line 464 "gram.y"
+#line 463 "gram.y"
 {
 			    yyval.member = new_member(NULL, ALL);
 			}
 break;
 case 63:
-#line 467 "gram.y"
+#line 466 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, ALIAS);
 			}
 break;
 case 64:
-#line 470 "gram.y"
+#line 469 "gram.y"
 {
 			    struct sudo_command *c = emalloc(sizeof(*c));
 			    c->cmnd = yyvsp[0].command.cmnd;
@@ -1450,7 +1449,7 @@ case 64:
 			}
 break;
 case 67:
-#line 482 "gram.y"
+#line 481 "gram.y"
 {
 			    char *s;
 			    if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
@@ -1460,14 +1459,14 @@ case 67:
 			}
 break;
 case 69:
-#line 492 "gram.y"
+#line 491 "gram.y"
 {
 			    list_append(yyvsp[-2].member, yyvsp[0].member);
 			    yyval.member = yyvsp[-2].member;
 			}
 break;
 case 72:
-#line 502 "gram.y"
+#line 501 "gram.y"
 {
 			    char *s;
 			    if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
@@ -1477,14 +1476,14 @@ case 72:
 			}
 break;
 case 74:
-#line 512 "gram.y"
+#line 511 "gram.y"
 {
 			    list_append(yyvsp[-2].member, yyvsp[0].member);
 			    yyval.member = yyvsp[-2].member;
 			}
 break;
 case 77:
-#line 522 "gram.y"
+#line 521 "gram.y"
 {
 			    char *s;
 			    if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
@@ -1494,7 +1493,7 @@ case 77:
 			}
 break;
 case 80:
-#line 535 "gram.y"
+#line 534 "gram.y"
 {
 			    char *s;
 			    if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
@@ -1504,96 +1503,96 @@ case 80:
 			}
 break;
 case 82:
-#line 545 "gram.y"
+#line 544 "gram.y"
 {
 			    list_append(yyvsp[-2].member, yyvsp[0].member);
 			    yyval.member = yyvsp[-2].member;
 			}
 break;
 case 83:
-#line 551 "gram.y"
+#line 550 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = FALSE;
 			}
 break;
 case 84:
-#line 555 "gram.y"
+#line 554 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = TRUE;
 			}
 break;
 case 85:
-#line 561 "gram.y"
+#line 560 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, ALIAS);
 			}
 break;
 case 86:
-#line 564 "gram.y"
+#line 563 "gram.y"
 {
 			    yyval.member = new_member(NULL, ALL);
 			}
 break;
 case 87:
-#line 567 "gram.y"
+#line 566 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, NETGROUP);
 			}
 break;
 case 88:
-#line 570 "gram.y"
+#line 569 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, USERGROUP);
 			}
 break;
 case 89:
-#line 573 "gram.y"
+#line 572 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, WORD);
 			}
 break;
 case 91:
-#line 579 "gram.y"
+#line 578 "gram.y"
 {
 			    list_append(yyvsp[-2].member, yyvsp[0].member);
 			    yyval.member = yyvsp[-2].member;
 			}
 break;
 case 92:
-#line 585 "gram.y"
+#line 584 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = FALSE;
 			}
 break;
 case 93:
-#line 589 "gram.y"
+#line 588 "gram.y"
 {
 			    yyval.member = yyvsp[0].member;
 			    yyval.member->negated = TRUE;
 			}
 break;
 case 94:
-#line 595 "gram.y"
+#line 594 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, ALIAS);
 			}
 break;
 case 95:
-#line 598 "gram.y"
+#line 597 "gram.y"
 {
 			    yyval.member = new_member(NULL, ALL);
 			}
 break;
 case 96:
-#line 601 "gram.y"
+#line 600 "gram.y"
 {
 			    yyval.member = new_member(yyvsp[0].string, WORD);
 			}
 break;
-#line 1545 "y.tab.c"
+#line 1544 "y.tab.c"
     }
     yyssp -= yym;
     yystate = *yyssp;

plugins/sudoers/gram.y

@@ -37,11 +37,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/interfaces.c

@@ -52,11 +52,10 @@ struct rtentry;
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/iolog.c

@@ -31,11 +31,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/ldap.c

@@ -33,11 +33,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
 # include <malloc.h>
 #endif /* HAVE_MALLOC_H && !STDC_HEADERS */

plugins/sudoers/logging.c

@@ -40,11 +40,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/match.c

@@ -38,11 +38,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/parse.c

@@ -31,11 +31,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/pwutil.c

@@ -38,14 +38,16 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
+#ifdef HAVE_SETAUTHDB
+# include <usersec.h>
+#endif /* HAVE_SETAUTHDB */
 #include <pwd.h>
 #include <grp.h>
 
@@ -166,11 +168,14 @@ sudo_getpwuid(uid_t uid)
     key.pw_uid = uid;
     if ((node = rbfind(pwcache_byuid, &key)) != NULL) {
 	pw = (struct passwd *) node->data;
-	return(pw->pw_name != NULL ? pw : NULL);
+	goto done;
     }
     /*
      * Cache passwd db entry if it exists or a negative response if not.
      */
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb(IDtouser(uid));
+#endif
     if ((pw = getpwuid(uid)) != NULL) {
 	pw = sudo_pwdup(pw);
 	cp = sudo_getepw(pw);		/* get shadow password */
@@ -180,15 +185,18 @@ sudo_getpwuid(uid_t uid)
 	if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
 	    errorx(1, "unable to cache uid %lu (%s), already exists",
 		uid, pw->pw_name);
-	return(pw);
     } else {
 	pw = emalloc(sizeof(*pw));
 	zero_bytes(pw, sizeof(*pw));
 	pw->pw_uid = uid;
 	if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
 	    errorx(1, "unable to cache uid %lu, already exists", uid);
-	return(NULL);
     }
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
+done:
+    return(pw->pw_name != NULL ? pw : NULL);
 }
 
 /*
@@ -206,11 +214,14 @@ sudo_getpwnam(const char *name)
     key.pw_name = (char *) name;
     if ((node = rbfind(pwcache_byname, &key)) != NULL) {
 	pw = (struct passwd *) node->data;
-	return(pw->pw_uid != (uid_t) -1 ? pw : NULL);
+	goto done;
     }
     /*
      * Cache passwd db entry if it exists or a negative response if not.
      */
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb((char *) name);
+#endif
     if ((pw = getpwnam(name)) != NULL) {
 	pw = sudo_pwdup(pw);
 	cp = sudo_getepw(pw);		/* get shadow password */
@@ -219,7 +230,6 @@ sudo_getpwnam(const char *name)
 	pw->pw_passwd = cp;
 	if (rbinsert(pwcache_byname, (void *) pw) != NULL)
 	    errorx(1, "unable to cache user %s, already exists", name);
-	return(pw);
     } else {
 	len = strlen(name) + 1;
 	cp = emalloc(sizeof(*pw) + len);
@@ -231,8 +241,12 @@ sudo_getpwnam(const char *name)
 	pw->pw_uid = (uid_t) -1;
 	if (rbinsert(pwcache_byname, (void *) pw) != NULL)
 	    errorx(1, "unable to cache user %s, already exists", name);
-	return(NULL);
     }
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
+done:
+    return(pw->pw_uid != (uid_t) -1 ? pw : NULL);
 }
 
 /*
@@ -434,7 +448,7 @@ sudo_getgrgid(gid_t gid)
     key.gr_gid = gid;
     if ((node = rbfind(grcache_bygid, &key)) != NULL) {
 	gr = (struct group *) node->data;
-	return(gr->gr_name != NULL ? gr : NULL);
+	goto done;
     }
     /*
      * Cache group db entry if it exists or a negative response if not.
@@ -444,15 +458,15 @@ sudo_getgrgid(gid_t gid)
 	if (rbinsert(grcache_bygid, (void *) gr) != NULL)
 	    errorx(1, "unable to cache gid %lu (%s), already exists",
 		gid, gr->gr_name);
-	return(gr);
     } else {
 	gr = emalloc(sizeof(*gr));
 	zero_bytes(gr, sizeof(*gr));
 	gr->gr_gid = gid;
 	if (rbinsert(grcache_bygid, (void *) gr) != NULL)
 	    errorx(1, "unable to cache gid %lu, already exists, gid");
-	return(NULL);
     }
+done:
+    return(gr->gr_name != NULL ? gr : NULL);
 }
 
 /*
@@ -469,7 +483,7 @@ sudo_getgrnam(const char *name)
     key.gr_name = (char *) name;
     if ((node = rbfind(grcache_byname, &key)) != NULL) {
 	gr = (struct group *) node->data;
-	return(gr->gr_gid != (gid_t) -1 ? gr : NULL);
+	goto done;
     }
     /*
      * Cache group db entry if it exists or a negative response if not.
@@ -478,7 +492,6 @@ sudo_getgrnam(const char *name)
 	gr = sudo_grdup(gr);
 	if (rbinsert(grcache_byname, (void *) gr) != NULL)
 	    errorx(1, "unable to cache group %s, already exists", name);
-	return(gr);
     } else {
 	len = strlen(name) + 1;
 	cp = emalloc(sizeof(*gr) + len);
@@ -490,8 +503,9 @@ sudo_getgrnam(const char *name)
 	gr->gr_gid = (gid_t) -1;
 	if (rbinsert(grcache_byname, (void *) gr) != NULL)
 	    errorx(1, "unable to cache group %s, already exists", name);
-	return(NULL);
     }
+done:
+    return(gr->gr_gid != (gid_t) -1 ? gr : NULL);
 }
 
 void
@@ -540,7 +554,14 @@ user_in_group(struct passwd *pw, const char *group)
 #endif
     struct group *grp;
 
-    if ((grp = sudo_getgrnam(group)) == NULL)
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb(pw->pw_name);
+#endif
+    grp = sudo_getgrnam(group);
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
+    if (grp == NULL)
 	return(FALSE);
 
     /* check against user's primary (passwd file) gid */

plugins/sudoers/set_perms.c

@@ -34,11 +34,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -942,6 +941,9 @@ runas_setgroups()
      */
     if (runas_ngroups == -1) {
 	pw = runas_pw ? runas_pw : sudo_user.pw;
+# ifdef HAVE_SETAUTHDB
+	aix_setauthdb(pw->pw_name);
+# endif
 	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
 # ifdef HAVE_GETGROUPS
@@ -950,6 +952,9 @@ runas_setgroups()
 	    if (getgroups(runas_ngroups, runas_groups) < 0)
 		log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");
 	}
+#  ifdef HAVE_SETAUTHDB
+	aix_restoreauthdb();
+#  endif
     } else {
 	if (setgroups(runas_ngroups, runas_groups) < 0)
 	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");

plugins/sudoers/sudo_nss.c

@@ -29,11 +29,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -211,6 +210,9 @@ reset_groups(struct passwd *pw)
 {
 #if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
     if (pw != sudo_user.pw) {
+# ifdef HAVE_SETAUTHDB
+	aix_setauthdb(pw->pw_name);
+# endif
 	(void) initgroups(pw->pw_name, pw->pw_gid);
 	efree(user_groups);
 	user_groups = NULL;
@@ -219,6 +221,9 @@ reset_groups(struct passwd *pw)
 	    if (getgroups(user_ngroups, user_groups) < 0)
 		log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
 	}
+# ifdef HAVE_SETAUTHDB
+	aix_restoreauthdb();
+# endif
     }
 #endif
 }

plugins/sudoers/sudoers.c

@@ -51,11 +51,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/sudoers.h

@@ -295,6 +295,10 @@ void cleanup(int);
 void set_fqdn(void);
 FILE *open_sudoers(const char *, int, int *);
 
+/* aix.c */
+void aix_restoreauthdb(void);
+void aix_setauthdb(char *user);
+
 #ifndef _SUDO_MAIN
 extern struct sudo_user sudo_user;
 extern struct passwd *auth_pw, *list_pw;

plugins/sudoers/sudoreplay.c

@@ -39,11 +39,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/testsudoers.c

@@ -40,11 +40,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/toke.c

@@ -1353,7 +1353,7 @@ char *yytext;
 #define INITIAL 0
 #line 2 "toke.l"
 /*
- * Copyright (c) 1996, 1998-2005, 2007-2009
+ * Copyright (c) 1996, 1998-2005, 2007-2010
  *	Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -1392,11 +1392,10 @@ char *yytext;
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -1466,7 +1465,7 @@ extern void yyerror(const char *);
 
 #define INSTR 5
 
-#line 1470 "lex.yy.c"
+#line 1469 "lex.yy.c"
 
 /* Macros after this point can all be overridden by user definitions in
  * section 1.
@@ -1620,9 +1619,9 @@ YY_DECL
 	register char *yy_cp, *yy_bp;
 	register int yy_act;
 
-#line 128 "toke.l"
+#line 127 "toke.l"
 
-#line 1626 "lex.yy.c"
+#line 1625 "lex.yy.c"
 
 	if ( yy_init )
 		{
@@ -1708,12 +1707,12 @@ do_action:	/* This label is used only to access EOF actions. */
 
 case 1:
 YY_RULE_SETUP
-#line 129 "toke.l"
+#line 128 "toke.l"
 BEGIN STARTDEFS;
 	YY_BREAK
 case 2:
 YY_RULE_SETUP
-#line 131 "toke.l"
+#line 130 "toke.l"
 {
 			    BEGIN INDEFS;
 			    LEXTRACE("DEFVAR ");
@@ -1725,7 +1724,7 @@ YY_RULE_SETUP
 
 case 3:
 YY_RULE_SETUP
-#line 140 "toke.l"
+#line 139 "toke.l"
 {
 			    BEGIN STARTDEFS;
 			    LEXTRACE(", ");
@@ -1734,7 +1733,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 4:
 YY_RULE_SETUP
-#line 146 "toke.l"
+#line 145 "toke.l"
 {
 			    LEXTRACE("= ");
 			    return('=');
@@ -1742,7 +1741,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 5:
 YY_RULE_SETUP
-#line 151 "toke.l"
+#line 150 "toke.l"
 {
 			    LEXTRACE("+= ");
 			    return('+');
@@ -1750,7 +1749,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 6:
 YY_RULE_SETUP
-#line 156 "toke.l"
+#line 155 "toke.l"
 {
 			    LEXTRACE("-= ");
 			    return('-');
@@ -1758,7 +1757,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 7:
 YY_RULE_SETUP
-#line 161 "toke.l"
+#line 160 "toke.l"
 {
 			    LEXTRACE("BEGINSTR ");
 			    yylval.string = NULL;
@@ -1767,7 +1766,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 8:
 YY_RULE_SETUP
-#line 167 "toke.l"
+#line 166 "toke.l"
 {
 			    LEXTRACE("WORD(2) ");
 			    if (!fill(yytext, yyleng))
@@ -1779,7 +1778,7 @@ YY_RULE_SETUP
 
 case 9:
 YY_RULE_SETUP
-#line 176 "toke.l"
+#line 175 "toke.l"
 {
 			    /* Line continuation char followed by newline. */
 			    ++sudolineno;
@@ -1788,7 +1787,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 10:
 YY_RULE_SETUP
-#line 182 "toke.l"
+#line 181 "toke.l"
 {
 			    LEXTRACE("ENDSTR ");
 			    BEGIN INDEFS;
@@ -1797,7 +1796,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 11:
 YY_RULE_SETUP
-#line 188 "toke.l"
+#line 187 "toke.l"
 {
 			    LEXTRACE("BACKSLASH ");
 			    if (!append(yytext, yyleng))
@@ -1806,7 +1805,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 12:
 YY_RULE_SETUP
-#line 194 "toke.l"
+#line 193 "toke.l"
 {
 			    LEXTRACE("STRBODY ");
 			    if (!append(yytext, yyleng))
@@ -1817,7 +1816,7 @@ YY_RULE_SETUP
 
 case 13:
 YY_RULE_SETUP
-#line 202 "toke.l"
+#line 201 "toke.l"
 {
 			    /* quoted fnmatch glob char, pass verbatim */
 			    LEXTRACE("QUOTEDCHAR ");
@@ -1828,7 +1827,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 14:
 YY_RULE_SETUP
-#line 210 "toke.l"
+#line 209 "toke.l"
 {
 			    /* quoted sudoers special char, strip backslash */
 			    LEXTRACE("QUOTEDCHAR ");
@@ -1839,7 +1838,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 15:
 YY_RULE_SETUP
-#line 218 "toke.l"
+#line 217 "toke.l"
 {
 			    BEGIN INITIAL;
 			    yyless(0);
@@ -1848,7 +1847,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 16:
 YY_RULE_SETUP
-#line 224 "toke.l"
+#line 223 "toke.l"
 {
 			    LEXTRACE("ARG ");
 			    if (!fill_args(yytext, yyleng, sawspace))
@@ -1859,7 +1858,7 @@ YY_RULE_SETUP
 
 case 17:
 YY_RULE_SETUP
-#line 232 "toke.l"
+#line 231 "toke.l"
 {
 			    char *path;
 
@@ -1875,7 +1874,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 18:
 YY_RULE_SETUP
-#line 245 "toke.l"
+#line 244 "toke.l"
 {
 			    char *path;
 
@@ -1894,7 +1893,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 19:
 YY_RULE_SETUP
-#line 261 "toke.l"
+#line 260 "toke.l"
 {
 			    int n;
 			    for (n = 0; isblank((unsigned char)yytext[n]); n++)
@@ -1926,7 +1925,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 20:
 YY_RULE_SETUP
-#line 290 "toke.l"
+#line 289 "toke.l"
 {
 			    int n;
 			    for (n = 0; isblank((unsigned char)yytext[n]); n++)
@@ -1949,7 +1948,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 21:
 YY_RULE_SETUP
-#line 310 "toke.l"
+#line 309 "toke.l"
 {
 				/* cmnd does not require passwd for this user */
 			    	LEXTRACE("NOPASSWD ");
@@ -1958,7 +1957,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 22:
 YY_RULE_SETUP
-#line 316 "toke.l"
+#line 315 "toke.l"
 {
 				/* cmnd requires passwd for this user */
 			    	LEXTRACE("PASSWD ");
@@ -1967,7 +1966,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 23:
 YY_RULE_SETUP
-#line 322 "toke.l"
+#line 321 "toke.l"
 {
 			    	LEXTRACE("NOEXEC ");
 			    	return(NOEXEC);
@@ -1975,7 +1974,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 24:
 YY_RULE_SETUP
-#line 327 "toke.l"
+#line 326 "toke.l"
 {
 			    	LEXTRACE("EXEC ");
 			    	return(EXEC);
@@ -1983,7 +1982,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 25:
 YY_RULE_SETUP
-#line 332 "toke.l"
+#line 331 "toke.l"
 {
 			    	LEXTRACE("SETENV ");
 			    	return(SETENV);
@@ -1991,7 +1990,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 26:
 YY_RULE_SETUP
-#line 337 "toke.l"
+#line 336 "toke.l"
 {
 			    	LEXTRACE("NOSETENV ");
 			    	return(NOSETENV);
@@ -1999,7 +1998,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 27:
 YY_RULE_SETUP
-#line 342 "toke.l"
+#line 341 "toke.l"
 {
 			    /* netgroup */
 			    if (!fill(yytext, yyleng))
@@ -2010,7 +2009,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 28:
 YY_RULE_SETUP
-#line 350 "toke.l"
+#line 349 "toke.l"
 {
 			    /* UN*X group */
 			    if (!fill(yytext, yyleng))
@@ -2021,7 +2020,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 29:
 YY_RULE_SETUP
-#line 358 "toke.l"
+#line 357 "toke.l"
 {
 			    if (!fill(yytext, yyleng))
 				yyterminate();
@@ -2031,7 +2030,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 30:
 YY_RULE_SETUP
-#line 365 "toke.l"
+#line 364 "toke.l"
 {
 			    if (!fill(yytext, yyleng))
 				yyterminate();
@@ -2041,7 +2040,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 31:
 YY_RULE_SETUP
-#line 372 "toke.l"
+#line 371 "toke.l"
 {
 			    if (!ipv6_valid(yytext)) {
 				LEXTRACE("ERROR ");
@@ -2055,7 +2054,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 32:
 YY_RULE_SETUP
-#line 383 "toke.l"
+#line 382 "toke.l"
 {
 			    if (!ipv6_valid(yytext)) {
 				LEXTRACE("ERROR ");
@@ -2069,7 +2068,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 33:
 YY_RULE_SETUP
-#line 394 "toke.l"
+#line 393 "toke.l"
 {
 			    if (strcmp(yytext, "ALL") == 0) {
 				LEXTRACE("ALL ");
@@ -2094,7 +2093,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 34:
 YY_RULE_SETUP
-#line 416 "toke.l"
+#line 415 "toke.l"
 {
 			    /* no command args allowed for Defaults!/path */
 			    if (!fill_cmnd(yytext, yyleng))
@@ -2105,7 +2104,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 35:
 YY_RULE_SETUP
-#line 424 "toke.l"
+#line 423 "toke.l"
 {
 			    BEGIN GOTCMND;
 			    LEXTRACE("COMMAND ");
@@ -2115,7 +2114,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 36:
 YY_RULE_SETUP
-#line 431 "toke.l"
+#line 430 "toke.l"
 {
 			    /* directories can't have args... */
 			    if (yytext[yyleng - 1] == '/') {
@@ -2133,7 +2132,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 37:
 YY_RULE_SETUP
-#line 446 "toke.l"
+#line 445 "toke.l"
 {
 			    /* a quoted user/group name */
 			    if (!fill(yytext + 1, yyleng - 2))
@@ -2153,7 +2152,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 38:
 YY_RULE_SETUP
-#line 463 "toke.l"
+#line 462 "toke.l"
 {
 			    /* a word */
 			    if (!fill(yytext, yyleng))
@@ -2164,7 +2163,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 39:
 YY_RULE_SETUP
-#line 471 "toke.l"
+#line 470 "toke.l"
 {
 			    LEXTRACE("( ");
 			    return ('(');
@@ -2172,7 +2171,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 40:
 YY_RULE_SETUP
-#line 476 "toke.l"
+#line 475 "toke.l"
 {
 			    LEXTRACE(") ");
 			    return(')');
@@ -2180,7 +2179,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 41:
 YY_RULE_SETUP
-#line 481 "toke.l"
+#line 480 "toke.l"
 {
 			    LEXTRACE(", ");
 			    return(',');
@@ -2188,7 +2187,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 42:
 YY_RULE_SETUP
-#line 486 "toke.l"
+#line 485 "toke.l"
 {
 			    LEXTRACE("= ");
 			    return('=');
@@ -2196,7 +2195,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 43:
 YY_RULE_SETUP
-#line 491 "toke.l"
+#line 490 "toke.l"
 {
 			    LEXTRACE(": ");
 			    return(':');
@@ -2204,7 +2203,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 44:
 YY_RULE_SETUP
-#line 496 "toke.l"
+#line 495 "toke.l"
 {
 			    if (yyleng % 2 == 1)
 				return('!');	/* return '!' */
@@ -2212,7 +2211,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 45:
 YY_RULE_SETUP
-#line 501 "toke.l"
+#line 500 "toke.l"
 {
 			    BEGIN INITIAL;
 			    ++sudolineno;
@@ -2222,14 +2221,14 @@ YY_RULE_SETUP
 	YY_BREAK
 case 46:
 YY_RULE_SETUP
-#line 508 "toke.l"
+#line 507 "toke.l"
 {			/* throw away space/tabs */
 			    sawspace = TRUE;	/* but remember for fill_args */
 			}
 	YY_BREAK
 case 47:
 YY_RULE_SETUP
-#line 512 "toke.l"
+#line 511 "toke.l"
 {
 			    sawspace = TRUE;	/* remember for fill_args */
 			    ++sudolineno;
@@ -2238,7 +2237,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 48:
 YY_RULE_SETUP
-#line 518 "toke.l"
+#line 517 "toke.l"
 {
 			    BEGIN INITIAL;
 			    ++sudolineno;
@@ -2248,7 +2247,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 49:
 YY_RULE_SETUP
-#line 525 "toke.l"
+#line 524 "toke.l"
 {
 			    LEXTRACE("ERROR ");
 			    return(ERROR);
@@ -2260,7 +2259,7 @@ case YY_STATE_EOF(GOTCMND):
 case YY_STATE_EOF(STARTDEFS):
 case YY_STATE_EOF(INDEFS):
 case YY_STATE_EOF(INSTR):
-#line 530 "toke.l"
+#line 529 "toke.l"
 {
 			    if (YY_START != INITIAL) {
 			    	BEGIN INITIAL;
@@ -2273,10 +2272,10 @@ case YY_STATE_EOF(INSTR):
 	YY_BREAK
 case 50:
 YY_RULE_SETUP
-#line 540 "toke.l"
+#line 539 "toke.l"
 ECHO;
 	YY_BREAK
-#line 2280 "lex.yy.c"
+#line 2279 "lex.yy.c"
 
 	case YY_END_OF_BUFFER:
 		{
@@ -3165,7 +3164,7 @@ int main()
 	return 0;
 	}
 #endif
-#line 540 "toke.l"
+#line 539 "toke.l"
 
 static unsigned char
 hexchar(s)

plugins/sudoers/toke.l

@@ -39,11 +39,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

plugins/sudoers/tsgetgrpw.c

@@ -38,11 +38,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #include <fcntl.h>
 #include <limits.h>
 #include <pwd.h>

plugins/sudoers/visudo.c

@@ -51,11 +51,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/Makefile.in

@@ -105,7 +105,6 @@ sesh: sesh.o
 
 # Dependencies
 # XXX - SUDODEP is overkill for some of these
-aix.o: $(srcdir)/aix.c $(top_builddir)/config.h $(incdir)/compat.h
 conversation.o: $(srcdir)/conversation.c $(SUDODEP)
 error.o: $(srcdir)/error.c $(incdir)/compat.h $(incdir)/error.h $(top_builddir)/config.h
 exec.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h

src/conversation.c

@@ -36,11 +36,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/exec.c

@@ -36,15 +36,11 @@
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-#  include <memory.h>
-# endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/exec_pty.c

@@ -39,11 +39,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/get_pty.c

@@ -34,11 +34,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/load_plugins.c

@@ -30,11 +30,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/parse_args.c

@@ -33,15 +33,11 @@
 # endif
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-#  include <memory.h>
-# endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/sudo.c

@@ -46,11 +46,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */
@@ -72,6 +71,9 @@
 #ifdef HAVE_SELINUX
 # include <selinux/selinux.h>
 #endif
+#ifdef HAVE_SETAUTHDB
+# include <usersec.h>
+#endif /* HAVE_SETAUTHDB */
 
 #include "sudo.h"
 #include "sudo_plugin.h"
@@ -645,7 +647,13 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
     int rval = FALSE;
     struct passwd *pw;
 
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb(IDtouser(details->euid));
+#endif
     pw = getpwuid(details->euid);
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
 
     /* Call policy plugin's session init before other setup occurs. */
     if (policy_plugin.u.policy->init_session) {
@@ -664,7 +672,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
 
     if (pw != NULL) {
 #ifdef HAVE_GETUSERATTR
-	aix_setlimits(pw->pw_name);
+	aix_prep_user(pw->pw_name, ptyname ? ptyname : user_details.tty);
 #endif
 #ifdef HAVE_LOGIN_CAP_H
 	if (details->login_class) {

src/sudo.h

@@ -216,6 +216,11 @@ int selinux_setup(const char *role, const char *type, const char *ttyn,
     int ttyfd);
 void selinux_execve(const char *path, char *argv[], char *envp[]);
 
+/* aix.c */
+void aix_prep_user(char *user, const char *tty);
+void aix_restoreauthdb(void);
+void aix_setauthdb(char *user);
+
 #ifndef errno
 extern int errno;
 #endif

src/sudo_edit.c

@@ -35,11 +35,10 @@
 #endif /* STDC_HEADERS */
 #ifdef HAVE_STRING_H
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */

src/tgetpass.c

@@ -41,11 +41,10 @@
 #  include <memory.h>
 # endif
 # include <string.h>
-#else
+#endif /* HAVE_STRING_H */
 #ifdef HAVE_STRINGS_H
 # include <strings.h>
-# endif
-#endif /* HAVE_STRING_H */
+#endif /* HAVE_STRINGS_H */
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif /* HAVE_UNISTD_H */