isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Display warning/error messages in the user's locale.

Browse Source
This commit is contained in:
Todd C. Miller
2012-11-08 15:37:44 -05:00
parent f454a852cb
commit 595d3b2651
31 changed files with 331 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
common/sudo_conf.c
View File

@@ -302,20 +302,20 @@ sudo_conf_read(void)
case SUDO_PATH_MISSING: case SUDO_PATH_MISSING:
/* Root should always be able to read sudo.conf. */ /* Root should always be able to read sudo.conf. */
if (errno != ENOENT && geteuid() == ROOT_UID) if (errno != ENOENT && geteuid() == ROOT_UID)
warning(_("unable to stat %s"), _PATH_SUDO_CONF); warning(N_("unable to stat %s"), _PATH_SUDO_CONF);
goto done; goto done;
case SUDO_PATH_BAD_TYPE: case SUDO_PATH_BAD_TYPE:
warningx(_("%s is not a regular file"), _PATH_SUDO_CONF); warningx(N_("%s is not a regular file"), _PATH_SUDO_CONF);
goto done; goto done;
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
warningx(_("%s is owned by uid %u, should be %u"), warningx(N_("%s is owned by uid %u, should be %u"),
_PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID); _PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID);
goto done; goto done;
case SUDO_PATH_WORLD_WRITABLE: case SUDO_PATH_WORLD_WRITABLE:
warningx(_("%s is world writable"), _PATH_SUDO_CONF); warningx(N_("%s is world writable"), _PATH_SUDO_CONF);
goto done; goto done;
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
warningx(_("%s is group writable"), _PATH_SUDO_CONF); warningx(N_("%s is group writable"), _PATH_SUDO_CONF);
goto done; goto done;
default: default:
/* NOTREACHED */ /* NOTREACHED */
@@ -324,7 +324,7 @@ sudo_conf_read(void)
if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) { if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) {
if (errno != ENOENT && geteuid() == ROOT_UID) if (errno != ENOENT && geteuid() == ROOT_UID)
warning(_("unable to open %s"), _PATH_SUDO_CONF); warning(N_("unable to open %s"), _PATH_SUDO_CONF);
goto done; goto done;
} }

14
plugins/sudoers/auth/fwtk.c
View File

@@ -57,22 +57,22 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth)
debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH) debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH)
if ((confp = cfg_read("sudo")) == (Cfg *)-1) { if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
warningx(_("unable to read fwtk config")); warningx(N_("unable to read fwtk config"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
if (auth_open(confp)) { if (auth_open(confp)) {
warningx(_("unable to connect to authentication server")); warningx(N_("unable to connect to authentication server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
/* Get welcome message from auth server */ /* Get welcome message from auth server */
if (auth_recv(resp, sizeof(resp))) { if (auth_recv(resp, sizeof(resp))) {
warningx(_("lost connection to authentication server")); warningx(N_("lost connection to authentication server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
if (strncmp(resp, "Authsrv ready", 13) != 0) { if (strncmp(resp, "Authsrv ready", 13) != 0) {
warningx(_("authentication server error:\n%s"), resp); warningx(N_("authentication server error:\n%s"), resp);
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -92,7 +92,7 @@ sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
restart: restart:
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
warningx(_("lost connection to authentication server")); warningx(N_("lost connection to authentication server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -125,7 +125,7 @@ restart:
/* Send the user's response to the server */ /* Send the user's response to the server */
(void) snprintf(buf, sizeof(buf), "response '%s'", pass); (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
warningx(_("lost connection to authentication server")); warningx(N_("lost connection to authentication server"));
error = AUTH_FATAL; error = AUTH_FATAL;
goto done; goto done;
} }
@@ -137,7 +137,7 @@ restart:
/* Main loop prints "Permission Denied" or insult. */ /* Main loop prints "Permission Denied" or insult. */
if (strcmp(resp, "Permission Denied.") != 0) if (strcmp(resp, "Permission Denied.") != 0)
warningx("%s", resp); warningx(N"%s", resp);
error = AUTH_FAILURE; error = AUTH_FAILURE;
done: done:
zero_bytes(pass, strlen(pass)); zero_bytes(pass, strlen(pass));

2
plugins/sudoers/auth/rfc1938.c
View File

@@ -101,7 +101,7 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
*/ */
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) { if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
if (IS_ONEANDONLY(auth)) { if (IS_ONEANDONLY(auth)) {
warningx(_("you do not exist in the %s database"), auth->name); warningx(N_("you do not exist in the %s database"), auth->name);
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} else { } else {
debug_return_int(AUTH_FAILURE); debug_return_int(AUTH_FAILURE);

22
plugins/sudoers/auth/securid5.c
View File

@@ -78,7 +78,7 @@ sudo_securid_init(struct passwd *pw, sudo_auth *auth)
if (AceInitialize() != SD_FALSE) if (AceInitialize() != SD_FALSE)
debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_SUCCESS);
warningx(_("failed to initialise the ACE API library")); warningx(N_("failed to initialise the ACE API library"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -104,7 +104,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
/* Re-initialize SecurID every time. */ /* Re-initialize SecurID every time. */
if (SD_Init(sd) != ACM_OK) { if (SD_Init(sd) != ACM_OK) {
warningx(_("unable to contact the SecurID server")); warningx(N_("unable to contact the SecurID server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -113,23 +113,23 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
switch (retval) { switch (retval) {
case ACM_OK: case ACM_OK:
warningx(_("User ID locked for SecurID Authentication")); warningx(N_("User ID locked for SecurID Authentication"));
debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_SUCCESS);
case ACE_UNDEFINED_USERNAME: case ACE_UNDEFINED_USERNAME:
warningx(_("invalid username length for SecurID")); warningx(N_("invalid username length for SecurID"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
case ACE_ERR_INVALID_HANDLE: case ACE_ERR_INVALID_HANDLE:
warningx(_("invalid Authentication Handle for SecurID")); warningx(N_("invalid Authentication Handle for SecurID"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
case ACM_ACCESS_DENIED: case ACM_ACCESS_DENIED:
warningx(_("SecurID communication failed")); warningx(N_("SecurID communication failed"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
default: default:
warningx(_("unknown SecurID error")); warningx(N_("unknown SecurID error"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
} }
@@ -163,17 +163,17 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth)
break; break;
case ACE_UNDEFINED_PASSCODE: case ACE_UNDEFINED_PASSCODE:
warningx(_("invalid passcode length for SecurID")); warningx(N_("invalid passcode length for SecurID"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
case ACE_UNDEFINED_USERNAME: case ACE_UNDEFINED_USERNAME:
warningx(_("invalid username length for SecurID")); warningx(N_("invalid username length for SecurID"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
case ACE_ERR_INVALID_HANDLE: case ACE_ERR_INVALID_HANDLE:
warningx(_("invalid Authentication Handle for SecurID")); warningx(N_("invalid Authentication Handle for SecurID"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
@@ -212,7 +212,7 @@ then enter the new token code.\n", \
break; break;
default: default:
warningx(_("unknown SecurID error")); warningx(N_("unknown SecurID error"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
} }

44
plugins/sudoers/defaults.c
View File

@@ -205,7 +205,7 @@ set_default(char *var, char *val, int op)
break; break;
} }
if (!cur->name) { if (!cur->name) {
warningx(_("unknown defaults entry `%s'"), var); warningx(N_("unknown defaults entry `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
@@ -213,20 +213,20 @@ set_default(char *var, char *val, int op)
case T_LOGFAC: case T_LOGFAC:
if (!store_syslogfac(val, cur, op)) { if (!store_syslogfac(val, cur, op)) {
if (val) if (val)
warningx(_("value `%s' is invalid for option `%s'"), warningx(N_("value `%s' is invalid for option `%s'"),
val, var); val, var);
else else
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
case T_LOGPRI: case T_LOGPRI:
if (!store_syslogpri(val, cur, op)) { if (!store_syslogpri(val, cur, op)) {
if (val) if (val)
warningx(_("value `%s' is invalid for option `%s'"), warningx(N_("value `%s' is invalid for option `%s'"),
val, var); val, var);
else else
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -234,16 +234,16 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (ISSET(cur->type, T_PATH) && val && *val != '/') { if (ISSET(cur->type, T_PATH) && val && *val != '/') {
warningx(_("values for `%s' must start with a '/'"), var); warningx(N_("values for `%s' must start with a '/'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
if (!store_str(val, cur, op)) { if (!store_str(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -251,12 +251,12 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_int(val, cur, op)) { if (!store_int(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -264,12 +264,12 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_uint(val, cur, op)) { if (!store_uint(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -277,12 +277,12 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_float(val, cur, op)) { if (!store_float(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -290,18 +290,18 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_mode(val, cur, op)) { if (!store_mode(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
case T_FLAG: case T_FLAG:
if (val) { if (val) {
warningx(_("option `%s' does not take a value"), var); warningx(N_("option `%s' does not take a value"), var);
debug_return_bool(false); debug_return_bool(false);
} }
cur->sd_un.flag = op; cur->sd_un.flag = op;
@@ -310,22 +310,22 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_list(val, cur, op)) { if (!store_list(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
case T_TUPLE: case T_TUPLE:
if (!val && !ISSET(cur->type, T_BOOL)) { if (!val && !ISSET(cur->type, T_BOOL)) {
warningx(_("no value specified for `%s'"), var); warningx(N_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
if (!store_tuple(val, cur, op)) { if (!store_tuple(val, cur, op)) {
warningx(_("value `%s' is invalid for option `%s'"), val, var); warningx(N_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -580,7 +580,7 @@ check_defaults(int what, bool quiet)
} }
if (cur->name == NULL) { if (cur->name == NULL) {
if (!quiet) if (!quiet)
warningx(_("unknown defaults entry `%s'"), def->var); warningx(N_("unknown defaults entry `%s'"), def->var);
rc = false; rc = false;
} }
} }

187
plugins/sudoers/gram.c
View File

@@ -147,14 +147,15 @@ sudoerserror(const char *s)
if (sudoers_warnings && s != NULL) { if (sudoers_warnings && s != NULL) {
LEXTRACE("<*> "); LEXTRACE("<*> ");
#ifndef TRACELEXER #ifndef TRACELEXER
/* XXX 's' will be in sudoers locale, not user's */
if (trace_print == NULL || trace_print == sudoers_trace_print) if (trace_print == NULL || trace_print == sudoers_trace_print)
warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); warningx(N_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
#endif #endif
} }
parse_error = true; parse_error = true;
debug_return; debug_return;
} }
#line 121 "gram.y" #line 122 "gram.y"
#ifndef YYSTYPE_DEFINED #ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED #define YYSTYPE_DEFINED
typedef union { typedef union {
@@ -171,7 +172,7 @@ typedef union {
int tok; int tok;
} YYSTYPE; } YYSTYPE;
#endif /* YYSTYPE_DEFINED */ #endif /* YYSTYPE_DEFINED */
#line 174 "gram.c" #line 175 "gram.c"
#define COMMAND 257 #define COMMAND 257
#define ALIAS 258 #define ALIAS 258
#define DEFVAR 259 #define DEFVAR 259
@@ -698,7 +699,7 @@ short *yyss;
short *yysslim; short *yysslim;
YYSTYPE *yyvs; YYSTYPE *yyvs;
int yystacksize; int yystacksize;
#line 673 "gram.y" #line 674 "gram.y"
static struct defaults * static struct defaults *
new_default(char *var, char *val, int op) new_default(char *var, char *val, int op)
{ {
@@ -901,7 +902,7 @@ init_parser(const char *path, bool quiet)
debug_return; debug_return;
} }
#line 852 "gram.c" #line 853 "gram.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */ /* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__) #if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void) static int yygrowstack(void)
@@ -1104,127 +1105,127 @@ yyreduce:
switch (yyn) switch (yyn)
{ {
case 1: case 1:
#line 203 "gram.y" #line 204 "gram.y"
{ ; } { ; }
break; break;
case 5: case 5:
#line 211 "gram.y" #line 212 "gram.y"
{ {
; ;
} }
break; break;
case 6: case 6:
#line 214 "gram.y" #line 215 "gram.y"
{ {
yyerrok; yyerrok;
} }
break; break;
case 7: case 7:
#line 217 "gram.y" #line 218 "gram.y"
{ {
add_userspec(yyvsp[-1].member, yyvsp[0].privilege); add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
} }
break; break;
case 8: case 8:
#line 220 "gram.y" #line 221 "gram.y"
{ {
; ;
} }
break; break;
case 9: case 9:
#line 223 "gram.y" #line 224 "gram.y"
{ {
; ;
} }
break; break;
case 10: case 10:
#line 226 "gram.y" #line 227 "gram.y"
{ {
; ;
} }
break; break;
case 11: case 11:
#line 229 "gram.y" #line 230 "gram.y"
{ {
; ;
} }
break; break;
case 12: case 12:
#line 232 "gram.y" #line 233 "gram.y"
{ {
add_defaults(DEFAULTS, NULL, yyvsp[0].defaults); add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
} }
break; break;
case 13: case 13:
#line 235 "gram.y" #line 236 "gram.y"
{ {
add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults); add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
} }
break; break;
case 14: case 14:
#line 238 "gram.y" #line 239 "gram.y"
{ {
add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults); add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
} }
break; break;
case 15: case 15:
#line 241 "gram.y" #line 242 "gram.y"
{ {
add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults); add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
} }
break; break;
case 16: case 16:
#line 244 "gram.y" #line 245 "gram.y"
{ {
add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults); add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
} }
break; break;
case 18: case 18:
#line 250 "gram.y" #line 251 "gram.y"
{ {
list_append(yyvsp[-2].defaults, yyvsp[0].defaults); list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
yyval.defaults = yyvsp[-2].defaults; yyval.defaults = yyvsp[-2].defaults;
} }
break; break;
case 19: case 19:
#line 256 "gram.y" #line 257 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[0].string, NULL, true); yyval.defaults = new_default(yyvsp[0].string, NULL, true);
} }
break; break;
case 20: case 20:
#line 259 "gram.y" #line 260 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[0].string, NULL, false); yyval.defaults = new_default(yyvsp[0].string, NULL, false);
} }
break; break;
case 21: case 21:
#line 262 "gram.y" #line 263 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true); yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
} }
break; break;
case 22: case 22:
#line 265 "gram.y" #line 266 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+'); yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
} }
break; break;
case 23: case 23:
#line 268 "gram.y" #line 269 "gram.y"
{ {
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-'); yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
} }
break; break;
case 25: case 25:
#line 274 "gram.y" #line 275 "gram.y"
{ {
list_append(yyvsp[-2].privilege, yyvsp[0].privilege); list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
yyval.privilege = yyvsp[-2].privilege; yyval.privilege = yyvsp[-2].privilege;
} }
break; break;
case 26: case 26:
#line 280 "gram.y" #line 281 "gram.y"
{ {
struct privilege *p = ecalloc(1, sizeof(*p)); struct privilege *p = ecalloc(1, sizeof(*p));
list2tq(&p->hostlist, yyvsp[-2].member); list2tq(&p->hostlist, yyvsp[-2].member);
@@ -1235,51 +1236,51 @@ case 26:
} }
break; break;
case 27: case 27:
#line 290 "gram.y" #line 291 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 28: case 28:
#line 294 "gram.y" #line 295 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 29: case 29:
#line 300 "gram.y" #line 301 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
} }
break; break;
case 30: case 30:
#line 303 "gram.y" #line 304 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
} }
break; break;
case 31: case 31:
#line 306 "gram.y" #line 307 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, NETGROUP); yyval.member = new_member(yyvsp[0].string, NETGROUP);
} }
break; break;
case 32: case 32:
#line 309 "gram.y" #line 310 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, NTWKADDR); yyval.member = new_member(yyvsp[0].string, NTWKADDR);
} }
break; break;
case 33: case 33:
#line 312 "gram.y" #line 313 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, WORD); yyval.member = new_member(yyvsp[0].string, WORD);
} }
break; break;
case 35: case 35:
#line 318 "gram.y" #line 319 "gram.y"
{ {
list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec); list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
@@ -1319,7 +1320,7 @@ case 35:
} }
break; break;
case 36: case 36:
#line 357 "gram.y" #line 358 "gram.y"
{ {
struct cmndspec *cs = ecalloc(1, sizeof(*cs)); struct cmndspec *cs = ecalloc(1, sizeof(*cs));
if (yyvsp[-4].runas != NULL) { if (yyvsp[-4].runas != NULL) {
@@ -1350,127 +1351,127 @@ case 36:
} }
break; break;
case 37: case 37:
#line 387 "gram.y" #line 388 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 38: case 38:
#line 391 "gram.y" #line 392 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 39: case 39:
#line 397 "gram.y" #line 398 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 40: case 40:
#line 402 "gram.y" #line 403 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 41: case 41:
#line 407 "gram.y" #line 408 "gram.y"
{ {
yyval.seinfo.role = NULL; yyval.seinfo.role = NULL;
yyval.seinfo.type = NULL; yyval.seinfo.type = NULL;
} }
break; break;
case 42: case 42:
#line 411 "gram.y" #line 412 "gram.y"
{ {
yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.role = yyvsp[0].string;
yyval.seinfo.type = NULL; yyval.seinfo.type = NULL;
} }
break; break;
case 43: case 43:
#line 415 "gram.y" #line 416 "gram.y"
{ {
yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.type = yyvsp[0].string;
yyval.seinfo.role = NULL; yyval.seinfo.role = NULL;
} }
break; break;
case 44: case 44:
#line 419 "gram.y" #line 420 "gram.y"
{ {
yyval.seinfo.role = yyvsp[-1].string; yyval.seinfo.role = yyvsp[-1].string;
yyval.seinfo.type = yyvsp[0].string; yyval.seinfo.type = yyvsp[0].string;
} }
break; break;
case 45: case 45:
#line 423 "gram.y" #line 424 "gram.y"
{ {
yyval.seinfo.type = yyvsp[-1].string; yyval.seinfo.type = yyvsp[-1].string;
yyval.seinfo.role = yyvsp[0].string; yyval.seinfo.role = yyvsp[0].string;
} }
break; break;
case 46: case 46:
#line 429 "gram.y" #line 430 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 47: case 47:
#line 433 "gram.y" #line 434 "gram.y"
{ {
yyval.string = yyvsp[0].string; yyval.string = yyvsp[0].string;
} }
break; break;
case 48: case 48:
#line 438 "gram.y" #line 439 "gram.y"
{ {
yyval.privinfo.privs = NULL; yyval.privinfo.privs = NULL;
yyval.privinfo.limitprivs = NULL; yyval.privinfo.limitprivs = NULL;
} }
break; break;
case 49: case 49:
#line 442 "gram.y" #line 443 "gram.y"
{ {
yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.privs = yyvsp[0].string;
yyval.privinfo.limitprivs = NULL; yyval.privinfo.limitprivs = NULL;
} }
break; break;
case 50: case 50:
#line 446 "gram.y" #line 447 "gram.y"
{ {
yyval.privinfo.privs = NULL; yyval.privinfo.privs = NULL;
yyval.privinfo.limitprivs = yyvsp[0].string; yyval.privinfo.limitprivs = yyvsp[0].string;
} }
break; break;
case 51: case 51:
#line 450 "gram.y" #line 451 "gram.y"
{ {
yyval.privinfo.privs = yyvsp[-1].string; yyval.privinfo.privs = yyvsp[-1].string;
yyval.privinfo.limitprivs = yyvsp[0].string; yyval.privinfo.limitprivs = yyvsp[0].string;
} }
break; break;
case 52: case 52:
#line 454 "gram.y" #line 455 "gram.y"
{ {
yyval.privinfo.limitprivs = yyvsp[-1].string; yyval.privinfo.limitprivs = yyvsp[-1].string;
yyval.privinfo.privs = yyvsp[0].string; yyval.privinfo.privs = yyvsp[0].string;
} }
break; break;
case 53: case 53:
#line 459 "gram.y" #line 460 "gram.y"
{ {
yyval.runas = NULL; yyval.runas = NULL;
} }
break; break;
case 54: case 54:
#line 462 "gram.y" #line 463 "gram.y"
{ {
yyval.runas = yyvsp[-1].runas; yyval.runas = yyvsp[-1].runas;
} }
break; break;
case 55: case 55:
#line 467 "gram.y" #line 468 "gram.y"
{ {
yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = new_member(NULL, MYSELF); yyval.runas->runasusers = new_member(NULL, MYSELF);
@@ -1478,7 +1479,7 @@ case 55:
} }
break; break;
case 56: case 56:
#line 472 "gram.y" #line 473 "gram.y"
{ {
yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[0].member; yyval.runas->runasusers = yyvsp[0].member;
@@ -1486,7 +1487,7 @@ case 56:
} }
break; break;
case 57: case 57:
#line 477 "gram.y" #line 478 "gram.y"
{ {
yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[-2].member; yyval.runas->runasusers = yyvsp[-2].member;
@@ -1494,7 +1495,7 @@ case 57:
} }
break; break;
case 58: case 58:
#line 482 "gram.y" #line 483 "gram.y"
{ {
yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas = ecalloc(1, sizeof(struct runascontainer));
/* $$->runasusers = NULL; */ /* $$->runasusers = NULL; */
@@ -1502,7 +1503,7 @@ case 58:
} }
break; break;
case 59: case 59:
#line 487 "gram.y" #line 488 "gram.y"
{ {
yyval.runas = ecalloc(1, sizeof(struct runascontainer)); yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = new_member(NULL, MYSELF); yyval.runas->runasusers = new_member(NULL, MYSELF);
@@ -1510,86 +1511,86 @@ case 59:
} }
break; break;
case 60: case 60:
#line 494 "gram.y" #line 495 "gram.y"
{ {
yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv = yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
yyval.tag.log_input = yyval.tag.log_output = UNSPEC; yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
} }
break; break;
case 61: case 61:
#line 498 "gram.y" #line 499 "gram.y"
{ {
yyval.tag.nopasswd = true; yyval.tag.nopasswd = true;
} }
break; break;
case 62: case 62:
#line 501 "gram.y" #line 502 "gram.y"
{ {
yyval.tag.nopasswd = false; yyval.tag.nopasswd = false;
} }
break; break;
case 63: case 63:
#line 504 "gram.y" #line 505 "gram.y"
{ {
yyval.tag.noexec = true; yyval.tag.noexec = true;
} }
break; break;
case 64: case 64:
#line 507 "gram.y" #line 508 "gram.y"
{ {
yyval.tag.noexec = false; yyval.tag.noexec = false;
} }
break; break;
case 65: case 65:
#line 510 "gram.y" #line 511 "gram.y"
{ {
yyval.tag.setenv = true; yyval.tag.setenv = true;
} }
break; break;
case 66: case 66:
#line 513 "gram.y" #line 514 "gram.y"
{ {
yyval.tag.setenv = false; yyval.tag.setenv = false;
} }
break; break;
case 67: case 67:
#line 516 "gram.y" #line 517 "gram.y"
{ {
yyval.tag.log_input = true; yyval.tag.log_input = true;
} }
break; break;
case 68: case 68:
#line 519 "gram.y" #line 520 "gram.y"
{ {
yyval.tag.log_input = false; yyval.tag.log_input = false;
} }
break; break;
case 69: case 69:
#line 522 "gram.y" #line 523 "gram.y"
{ {
yyval.tag.log_output = true; yyval.tag.log_output = true;
} }
break; break;
case 70: case 70:
#line 525 "gram.y" #line 526 "gram.y"
{ {
yyval.tag.log_output = false; yyval.tag.log_output = false;
} }
break; break;
case 71: case 71:
#line 530 "gram.y" #line 531 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
} }
break; break;
case 72: case 72:
#line 533 "gram.y" #line 534 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
} }
break; break;
case 73: case 73:
#line 536 "gram.y" #line 537 "gram.y"
{ {
struct sudo_command *c = ecalloc(1, sizeof(*c)); struct sudo_command *c = ecalloc(1, sizeof(*c));
c->cmnd = yyvsp[0].command.cmnd; c->cmnd = yyvsp[0].command.cmnd;
@@ -1598,7 +1599,7 @@ case 73:
} }
break; break;
case 76: case 76:
#line 548 "gram.y" #line 549 "gram.y"
{ {
char *s; char *s;
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
@@ -1608,14 +1609,14 @@ case 76:
} }
break; break;
case 78: case 78:
#line 558 "gram.y" #line 559 "gram.y"
{ {
list_append(yyvsp[-2].member, yyvsp[0].member); list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 81: case 81:
#line 568 "gram.y" #line 569 "gram.y"
{ {
char *s; char *s;
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
@@ -1625,14 +1626,14 @@ case 81:
} }
break; break;
case 83: case 83:
#line 578 "gram.y" #line 579 "gram.y"
{ {
list_append(yyvsp[-2].member, yyvsp[0].member); list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 86: case 86:
#line 588 "gram.y" #line 589 "gram.y"
{ {
char *s; char *s;
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
@@ -1642,7 +1643,7 @@ case 86:
} }
break; break;
case 89: case 89:
#line 601 "gram.y" #line 602 "gram.y"
{ {
char *s; char *s;
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) { if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
@@ -1652,96 +1653,96 @@ case 89:
} }
break; break;
case 91: case 91:
#line 611 "gram.y" #line 612 "gram.y"
{ {
list_append(yyvsp[-2].member, yyvsp[0].member); list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 92: case 92:
#line 617 "gram.y" #line 618 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 93: case 93:
#line 621 "gram.y" #line 622 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 94: case 94:
#line 627 "gram.y" #line 628 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
} }
break; break;
case 95: case 95:
#line 630 "gram.y" #line 631 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
} }
break; break;
case 96: case 96:
#line 633 "gram.y" #line 634 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, NETGROUP); yyval.member = new_member(yyvsp[0].string, NETGROUP);
} }
break; break;
case 97: case 97:
#line 636 "gram.y" #line 637 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, USERGROUP); yyval.member = new_member(yyvsp[0].string, USERGROUP);
} }
break; break;
case 98: case 98:
#line 639 "gram.y" #line 640 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, WORD); yyval.member = new_member(yyvsp[0].string, WORD);
} }
break; break;
case 100: case 100:
#line 645 "gram.y" #line 646 "gram.y"
{ {
list_append(yyvsp[-2].member, yyvsp[0].member); list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member; yyval.member = yyvsp[-2].member;
} }
break; break;
case 101: case 101:
#line 651 "gram.y" #line 652 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = false; yyval.member->negated = false;
} }
break; break;
case 102: case 102:
#line 655 "gram.y" #line 656 "gram.y"
{ {
yyval.member = yyvsp[0].member; yyval.member = yyvsp[0].member;
yyval.member->negated = true; yyval.member->negated = true;
} }
break; break;
case 103: case 103:
#line 661 "gram.y" #line 662 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, ALIAS); yyval.member = new_member(yyvsp[0].string, ALIAS);
} }
break; break;
case 104: case 104:
#line 664 "gram.y" #line 665 "gram.y"
{ {
yyval.member = new_member(NULL, ALL); yyval.member = new_member(NULL, ALL);
} }
break; break;
case 105: case 105:
#line 667 "gram.y" #line 668 "gram.y"
{ {
yyval.member = new_member(yyvsp[0].string, WORD); yyval.member = new_member(yyvsp[0].string, WORD);
} }
break; break;
#line 1692 "gram.c" #line 1693 "gram.c"
} }
yyssp -= yym; yyssp -= yym;
yystate = *yyssp; yystate = *yyssp;

3
plugins/sudoers/gram.y
View File

@@ -109,8 +109,9 @@ sudoerserror(const char *s)
if (sudoers_warnings && s != NULL) { if (sudoers_warnings && s != NULL) {
LEXTRACE("<*> "); LEXTRACE("<*> ");
#ifndef TRACELEXER #ifndef TRACELEXER
/* XXX 's' will be in sudoers locale, not user's */
if (trace_print == NULL || trace_print == sudoers_trace_print) if (trace_print == NULL || trace_print == sudoers_trace_print)
warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno); warningx(N_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
#endif #endif
} }
parse_error = true; parse_error = true;

12
plugins/sudoers/group_plugin.c
View File

@@ -88,7 +88,7 @@ group_plugin_load(char *plugin_info)
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info); (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
} }
if (len <= 0 || len >= sizeof(path)) { if (len <= 0 || len >= sizeof(path)) {
warningx(_("%s%s: %s"), warningx(N_("%s%s: %s"),
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info, (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info,
strerror(ENAMETOOLONG)); strerror(ENAMETOOLONG));
goto done; goto done;
@@ -100,28 +100,28 @@ group_plugin_load(char *plugin_info)
goto done; goto done;
} }
if (sb.st_uid != ROOT_UID) { if (sb.st_uid != ROOT_UID) {
warningx(_("%s must be owned by uid %d"), path, ROOT_UID); warningx(N_("%s must be owned by uid %d"), path, ROOT_UID);
goto done; goto done;
} }
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
warningx(_("%s must only be writable by owner"), path); warningx(N_("%s must only be writable by owner"), path);
goto done; goto done;
} }
/* Open plugin and map in symbol. */ /* Open plugin and map in symbol. */
group_handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL); group_handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
if (!group_handle) { if (!group_handle) {
warningx(_("unable to dlopen %s: %s"), path, dlerror()); warningx(N_("unable to dlopen %s: %s"), path, dlerror());
goto done; goto done;
} }
group_plugin = dlsym(group_handle, "group_plugin"); group_plugin = dlsym(group_handle, "group_plugin");
if (group_plugin == NULL) { if (group_plugin == NULL) {
warningx(_("unable to find symbol \"group_plugin\" in %s"), path); warningx(N_("unable to find symbol \"group_plugin\" in %s"), path);
goto done; goto done;
} }
if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) { if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) {
warningx(_("%s: incompatible group plugin major version %d, expected %d"), warningx(N_("%s: incompatible group plugin major version %d, expected %d"),
path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version), path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version),
GROUP_API_VERSION_MAJOR); GROUP_API_VERSION_MAJOR);
goto done; goto done;

24
plugins/sudoers/ldap.c
View File

@@ -437,7 +437,7 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list)
nldaps++; nldaps++;
host = uri + 8; host = uri + 8;
} else { } else {
warningx(_("unsupported LDAP uri type: %s"), uri); warningx(N_("unsupported LDAP uri type: %s"), uri);
goto done; goto done;
} }
@@ -466,17 +466,17 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list)
} }
} }
if (hostbuf[0] == '\0') { if (hostbuf[0] == '\0') {
warningx(_("invalid uri: %s"), uri_list->val); warningx(N_("invalid uri: %s"), uri_list->val);
goto done; goto done;
} }
if (nldaps != 0) { if (nldaps != 0) {
if (nldap != 0) { if (nldap != 0) {
warningx(_("unable to mix ldap and ldaps URIs")); warningx(N_("unable to mix ldap and ldaps URIs"));
goto done; goto done;
} }
if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
warningx(_("unable to mix ldaps and starttls")); warningx(N_("unable to mix ldaps and starttls"));
goto done; goto done;
} }
ldap_conf.ssl_mode = SUDO_LDAP_SSL; ldap_conf.ssl_mode = SUDO_LDAP_SSL;
@@ -569,10 +569,10 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
} }
} }
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
warningx(_("unable to initialize SSL cert and key db: %s"), warningx(N_("unable to initialize SSL cert and key db: %s"),
ldapssl_err2string(rc)); ldapssl_err2string(rc));
if (ldap_conf.tls_certfile == NULL) if (ldap_conf.tls_certfile == NULL)
warningx(_("you must set TLS_CERT in %s to use SSL"), warningx(N_("you must set TLS_CERT in %s to use SSL"),
_PATH_LDAP_CONF); _PATH_LDAP_CONF);
goto done; goto done;
} }
@@ -995,13 +995,13 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize)
/* Make sure we have a formatted timestamp for __now__. */ /* Make sure we have a formatted timestamp for __now__. */
time(&now); time(&now);
if ((tp = gmtime(&now)) == NULL) { if ((tp = gmtime(&now)) == NULL) {
warning(_("unable to get GMT time")); warning(N_("unable to get GMT time"));
goto done; goto done;
} }
/* Format the timestamp according to the RFC. */ /* Format the timestamp according to the RFC. */
if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) { if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) {
warningx(_("unable to format timestamp")); warningx(N_("unable to format timestamp"));
goto done; goto done;
} }
@@ -1009,7 +1009,7 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize)
bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))", bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))",
timebuffer, timebuffer); timebuffer, timebuffer);
if (bytes < 0 || bytes >= buffersize) { if (bytes < 0 || bytes >= buffersize) {
warning(_("unable to build time filter")); warning(N_("unable to build time filter"));
bytes = 0; bytes = 0;
} }
@@ -2252,7 +2252,7 @@ sudo_ldap_open(struct sudo_nss *nss)
rc = ldap_initialize(&ld, buf); rc = ldap_initialize(&ld, buf);
efree(buf); efree(buf);
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
warningx(_("unable to initialize LDAP: %s"), ldap_err2string(rc)); warningx(N_("unable to initialize LDAP: %s"), ldap_err2string(rc));
} else } else
#endif #endif
rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
@@ -2286,7 +2286,7 @@ sudo_ldap_open(struct sudo_nss *nss)
} }
DPRINTF(("ldap_start_tls_s_np() ok"), 1); DPRINTF(("ldap_start_tls_s_np() ok"), 1);
#else #else
warningx(_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()")); warningx(N_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"));
#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */ #endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
} }
@@ -2522,7 +2522,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry)
DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1); DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1);
order = strtod((*bv)->bv_val, &ep); order = strtod((*bv)->bv_val, &ep);
if (ep == (*bv)->bv_val || *ep != '\0') { if (ep == (*bv)->bv_val || *ep != '\0') {
warningx(_("invalid sudoOrder attribute: %s"), (*bv)->bv_val); warningx(N_("invalid sudoOrder attribute: %s"), (*bv)->bv_val);
order = 0.0; order = 0.0;
} }
DPRINTF(("order attribute: %f", order), 1); DPRINTF(("order attribute: %f", order), 1);

2
plugins/sudoers/linux_audit.c
View File

@@ -90,7 +90,7 @@ linux_audit_command(char *argv[], int result)
/* Log command, ignoring ECONNREFUSED on error. */ /* Log command, ignoring ECONNREFUSED on error. */
rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result); rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
if (rc <= 0 && errno != ECONNREFUSED) if (rc <= 0 && errno != ECONNREFUSED)
warning(_("unable to send audit message")); warning(N_("unable to send audit message"));
efree(command); efree(command);

4
plugins/sudoers/logging.c
View File

@@ -316,9 +316,9 @@ log_failure(int status, int flags)
* their path to just contain a single dir. * their path to just contain a single dir.
*/ */
if (flags == NOT_FOUND) if (flags == NOT_FOUND)
warningx(_("%s: command not found"), user_cmnd); warningx(N_("%s: command not found"), user_cmnd);
else if (flags == NOT_FOUND_DOT) else if (flags == NOT_FOUND_DOT)
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); warningx(N_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
} }
debug_return; debug_return;

15
plugins/sudoers/plugin_error.c
View File

@@ -23,10 +23,16 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <setjmp.h> #include <setjmp.h>
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# include "compat/stdbool.h"
#endif /* HAVE_STDBOOL_H */
#include "missing.h" #include "missing.h"
#include "alloc.h" #include "alloc.h"
#include "error.h" #include "error.h"
#include "logging.h"
#include "sudo_plugin.h" #include "sudo_plugin.h"
#define DEFAULT_TEXT_DOMAIN "sudoers" #define DEFAULT_TEXT_DOMAIN "sudoers"
@@ -116,9 +122,12 @@ _warning(int use_errno, const char *fmt, va_list ap)
struct sudo_conv_message msg[6]; struct sudo_conv_message msg[6];
struct sudo_conv_reply repl[6]; struct sudo_conv_reply repl[6];
char *str; char *str;
int nmsgs = 4; int oldlocale, nmsgs = 4;
evasprintf(&str, fmt, ap); /* Warnings are displayed in the user's locale. */
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
evasprintf(&str, _(fmt), ap);
/* Call conversation function */ /* Call conversation function */
memset(&msg, 0, sizeof(msg)); memset(&msg, 0, sizeof(msg));
@@ -140,4 +149,6 @@ _warning(int use_errno, const char *fmt, va_list ap)
memset(&repl, 0, sizeof(repl)); memset(&repl, 0, sizeof(repl));
sudo_conv(nmsgs, msg, repl); sudo_conv(nmsgs, msg, repl);
efree(str); efree(str);
sudoers_setlocale(oldlocale, NULL);
} }

4
plugins/sudoers/policy.c
View File

@@ -494,7 +494,7 @@ sudoers_policy_close(int exit_status, int error_code)
/* We do not currently log the exit status. */ /* We do not currently log the exit status. */
if (error_code) if (error_code)
warningx(_("unable to execute %s: %s"), safe_cmnd, strerror(error_code)); warningx(N_("unable to execute %s: %s"), safe_cmnd, strerror(error_code));
/* Close the session we opened in sudoers_policy_init_session(). */ /* Close the session we opened in sudoers_policy_init_session(). */
if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT)) if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT))
@@ -601,7 +601,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose,
if (list_user) { if (list_user) {
list_pw = sudo_getpwnam(list_user); list_pw = sudo_getpwnam(list_user);
if (list_pw == NULL) { if (list_pw == NULL) {
warningx(_("unknown user: %s"), list_user); warningx(N_("unknown user: %s"), list_user);
debug_return_bool(-1); debug_return_bool(-1);
} }
} }

14
plugins/sudoers/sssd.c
View File

@@ -248,14 +248,14 @@ static int sudo_sss_open(struct sudo_nss *nss)
/* Load symbols */ /* Load symbols */
handle->ssslib = dlopen(path, RTLD_LAZY); handle->ssslib = dlopen(path, RTLD_LAZY);
if (handle->ssslib == NULL) { if (handle->ssslib == NULL) {
warningx(_("Unable to dlopen %s: %s"), path, dlerror()); warningx(N_("Unable to dlopen %s: %s"), path, dlerror());
warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?")); warningx(N_("Unable to initialize SSS source. Is SSSD installed on your machine?"));
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv"); handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv");
if (handle->fn_send_recv == NULL) { if (handle->fn_send_recv == NULL) {
warningx(_("unable to find symbol \"%s\" in %s"), path, warningx(N_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_send_recv"); "sss_sudo_send_recv");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
@@ -263,28 +263,28 @@ static int sudo_sss_open(struct sudo_nss *nss)
handle->fn_send_recv_defaults = handle->fn_send_recv_defaults =
dlsym(handle->ssslib, "sss_sudo_send_recv_defaults"); dlsym(handle->ssslib, "sss_sudo_send_recv_defaults");
if (handle->fn_send_recv_defaults == NULL) { if (handle->fn_send_recv_defaults == NULL) {
warningx(_("unable to find symbol \"%s\" in %s"), path, warningx(N_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_send_recv_defaults"); "sss_sudo_send_recv_defaults");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result"); handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result");
if (handle->fn_free_result == NULL) { if (handle->fn_free_result == NULL) {
warningx(_("unable to find symbol \"%s\" in %s"), path, warningx(N_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_free_result"); "sss_sudo_free_result");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values"); handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values");
if (handle->fn_get_values == NULL) { if (handle->fn_get_values == NULL) {
warningx(_("unable to find symbol \"%s\" in %s"), path, warningx(N_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_get_values"); "sss_sudo_get_values");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values"); handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values");
if (handle->fn_free_values == NULL) { if (handle->fn_free_values == NULL) {
warningx(_("unable to find symbol \"%s\" in %s"), path, warningx(N_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_free_values"); "sss_sudo_free_values");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }

16
plugins/sudoers/sudoers.c
View File

@@ -168,7 +168,7 @@ sudoers_policy_init(void *info, char * const envp[])
} }
} }
if (sources == 0) { if (sources == 0) {
warningx(_("no valid sudoers sources found, quitting")); warningx(N_("no valid sudoers sources found, quitting"));
debug_return_bool(-1); debug_return_bool(-1);
} }
@@ -245,14 +245,14 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Is root even allowed to run sudo? */ /* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) { if (user_uid == 0 && !def_root_sudo) {
warningx(_("sudoers specifies that root is not allowed to sudo")); warningx(N_("sudoers specifies that root is not allowed to sudo"));
goto bad; goto bad;
} }
/* Check for -C overriding def_closefrom. */ /* Check for -C overriding def_closefrom. */
if (user_closefrom >= 0 && user_closefrom != def_closefrom) { if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
if (!def_closefrom_override) { if (!def_closefrom_override) {
warningx(_("you are not permitted to use the -C option")); warningx(N_("you are not permitted to use the -C option"));
goto bad; goto bad;
} }
def_closefrom = user_closefrom; def_closefrom = user_closefrom;
@@ -350,7 +350,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY); int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
if (fd == -1) { if (fd == -1) {
audit_failure(NewArgv, N_("no tty")); audit_failure(NewArgv, N_("no tty"));
warningx(_("sorry, you must have a tty to run sudo")); warningx(N_("sorry, you must have a tty to run sudo"));
goto bad; goto bad;
} else } else
(void) close(fd); (void) close(fd);
@@ -401,18 +401,18 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Finally tell the user if the command did not exist. */ /* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) { if (cmnd_status == NOT_FOUND_DOT) {
audit_failure(NewArgv, N_("command in current directory")); audit_failure(NewArgv, N_("command in current directory"));
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); warningx(N_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
goto bad; goto bad;
} else if (cmnd_status == NOT_FOUND) { } else if (cmnd_status == NOT_FOUND) {
audit_failure(NewArgv, N_("%s: command not found"), user_cmnd); audit_failure(NewArgv, N_("%s: command not found"), user_cmnd);
warningx(_("%s: command not found"), user_cmnd); warningx(N_("%s: command not found"), user_cmnd);
goto bad; goto bad;
} }
/* If user specified env vars make sure sudoers allows it. */ /* If user specified env vars make sure sudoers allows it. */
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) { if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
warningx(_("sorry, you are not allowed to preserve the environment")); warningx(N_("sorry, you are not allowed to preserve the environment"));
goto bad; goto bad;
} else } else
validate_env_vars(sudo_user.env_vars); validate_env_vars(sudo_user.env_vars);
@@ -1014,7 +1014,7 @@ find_editor(int nfiles, char **files, char ***argv_out)
} }
if (!editor_path) { if (!editor_path) {
audit_failure(NewArgv, N_("%s: command not found"), editor); audit_failure(NewArgv, N_("%s: command not found"), editor);
warningx(_("%s: command not found"), editor); warningx(N_("%s: command not found"), editor);
} }
debug_return_str(editor_path); debug_return_str(editor_path);
} }

2
plugins/sudoers/sudoreplay.c
View File

@@ -816,7 +816,7 @@ parse_logfile(char *logfile)
fp = fopen(logfile, "r"); fp = fopen(logfile, "r");
if (fp == NULL) { if (fp == NULL) {
warning(_("unable to open %s"), logfile); warning(N_("unable to open %s"), logfile);
goto bad; goto bad;
} }

6
plugins/sudoers/toke.c
View File

@@ -3565,19 +3565,19 @@ _push_include(char *path, bool isdir)
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(_("%s is owned by uid %u, should be %u"), warningx(N_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid, path, (unsigned int) sb.st_uid,
(unsigned int) sudoers_uid); (unsigned int) sudoers_uid);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WORLD_WRITABLE: case SUDO_PATH_WORLD_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(_("%s is world writable"), path); warningx(N_("%s is world writable"), path);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(_("%s is owned by gid %u, should be %u"), warningx(N_("%s is owned by gid %u, should be %u"),
path, (unsigned int) sb.st_gid, path, (unsigned int) sb.st_gid,
(unsigned int) sudoers_gid); (unsigned int) sudoers_gid);
} }

6
plugins/sudoers/toke.l
View File

@@ -843,19 +843,19 @@ _push_include(char *path, bool isdir)
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(_("%s is owned by uid %u, should be %u"), warningx(N_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid, path, (unsigned int) sb.st_uid,
(unsigned int) sudoers_uid); (unsigned int) sudoers_uid);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WORLD_WRITABLE: case SUDO_PATH_WORLD_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(_("%s is world writable"), path); warningx(N_("%s is world writable"), path);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(_("%s is owned by gid %u, should be %u"), warningx(N_("%s is owned by gid %u, should be %u"),
path, (unsigned int) sb.st_gid, path, (unsigned int) sb.st_gid,
(unsigned int) sudoers_gid); (unsigned int) sudoers_gid);
} }

30
plugins/sudoers/visudo.c
View File

@@ -420,18 +420,18 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
* Sanity checks. * Sanity checks.
*/ */
if (stat(sp->tpath, &sb) < 0) { if (stat(sp->tpath, &sb) < 0) {
warningx(_("unable to stat temporary file (%s), %s unchanged"), warningx(N_("unable to stat temporary file (%s), %s unchanged"),
sp->tpath, sp->path); sp->tpath, sp->path);
goto done; goto done;
} }
if (sb.st_size == 0 && orig_size != 0) { if (sb.st_size == 0 && orig_size != 0) {
warningx(_("zero length temporary file (%s), %s unchanged"), warningx(N_("zero length temporary file (%s), %s unchanged"),
sp->tpath, sp->path); sp->tpath, sp->path);
sp->modified = true; sp->modified = true;
goto done; goto done;
} }
} else { } else {
warningx(_("editor (%s) failed, %s unchanged"), editor, sp->path); warningx(N_("editor (%s) failed, %s unchanged"), editor, sp->path);
goto done; goto done;
} }
@@ -454,7 +454,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
if (modified) if (modified)
sp->modified = modified; sp->modified = modified;
else else
warningx(_("%s unchanged"), sp->tpath); warningx(N_("%s unchanged"), sp->tpath);
rval = true; rval = true;
done: done:
@@ -493,7 +493,7 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet)
/* Parse the sudoers temp file */ /* Parse the sudoers temp file */
sudoersrestart(fp); sudoersrestart(fp);
if (sudoersparse() && !parse_error) { if (sudoersparse() && !parse_error) {
warningx(_("unabled to parse temporary file (%s), unknown error"), warningx(N_("unabled to parse temporary file (%s), unknown error"),
sp->tpath); sp->tpath);
parse_error = true; parse_error = true;
errorfile = sp->path; errorfile = sp->path;
@@ -584,21 +584,21 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
if (fstat(sp->fd, &sb) == -1) if (fstat(sp->fd, &sb) == -1)
error(1, _("unable to stat %s"), sp->path); error(1, _("unable to stat %s"), sp->path);
if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) { if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
warning(_("unable to set (uid, gid) of %s to (%u, %u)"), warning(N_("unable to set (uid, gid) of %s to (%u, %u)"),
sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid);
} }
if (chmod(sp->tpath, sb.st_mode & 0777) != 0) { if (chmod(sp->tpath, sb.st_mode & 0777) != 0) {
warning(_("unable to change mode of %s to 0%o"), sp->tpath, warning(N_("unable to change mode of %s to 0%o"), sp->tpath,
(unsigned int)(sb.st_mode & 0777)); (unsigned int)(sb.st_mode & 0777));
} }
} else { } else {
if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) { if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
warning(_("unable to set (uid, gid) of %s to (%u, %u)"), warning(N_("unable to set (uid, gid) of %s to (%u, %u)"),
sp->tpath, SUDOERS_UID, SUDOERS_GID); sp->tpath, SUDOERS_UID, SUDOERS_GID);
goto done; goto done;
} }
if (chmod(sp->tpath, SUDOERS_MODE) != 0) { if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
warning(_("unable to change mode of %s to 0%o"), sp->tpath, warning(N_("unable to change mode of %s to 0%o"), sp->tpath,
SUDOERS_MODE); SUDOERS_MODE);
goto done; goto done;
} }
@@ -615,7 +615,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
} else { } else {
if (errno == EXDEV) { if (errno == EXDEV) {
char *av[4]; char *av[4];
warningx(_("%s and %s not on the same file system, using mv to rename"), warningx(N_("%s and %s not on the same file system, using mv to rename"),
sp->tpath, sp->path); sp->tpath, sp->path);
/* Build up argument vector for the command */ /* Build up argument vector for the command */
@@ -629,7 +629,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
/* And run it... */ /* And run it... */
if (run_command(_PATH_MV, av)) { if (run_command(_PATH_MV, av)) {
warningx(_("command failed: '%s %s %s', %s unchanged"), warningx(N_("command failed: '%s %s %s', %s unchanged"),
_PATH_MV, sp->tpath, sp->path, sp->path); _PATH_MV, sp->tpath, sp->path, sp->path);
(void) unlink(sp->tpath); (void) unlink(sp->tpath);
efree(sp->tpath); efree(sp->tpath);
@@ -639,7 +639,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
efree(sp->tpath); efree(sp->tpath);
sp->tpath = NULL; sp->tpath = NULL;
} else { } else {
warning(_("error renaming %s, %s unchanged"), sp->tpath, sp->path); warning(N_("error renaming %s, %s unchanged"), sp->tpath, sp->path);
(void) unlink(sp->tpath); (void) unlink(sp->tpath);
goto done; goto done;
} }
@@ -763,7 +763,7 @@ run_command(char *path, char **argv)
sudo_endgrent(); sudo_endgrent();
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
execv(path, argv); execv(path, argv);
warning(_("unable to run %s"), path); warning(N_("unable to run %s"), path);
_exit(127); _exit(127);
break; /* NOTREACHED */ break; /* NOTREACHED */
} }
@@ -815,13 +815,13 @@ check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms)
sudoers_path = "stdin"; sudoers_path = "stdin";
} else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) { } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) {
if (!quiet) if (!quiet)
warning(_("unable to open %s"), sudoers_path); warning(N_("unable to open %s"), sudoers_path);
goto done; goto done;
} }
init_parser(sudoers_path, quiet); init_parser(sudoers_path, quiet);
if (sudoersparse() && !parse_error) { if (sudoersparse() && !parse_error) {
if (!quiet) if (!quiet)
warningx(_("failed to parse %s file, unknown error"), sudoers_path); warningx(N_("failed to parse %s file, unknown error"), sudoers_path);
parse_error = true; parse_error = true;
errorfile = sudoers_path; errorfile = sudoers_path;
} }

20
src/error.c
View File

@@ -22,8 +22,12 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#ifdef HAVE_SETLOCALE
# include <locale.h>
#endif
#include "missing.h" #include "missing.h"
#include "alloc.h"
#include "error.h" #include "error.h"
#define DEFAULT_TEXT_DOMAIN "sudo" #define DEFAULT_TEXT_DOMAIN "sudo"
@@ -104,15 +108,29 @@ static void
_warning(int use_errno, const char *fmt, va_list ap) _warning(int use_errno, const char *fmt, va_list ap)
{ {
int serrno = errno; int serrno = errno;
#ifdef HAVE_SETLOCALE
char *prev_locale = estrdup(setlocale(LC_ALL, NULL));
/* Set locale to user's if different. */
if (*prev_locale != '\0')
setlocale(LC_ALL, "");
#endif
fputs(getprogname(), stderr); fputs(getprogname(), stderr);
if (fmt != NULL) { if (fmt != NULL) {
fputs(_(": "), stderr); fputs(_(": "), stderr);
vfprintf(stderr, fmt, ap); vfprintf(stderr, _(fmt), ap);
} }
if (use_errno) { if (use_errno) {
fputs(_(": "), stderr); fputs(_(": "), stderr);
fputs(strerror(serrno), stderr); fputs(strerror(serrno), stderr);
} }
putc('\n', stderr); putc('\n', stderr);
#ifdef HAVE_SETLOCALE
/* Restore locale if needed. */
if (*prev_locale != '\0')
setlocale(LC_ALL, prev_locale);
efree(prev_locale);
#endif
} }

4
src/exec.c
View File

@@ -382,7 +382,7 @@ sudo_execute(struct command_details *details, struct command_status *cstat)
/* One of the ttys must have gone away. */ /* One of the ttys must have gone away. */
goto do_tty_io; goto do_tty_io;
} }
warning(_("select failed")); warning(N_("select failed"));
sudo_debug_printf(SUDO_DEBUG_ERROR, sudo_debug_printf(SUDO_DEBUG_ERROR,
"select failure, terminating child"); "select failure, terminating child");
schedule_signal(SIGKILL); schedule_signal(SIGKILL);
@@ -484,7 +484,7 @@ do_tty_io:
if (ISSET(details->flags, CD_RBAC_ENABLED)) { if (ISSET(details->flags, CD_RBAC_ENABLED)) {
/* This is probably not needed in log_io mode. */ /* This is probably not needed in log_io mode. */
if (selinux_restore_tty() != 0) if (selinux_restore_tty() != 0)
warningx(_("unable to restore tty label")); warningx(N_("unable to restore tty label"));
} }
#endif #endif

2
src/exec_common.c
View File

@@ -67,7 +67,7 @@ disable_execute(char *const envp[])
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
debug_return_ptr(envp); debug_return_ptr(envp);
warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); warning(N_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));
#endif /* HAVE_PRIV_SET */ #endif /* HAVE_PRIV_SET */
#ifdef _PATH_SUDO_NOEXEC #ifdef _PATH_SUDO_NOEXEC

12
src/exec_pty.c
View File

@@ -1069,7 +1069,7 @@ exec_monitor(struct command_details *details, int backchannel)
error(1, _("unable to create pipe")); error(1, _("unable to create pipe"));
cmnd_pid = sudo_debug_fork(); cmnd_pid = sudo_debug_fork();
if (cmnd_pid == -1) { if (cmnd_pid == -1) {
warning(_("unable to fork")); warning(N_("unable to fork"));
goto bad; goto bad;
} }
if (cmnd_pid == 0) { if (cmnd_pid == 0) {
@@ -1145,7 +1145,7 @@ exec_monitor(struct command_details *details, int backchannel)
if (n == -1) { if (n == -1) {
if (errno == EINTR || errno == EAGAIN) if (errno == EINTR || errno == EAGAIN)
continue; continue;
warning(_("error reading from signal pipe")); warning(N_("error reading from signal pipe"));
goto done; goto done;
} }
/* /*
@@ -1166,7 +1166,7 @@ exec_monitor(struct command_details *details, int backchannel)
if (n == -1) { if (n == -1) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
warning(_("error reading from pipe")); warning(N_("error reading from pipe"));
goto done; goto done;
} }
/* Got errno or EOF, either way we are done with errpipe. */ /* Got errno or EOF, either way we are done with errpipe. */
@@ -1182,11 +1182,11 @@ exec_monitor(struct command_details *details, int backchannel)
if (n == -1) { if (n == -1) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
warning(_("error reading from socketpair")); warning(N_("error reading from socketpair"));
goto done; goto done;
} }
if (cstmp.type != CMD_SIGNO) { if (cstmp.type != CMD_SIGNO) {
warningx(_("unexpected reply type on backchannel: %d"), warningx(N_("unexpected reply type on backchannel: %d"),
cstmp.type); cstmp.type);
continue; continue;
} }
@@ -1274,7 +1274,7 @@ flush_output(void)
break; /* all I/O flushed */ break; /* all I/O flushed */
if (errno == EINTR || errno == ENOMEM) if (errno == EINTR || errno == ENOMEM)
continue; continue;
warning(_("select failed")); warning(N_("select failed"));
} }
if (perform_io(fdsr, fdsw, NULL) != 0 || nready == -1) if (perform_io(fdsr, fdsw, NULL) != 0 || nready == -1)
break; break;

20
src/load_plugins.c
View File

@@ -71,13 +71,13 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
if (info->path[0] == '/') { if (info->path[0] == '/') {
if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) { if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) {
warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG)); warningx(N_("%s: %s"), info->path, strerror(ENAMETOOLONG));
goto done; goto done;
} }
} else { } else {
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR, if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
info->path) >= sizeof(path)) { info->path) >= sizeof(path)) {
warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path, warningx(N_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
strerror(ENAMETOOLONG)); strerror(ENAMETOOLONG));
goto done; goto done;
} }
@@ -87,40 +87,40 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
goto done; goto done;
} }
if (sb.st_uid != ROOT_UID) { if (sb.st_uid != ROOT_UID) {
warningx(_("%s must be owned by uid %d"), path, ROOT_UID); warningx(N_("%s must be owned by uid %d"), path, ROOT_UID);
goto done; goto done;
} }
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
warningx(_("%s must be only be writable by owner"), path); warningx(N_("%s must be only be writable by owner"), path);
goto done; goto done;
} }
/* Open plugin and map in symbol */ /* Open plugin and map in symbol */
handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL); handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
if (!handle) { if (!handle) {
warningx(_("unable to dlopen %s: %s"), path, dlerror()); warningx(N_("unable to dlopen %s: %s"), path, dlerror());
goto done; goto done;
} }
plugin = dlsym(handle, info->symbol_name); plugin = dlsym(handle, info->symbol_name);
if (!plugin) { if (!plugin) {
warningx(_("%s: unable to find symbol %s"), path, warningx(N_("%s: unable to find symbol %s"), path,
info->symbol_name); info->symbol_name);
goto done; goto done;
} }
if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) { if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) {
warningx(_("%s: unknown policy type %d"), path, plugin->type); warningx(N_("%s: unknown policy type %d"), path, plugin->type);
goto done; goto done;
} }
if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) { if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) {
warningx(_("%s: incompatible policy major version %d, expected %d"), warningx(N_("%s: incompatible policy major version %d, expected %d"),
path, SUDO_API_VERSION_GET_MAJOR(plugin->version), path, SUDO_API_VERSION_GET_MAJOR(plugin->version),
SUDO_API_VERSION_MAJOR); SUDO_API_VERSION_MAJOR);
goto done; goto done;
} }
if (plugin->type == SUDO_POLICY_PLUGIN) { if (plugin->type == SUDO_POLICY_PLUGIN) {
if (policy_plugin->handle) { if (policy_plugin->handle) {
warningx(_("%s: only a single policy plugin may be loaded"), warningx(N_("%s: only a single policy plugin may be loaded"),
_PATH_SUDO_CONF); _PATH_SUDO_CONF);
goto done; goto done;
} }
@@ -197,7 +197,7 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
} }
} }
if (policy_plugin->u.policy->check_policy == NULL) { if (policy_plugin->u.policy->check_policy == NULL) {
warningx(_("policy plugin %s does not include a check_policy method"), warningx(N_("policy plugin %s does not include a check_policy method"),
policy_plugin->name); policy_plugin->name);
rval = false; rval = false;
goto done; goto done;

12
src/net_ifs.c
View File

@@ -154,7 +154,7 @@ get_net_ifs(char **addrinfo)
"%s%s/", cp == *addrinfo ? "" : " ", "%s%s/", cp == *addrinfo ? "" : " ",
inet_ntoa(sin->sin_addr)); inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(_("load_interfaces: overflow detected")); warningx(N_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -163,7 +163,7 @@ get_net_ifs(char **addrinfo)
len = snprintf(cp, ailen - (*addrinfo - cp), len = snprintf(cp, ailen - (*addrinfo - cp),
"%s", inet_ntoa(sin->sin_addr)); "%s", inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(_("load_interfaces: overflow detected")); warningx(N_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -175,7 +175,7 @@ get_net_ifs(char **addrinfo)
len = snprintf(cp, ailen - (*addrinfo - cp), len = snprintf(cp, ailen - (*addrinfo - cp),
"%s%s/", cp == *addrinfo ? "" : " ", addrbuf); "%s%s/", cp == *addrinfo ? "" : " ", addrbuf);
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(_("load_interfaces: overflow detected")); warningx(N_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -184,7 +184,7 @@ get_net_ifs(char **addrinfo)
inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf)); inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf); len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf);
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(_("load_interfaces: overflow detected")); warningx(N_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -295,7 +295,7 @@ get_net_ifs(char **addrinfo)
"%s%s/", cp == *addrinfo ? "" : " ", "%s%s/", cp == *addrinfo ? "" : " ",
inet_ntoa(sin->sin_addr)); inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(_("load_interfaces: overflow detected")); warningx(N_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -319,7 +319,7 @@ get_net_ifs(char **addrinfo)
len = snprintf(cp, ailen - (*addrinfo - cp), len = snprintf(cp, ailen - (*addrinfo - cp),
"%s", inet_ntoa(sin->sin_addr)); "%s", inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(_("load_interfaces: overflow detected")); warningx(N_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;

16
src/parse_args.c
View File

@@ -184,7 +184,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
break; break;
case 'C': case 'C':
if (atoi(optarg) < 3) { if (atoi(optarg) < 3) {
warningx(_("the argument to -C must be a number greater than or equal to 3")); warningx(N_("the argument to -C must be a number greater than or equal to 3"));
usage(1); usage(1);
} }
sudo_settings[ARG_CLOSEFROM].value = optarg; sudo_settings[ARG_CLOSEFROM].value = optarg;
@@ -332,11 +332,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
if (ISSET(flags, MODE_LOGIN_SHELL)) { if (ISSET(flags, MODE_LOGIN_SHELL)) {
if (ISSET(flags, MODE_SHELL)) { if (ISSET(flags, MODE_SHELL)) {
warningx(_("you may not specify both the `-i' and `-s' options")); warningx(N_("you may not specify both the `-i' and `-s' options"));
usage(1); usage(1);
} }
if (ISSET(flags, MODE_PRESERVE_ENV)) { if (ISSET(flags, MODE_PRESERVE_ENV)) {
warningx(_("you may not specify both the `-i' and `-E' options")); warningx(N_("you may not specify both the `-i' and `-E' options"));
usage(1); usage(1);
} }
SET(flags, MODE_SHELL); SET(flags, MODE_SHELL);
@@ -346,9 +346,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
if (mode == MODE_EDIT && if (mode == MODE_EDIT &&
(ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) { (ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) {
if (ISSET(mode, MODE_PRESERVE_ENV)) if (ISSET(mode, MODE_PRESERVE_ENV))
warningx(_("the `-E' option is not valid in edit mode")); warningx(N_("the `-E' option is not valid in edit mode"));
if (env_add[0] != NULL) if (env_add[0] != NULL)
warningx(_("you may not specify environment variables in edit mode")); warningx(N_("you may not specify environment variables in edit mode"));
usage(1); usage(1);
} }
if ((runas_user != NULL || runas_group != NULL) && if ((runas_user != NULL || runas_group != NULL) &&
@@ -356,11 +356,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
usage(1); usage(1);
} }
if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) { if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
warningx(_("the `-U' option may only be used with the `-l' option")); warningx(N_("the `-U' option may only be used with the `-l' option"));
usage(1); usage(1);
} }
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) { if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
warningx(_("the `-A' and `-S' options may not be used together")); warningx(N_("the `-A' and `-S' options may not be used together"));
usage(1); usage(1);
} }
if ((argc == 0 && mode == MODE_EDIT) || if ((argc == 0 && mode == MODE_EDIT) ||
@@ -513,7 +513,7 @@ usage_excl(int fatal)
{ {
debug_decl(usage_excl, SUDO_DEBUG_ARGS) debug_decl(usage_excl, SUDO_DEBUG_ARGS)
warningx(_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified")); warningx(N_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"));
usage(fatal); usage(fatal);
} }

40
src/selinux.c
View File

@@ -82,7 +82,7 @@ audit_role_change(const security_context_t old_context,
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
message, NULL, NULL, ttyn, 1); message, NULL, NULL, ttyn, 1);
if (rc <= 0) if (rc <= 0)
warning(_("unable to send audit message")); warning(N_("unable to send audit message"));
efree(message); efree(message);
close(au_fd); close(au_fd);
} }
@@ -110,17 +110,17 @@ selinux_restore_tty(void)
/* Verify that the tty still has the context set by sudo. */ /* Verify that the tty still has the context set by sudo. */
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) { if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
warning(_("unable to fgetfilecon %s"), se_state.ttyn); warning(N_("unable to fgetfilecon %s"), se_state.ttyn);
goto skip_relabel; goto skip_relabel;
} }
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) { if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
warningx(_("%s changed labels"), se_state.ttyn); warningx(N_("%s changed labels"), se_state.ttyn);
goto skip_relabel; goto skip_relabel;
} }
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0) if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
warning(_("unable to restore context for %s"), se_state.ttyn); warning(N_("unable to restore context for %s"), se_state.ttyn);
skip_relabel: skip_relabel:
if (se_state.ttyfd != -1) { if (se_state.ttyfd != -1) {
@@ -160,7 +160,7 @@ relabel_tty(const char *ttyn, int ptyfd)
if (ptyfd == -1) { if (ptyfd == -1) {
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) { if (se_state.ttyfd == -1) {
warning(_("unable to open %s, not relabeling tty"), ttyn); warning(N_("unable to open %s, not relabeling tty"), ttyn);
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
@@ -169,21 +169,21 @@ relabel_tty(const char *ttyn, int ptyfd)
} }
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) { if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
warning(_("unable to get current tty context, not relabeling tty")); warning(N_("unable to get current tty context, not relabeling tty"));
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
if (tty_con && (security_compute_relabel(se_state.new_context, tty_con, if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
SECCLASS_CHR_FILE, &new_tty_con) < 0)) { SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
warning(_("unable to get new tty context, not relabeling tty")); warning(N_("unable to get new tty context, not relabeling tty"));
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
if (new_tty_con != NULL) { if (new_tty_con != NULL) {
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) { if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
warning(_("unable to set new tty context")); warning(N_("unable to set new tty context"));
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
@@ -193,7 +193,7 @@ relabel_tty(const char *ttyn, int ptyfd)
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */ /* Reopen pty that was relabeled, std{in,out,err} are reset later. */
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0); se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
if (se_state.ttyfd == -1) { if (se_state.ttyfd == -1) {
warning(_("unable to open %s"), ttyn); warning(N_("unable to open %s"), ttyn);
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
@@ -206,7 +206,7 @@ relabel_tty(const char *ttyn, int ptyfd)
close(se_state.ttyfd); close(se_state.ttyfd);
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) { if (se_state.ttyfd == -1) {
warning(_("unable to open %s"), ttyn); warning(N_("unable to open %s"), ttyn);
goto bad; goto bad;
} }
(void)fcntl(se_state.ttyfd, F_SETFL, (void)fcntl(se_state.ttyfd, F_SETFL,
@@ -249,13 +249,13 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
/* We must have a role, the type is optional (we can use the default). */ /* We must have a role, the type is optional (we can use the default). */
if (!role) { if (!role) {
warningx(_("you must specify a role for type %s"), type); warningx(N_("you must specify a role for type %s"), type);
errno = EINVAL; errno = EINVAL;
goto bad; goto bad;
} }
if (!type) { if (!type) {
if (get_default_type(role, &typebuf)) { if (get_default_type(role, &typebuf)) {
warningx(_("unable to get default type for role %s"), role); warningx(N_("unable to get default type for role %s"), role);
errno = EINVAL; errno = EINVAL;
goto bad; goto bad;
} }
@@ -273,11 +273,11 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
* type we will be running the command as. * type we will be running the command as.
*/ */
if (context_role_set(context, role)) { if (context_role_set(context, role)) {
warning(_("failed to set new role %s"), role); warning(N_("failed to set new role %s"), role);
goto bad; goto bad;
} }
if (context_type_set(context, type)) { if (context_type_set(context, type)) {
warning(_("failed to set new type %s"), type); warning(N_("failed to set new type %s"), type);
goto bad; goto bad;
} }
@@ -286,7 +286,7 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
*/ */
new_context = estrdup(context_str(context)); new_context = estrdup(context_str(context));
if (security_check_context(new_context) < 0) { if (security_check_context(new_context) < 0) {
warningx(_("%s is not a valid context"), new_context); warningx(N_("%s is not a valid context"), new_context);
errno = EINVAL; errno = EINVAL;
goto bad; goto bad;
} }
@@ -321,13 +321,13 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
/* Store the caller's SID in old_context. */ /* Store the caller's SID in old_context. */
if (getprevcon(&se_state.old_context)) { if (getprevcon(&se_state.old_context)) {
warning(_("failed to get old_context")); warning(N_("failed to get old_context"));
goto done; goto done;
} }
se_state.enforcing = security_getenforce(); se_state.enforcing = security_getenforce();
if (se_state.enforcing < 0) { if (se_state.enforcing < 0) {
warning(_("unable to determine enforcing mode.")); warning(N_("unable to determine enforcing mode."));
goto done; goto done;
} }
@@ -339,7 +339,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
goto done; goto done;
if (relabel_tty(ttyn, ptyfd) < 0) { if (relabel_tty(ttyn, ptyfd) < 0) {
warning(_("unable to setup tty context for %s"), se_state.new_context); warning(N_("unable to setup tty context for %s"), se_state.new_context);
goto done; goto done;
} }
@@ -370,14 +370,14 @@ selinux_execve(const char *path, char *const argv[], char *const envp[],
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
if (setexeccon(se_state.new_context)) { if (setexeccon(se_state.new_context)) {
warning(_("unable to set exec context to %s"), se_state.new_context); warning(N_("unable to set exec context to %s"), se_state.new_context);
if (se_state.enforcing) if (se_state.enforcing)
debug_return; debug_return;
} }
#ifdef HAVE_SETKEYCREATECON #ifdef HAVE_SETKEYCREATECON
if (setkeycreatecon(se_state.new_context)) { if (setkeycreatecon(se_state.new_context)) {
warning(_("unable to set key creation context to %s"), se_state.new_context); warning(N_("unable to set key creation context to %s"), se_state.new_context);
if (se_state.enforcing) if (se_state.enforcing)
debug_return; debug_return;
} }

2
src/sesh.c
View File

@@ -91,7 +91,7 @@ main(int argc, char *argv[], char *envp[])
*cp = '-'; *cp = '-';
} }
sudo_execve(cmnd, argv, envp, noexec); sudo_execve(cmnd, argv, envp, noexec);
warning(_("unable to execute %s"), argv[0]); warning(N_("unable to execute %s"), argv[0]);
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE);
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
} }

48
src/sudo.c
View File

@@ -859,38 +859,38 @@ set_project(struct passwd *pw)
case SETPROJ_ERR_TASK: case SETPROJ_ERR_TASK:
switch (errno) { switch (errno) {
case EAGAIN: case EAGAIN:
warningx(_("resource control limit has been reached")); warningx(N_("resource control limit has been reached"));
break; break;
case ESRCH: case ESRCH:
warningx(_("user \"%s\" is not a member of project \"%s\""), warningx(N_("user \"%s\" is not a member of project \"%s\""),
pw->pw_name, proj.pj_name); pw->pw_name, proj.pj_name);
break; break;
case EACCES: case EACCES:
warningx(_("the invoking task is final")); warningx(N_("the invoking task is final"));
break; break;
default: default:
warningx(_("could not join project \"%s\""), proj.pj_name); warningx(N_("could not join project \"%s\""), proj.pj_name);
} }
case SETPROJ_ERR_POOL: case SETPROJ_ERR_POOL:
switch (errno) { switch (errno) {
case EACCES: case EACCES:
warningx(_("no resource pool accepting default bindings " warningx(N_("no resource pool accepting default bindings "
"exists for project \"%s\""), proj.pj_name); "exists for project \"%s\""), proj.pj_name);
break; break;
case ESRCH: case ESRCH:
warningx(_("specified resource pool does not exist for " warningx(N_("specified resource pool does not exist for "
"project \"%s\""), proj.pj_name); "project \"%s\""), proj.pj_name);
break; break;
default: default:
warningx(_("could not bind to default resource pool for " warningx(N_("could not bind to default resource pool for "
"project \"%s\""), proj.pj_name); "project \"%s\""), proj.pj_name);
} }
break; break;
default: default:
if (errval <= 0) { if (errval <= 0) {
warningx(_("setproject failed for project \"%s\""), proj.pj_name); warningx(N_("setproject failed for project \"%s\""), proj.pj_name);
} else { } else {
warningx(_("warning, resource control assignment failed for " warningx(N_("warning, resource control assignment failed for "
"project \"%s\""), proj.pj_name); "project \"%s\""), proj.pj_name);
} }
} }
@@ -958,7 +958,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
*/ */
lc = login_getclass((char *)details->login_class); lc = login_getclass((char *)details->login_class);
if (!lc) { if (!lc) {
warningx(_("unknown login class %s"), details->login_class); warningx(N_("unknown login class %s"), details->login_class);
errno = ENOENT; errno = ENOENT;
goto done; goto done;
} }
@@ -972,10 +972,10 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
} }
if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) { if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) {
if (details->pw->pw_uid != ROOT_UID) { if (details->pw->pw_uid != ROOT_UID) {
warning(_("unable to set user context")); warning(N_("unable to set user context"));
goto done; goto done;
} else } else
warning(_("unable to set user context")); warning(N_("unable to set user context"));
} }
} }
#endif /* HAVE_LOGIN_CAP_H */ #endif /* HAVE_LOGIN_CAP_H */
@@ -987,27 +987,27 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
if (details->ngroups >= 0) { if (details->ngroups >= 0) {
if (sudo_setgroups(details->ngroups, details->groups) < 0) { if (sudo_setgroups(details->ngroups, details->groups) < 0) {
warning(_("unable to set supplementary group IDs")); warning(N_("unable to set supplementary group IDs"));
goto done; goto done;
} }
} }
} }
#ifdef HAVE_SETEUID #ifdef HAVE_SETEUID
if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
warning(_("unable to set effective gid to runas gid %u"), warning(N_("unable to set effective gid to runas gid %u"),
(unsigned int)details->egid); (unsigned int)details->egid);
goto done; goto done;
} }
#endif #endif
if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
warning(_("unable to set gid to runas gid %u"), warning(N_("unable to set gid to runas gid %u"),
(unsigned int)details->gid); (unsigned int)details->gid);
goto done; goto done;
} }
if (ISSET(details->flags, CD_SET_PRIORITY)) { if (ISSET(details->flags, CD_SET_PRIORITY)) {
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) { if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
warning(_("unable to set process priority")); warning(N_("unable to set process priority"));
goto done; goto done;
} }
} }
@@ -1015,26 +1015,26 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
(void) umask(details->umask); (void) umask(details->umask);
if (details->chroot) { if (details->chroot) {
if (chroot(details->chroot) != 0 || chdir("/") != 0) { if (chroot(details->chroot) != 0 || chdir("/") != 0) {
warning(_("unable to change root to %s"), details->chroot); warning(N_("unable to change root to %s"), details->chroot);
goto done; goto done;
} }
} }
#ifdef HAVE_SETRESUID #ifdef HAVE_SETRESUID
if (setresuid(details->uid, details->euid, details->euid) != 0) { if (setresuid(details->uid, details->euid, details->euid) != 0) {
warning(_("unable to change to runas uid (%u, %u)"), details->uid, warning(N_("unable to change to runas uid (%u, %u)"), details->uid,
details->euid); details->euid);
goto done; goto done;
} }
#elif HAVE_SETREUID #elif HAVE_SETREUID
if (setreuid(details->uid, details->euid) != 0) { if (setreuid(details->uid, details->euid) != 0) {
warning(_("unable to change to runas uid (%u, %u)"), warning(N_("unable to change to runas uid (%u, %u)"),
(unsigned int)details->uid, (unsigned int)details->euid); (unsigned int)details->uid, (unsigned int)details->euid);
goto done; goto done;
} }
#else #else
if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) { if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) {
warning(_("unable to change to runas uid (%u, %u)"), details->uid, warning(N_("unable to change to runas uid (%u, %u)"), details->uid,
details->euid); details->euid);
goto done; goto done;
} }
@@ -1048,7 +1048,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) { if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) {
/* Note: cwd is relative to the new root, if any. */ /* Note: cwd is relative to the new root, if any. */
if (chdir(details->cwd) != 0) { if (chdir(details->cwd) != 0) {
warning(_("unable to change directory to %s"), details->cwd); warning(N_("unable to change directory to %s"), details->cwd);
goto done; goto done;
} }
} }
@@ -1132,7 +1132,7 @@ run_command(struct command_details *details)
exitcode = WTERMSIG(cstat.val) | 128; exitcode = WTERMSIG(cstat.val) | 128;
break; break;
default: default:
warningx(_("unexpected child termination condition: %d"), cstat.type); warningx(N_("unexpected child termination condition: %d"), cstat.type);
break; break;
} }
debug_return_int(exitcode); debug_return_int(exitcode);
@@ -1193,7 +1193,7 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[],
{ {
debug_decl(policy_list, SUDO_DEBUG_PCOMM) debug_decl(policy_list, SUDO_DEBUG_PCOMM)
if (plugin->u.policy->list == NULL) { if (plugin->u.policy->list == NULL) {
warningx(_("policy plugin %s does not support listing privileges"), warningx(N_("policy plugin %s does not support listing privileges"),
plugin->name); plugin->name);
debug_return_bool(false); debug_return_bool(false);
} }
@@ -1205,7 +1205,7 @@ policy_validate(struct plugin_container *plugin)
{ {
debug_decl(policy_validate, SUDO_DEBUG_PCOMM) debug_decl(policy_validate, SUDO_DEBUG_PCOMM)
if (plugin->u.policy->validate == NULL) { if (plugin->u.policy->validate == NULL) {
warningx(_("policy plugin %s does not support the -v option"), warningx(N_("policy plugin %s does not support the -v option"),
plugin->name); plugin->name);
debug_return_bool(false); debug_return_bool(false);
} }

28
src/sudo_edit.c
View File

@@ -108,7 +108,7 @@ sudo_edit(struct command_details *command_details)
* We will change the euid as needed below. * We will change the euid as needed below.
*/ */
if (setuid(ROOT_UID) != 0) { if (setuid(ROOT_UID) != 0) {
warning(_("unable to change uid to root (%u)"), ROOT_UID); warning(N_("unable to change uid to root (%u)"), ROOT_UID);
goto cleanup; goto cleanup;
} }
@@ -140,7 +140,7 @@ sudo_edit(struct command_details *command_details)
editor_argc++; editor_argc++;
} }
if (nfiles == 0) { if (nfiles == 0) {
warningx(_("plugin error: missing file list for sudoedit")); warningx(N_("plugin error: missing file list for sudoedit"));
goto cleanup; goto cleanup;
} }
@@ -168,7 +168,7 @@ sudo_edit(struct command_details *command_details)
if (rc) if (rc)
warning("%s", files[i]); warning("%s", files[i]);
else else
warningx(_("%s: not a regular file"), files[i]); warningx(N_("%s: not a regular file"), files[i]);
if (ofd != -1) if (ofd != -1)
close(ofd); close(ofd);
continue; continue;
@@ -202,7 +202,7 @@ sudo_edit(struct command_details *command_details)
if (nwritten == -1) if (nwritten == -1)
warning("%s", tf[j].tfile); warning("%s", tf[j].tfile);
else else
warningx(_("%s: short write"), tf[j].tfile); warningx(N_("%s: short write"), tf[j].tfile);
goto cleanup; goto cleanup;
} }
} }
@@ -268,8 +268,8 @@ sudo_edit(struct command_details *command_details)
if (rc) if (rc)
warning("%s", tf[i].tfile); warning("%s", tf[i].tfile);
else else
warningx(_("%s: not a regular file"), tf[i].tfile); warningx(N_("%s: not a regular file"), tf[i].tfile);
warningx(_("%s left unmodified"), tf[i].ofile); warningx(N_("%s left unmodified"), tf[i].ofile);
if (tfd != -1) if (tfd != -1)
close(tfd); close(tfd);
continue; continue;
@@ -282,7 +282,7 @@ sudo_edit(struct command_details *command_details)
*/ */
timevalsub(&tv1, &tv2); timevalsub(&tv1, &tv2);
if (timevalisset(&tv2)) { if (timevalisset(&tv2)) {
warningx(_("%s unchanged"), tf[i].ofile); warningx(N_("%s unchanged"), tf[i].ofile);
unlink(tf[i].tfile); unlink(tf[i].tfile);
close(tfd); close(tfd);
continue; continue;
@@ -294,8 +294,8 @@ sudo_edit(struct command_details *command_details)
switch_user(ROOT_UID, user_details.egid, switch_user(ROOT_UID, user_details.egid,
user_details.ngroups, user_details.groups); user_details.ngroups, user_details.groups);
if (ofd == -1) { if (ofd == -1) {
warning(_("unable to write to %s"), tf[i].ofile); warning(N_("unable to write to %s"), tf[i].ofile);
warningx(_("contents of edit session left in %s"), tf[i].tfile); warningx(N_("contents of edit session left in %s"), tf[i].tfile);
close(tfd); close(tfd);
continue; continue;
} }
@@ -304,7 +304,7 @@ sudo_edit(struct command_details *command_details)
if (nwritten == -1) if (nwritten == -1)
warning("%s", tf[i].ofile); warning("%s", tf[i].ofile);
else else
warningx(_("%s: short write"), tf[i].ofile); warningx(N_("%s: short write"), tf[i].ofile);
break; break;
} }
} }
@@ -312,11 +312,11 @@ sudo_edit(struct command_details *command_details)
/* success, got EOF */ /* success, got EOF */
unlink(tf[i].tfile); unlink(tf[i].tfile);
} else if (nread < 0) { } else if (nread < 0) {
warning(_("unable to read temporary file")); warning(N_("unable to read temporary file"));
warningx(_("contents of edit session left in %s"), tf[i].tfile); warningx(N_("contents of edit session left in %s"), tf[i].tfile);
} else { } else {
warning(_("unable to write to %s"), tf[i].ofile); warning(N_("unable to write to %s"), tf[i].ofile);
warningx(_("contents of edit session left in %s"), tf[i].tfile); warningx(N_("contents of edit session left in %s"), tf[i].tfile);
} }
close(ofd); close(ofd);
} }

8
src/tgetpass.c
View File

@@ -87,7 +87,7 @@ tgetpass(const char *prompt, int timeout, int flags)
if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) && if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
!tty_present()) { !tty_present()) {
if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) { if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) {
warningx(_("no tty present and no askpass program specified")); warningx(N_("no tty present and no askpass program specified"));
debug_return_str(NULL); debug_return_str(NULL);
} }
SET(flags, TGP_ASKPASS); SET(flags, TGP_ASKPASS);
@@ -228,16 +228,16 @@ sudo_askpass(const char *askpass, const char *prompt)
} }
(void) setuid(ROOT_UID); (void) setuid(ROOT_UID);
if (setgid(user_details.gid)) { if (setgid(user_details.gid)) {
warning(_("unable to set gid to %u"), (unsigned int)user_details.gid); warning(N_("unable to set gid to %u"), (unsigned int)user_details.gid);
_exit(255); _exit(255);
} }
if (setuid(user_details.uid)) { if (setuid(user_details.uid)) {
warning(_("unable to set uid to %u"), (unsigned int)user_details.uid); warning(N_("unable to set uid to %u"), (unsigned int)user_details.uid);
_exit(255); _exit(255);
} }
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
execl(askpass, askpass, prompt, (char *)NULL); execl(askpass, askpass, prompt, (char *)NULL);
warning(_("unable to run %s"), askpass); warning(N_("unable to run %s"), askpass);
_exit(255); _exit(255);
} }