o Change defaults stuff to put the value right in the struct.

o Implement mailer_flags o Store syslog stuff both in int and string form. Setting the string form magically updates the int version. o Add boolean attribute to strings where it makes sense to say !foo
1999-10-07 21:21:08 +00:00
parent cc82693f58
commit 7769bf6a32
20 changed files with 994 additions and 879 deletions
--- a/6
+++ b/6
@@ -219,12 +219,12 @@ Special features/options:
 	If set, sudo will ignore '.' or '' (current dir) in $PATH.
 	The $PATH itself is not modified.
-  --with-alertmail
+  --with-mailto
 	User that mail from sudo is sent to.  This should go to a sysadmin at
 	your site.  The default is "root".
  --with-mailsubject
-	Subject of the mail sent to the "alertmail" user. The token "%h"
+	Subject of the mail sent to the "mailto" user. The token "%h"
 	will expand to the hostname of the machine.
 	Default is "*** SECURITY information for %h ***".
@@ -268,7 +268,7 @@ Special features/options:
 	Override configure's guess as to the location of sendmail.
  --without-sendmail
-	Do not use sendmail to mail messages to the "alertmail" user.
+	Do not use sendmail to mail messages to the "mailto" user.
 	Use only if don't run sendmail or the equivalent.
  --with-sudoers-mode=mode
--- a/4
+++ b/4
@@ -74,3 +74,7 @@ TODO list (most will be addressed in sudo 2.0)
 26) Look into %e, %p, %k in parse.lex
 27) Document Defaults stuff in sudoers.pod
 28) Make syslog stuff work on vanilla ultrix
 29) Implement date_format and log_format options.
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -67,7 +67,7 @@ aixauth_verify(pw, prompt, auth)
    char *message, *pass;
    int reenter = 1;
-    pass = tgetpass(prompt, sudo_inttable[I_PW_TIMEOUT] * 60, 1);
+    pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1);
    if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
 	return(AUTH_SUCCESS);
    else
--- a/auth/fwtk.c
+++ b/auth/fwtk.c
@@ -117,9 +117,9 @@ fwtk_verify(pw, prompt, auth)
    /* Get the password/response from the user. */
    if (strncmp(resp, "challenge ", 10) == 0) {
 	(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
-	pass = tgetpass(buf, sudo_inttable[I_PW_TIMEOUT] * 60, 0);
+	pass = tgetpass(buf, def_ival(I_PW_TIMEOUT) * 60, 0);
    } else if (strncmp(resp, "password", 8) == 0) {
-	pass = tgetpass(prompt, sudo_inttable[I_PW_TIMEOUT] * 60, 1);
+	pass = tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1);
    } else {
 	(void) fprintf(stderr, "%s: %s\n", Argv[0], resp);
 	return(AUTH_FATAL);
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -143,7 +143,7 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
 		if (strcmp(p, "Password: ") && strcmp(p, "Password:"))
 		    p = (char *) pm->msg;
 		pr->resp = estrdup((char *) tgetpass(p,
-		    sudo_inttable[I_PW_TIMEOUT] * 60, !echo));
+		    def_ival(I_PW_TIMEOUT) * 60, !echo));
 		if (*pr->resp == '\0')
 		    nil_pw = 1;		/* empty password */
 		break;
--- a/auth/rfc1938.c
+++ b/auth/rfc1938.c
@@ -126,7 +126,7 @@ rfc1938_setup(pw, promptp, auth)
 	new_prompt = (char *) erealloc(new_prompt, np_size);
    }
-    if (sudo_flag_set(FL_LONG_OTP_PROMPT))
+    if (def_flag(I_LONG_OTP_PROMPT))
 	(void) sprintf(new_prompt, "%s\n%s", challenge, orig_prompt);
    else
 	(void) sprintf(new_prompt, "%.*s [ %s ]:", op_len, orig_prompt,
--- a/auth/sia.c
+++ b/auth/sia.c
@@ -80,8 +80,8 @@ sudo_collect(timeout, rendition, title, nprompts, prompts)
    switch (rendition) {
 	case SIAFORM:
 	case SIAONELINER:
-	    if (timeout <= 0 || timeout > sudo_inttable[I_PW_TIMEOUT] * 60)
+	    if (timeout <= 0 || timeout > def_ival(I_PW_TIMEOUT) * 60)
-		timeout = sudo_inttable[I_PW_TIMEOUT] * 60;
+		timeout = def_ival(I_PW_TIMEOUT) * 60;
 	    /*
 	     * Substitute custom prompt if a) the sudo prompt is not "Password:"
 	     * and b) the SIA prompt is "Password:" (so we know it is safe).
--- a/auth/sudo_auth.c
+++ b/auth/sudo_auth.c
@@ -98,7 +98,7 @@ void
 verify_user(prompt)
    char *prompt;
 {
-    short counter = sudo_inttable[I_PW_TRIES] + 1;
+    short counter = def_ival(I_PW_TRIES) + 1;
    short success = AUTH_FAILURE;
    short status;
    char *p;
@@ -155,7 +155,7 @@ verify_user(prompt)
 #ifdef AUTH_STANDALONE
 	p = prompt;
 #else
-	p = (char *) tgetpass(prompt, sudo_inttable[I_PW_TIMEOUT] * 60, 1);
+	p = (char *) tgetpass(prompt, def_ival(I_PW_TIMEOUT) * 60, 1);
 	if (!p || *p == '\0')
 	    nil_pw = 1;
 #endif /* AUTH_STANDALONE */
@@ -182,7 +182,7 @@ verify_user(prompt)
 	/* Exit loop on nil password, but give it a chance to match first. */
 	if (nil_pw) {
-	    if (counter == sudo_inttable[I_PW_TRIES])
+	    if (counter == def_ival(I_PW_TRIES))
 		exit(1);
 	    else
 		break;
@@ -212,8 +212,8 @@ cleanup:
 	    return;
 	case AUTH_FAILURE:
 	    log_error(NO_MAIL, "%d incorrect password attempt%s",
-		sudo_inttable[I_PW_TRIES] - counter,
+		def_ival(I_PW_TRIES) - counter,
-		(sudo_inttable[I_PW_TRIES] - counter == 1) ? "" : "s");
+		(def_ival(I_PW_TRIES) - counter == 1) ? "" : "s");
 	case AUTH_FATAL:
 	    exit(1);
    }
@@ -227,7 +227,7 @@ pass_warn(fp)
 #ifdef USE_INSULTS
    (void) fprintf(fp, "%s\n", INSULT);
 #else
-    (void) fprintf(fp, "%s\n", sudo_strtable[I_BADPASS_MSG]);
+    (void) fprintf(fp, "%s\n", def_str(I_BADPASS_MSG));
 #endif /* USE_INSULTS */
 }
--- a/check.c
+++ b/check.c
@@ -100,15 +100,16 @@ check_user()
 	    lecture();		/* first time through they get a lecture */
 	/* Expand any escapes in the prompt. */
-	prompt = expand_prompt(user_prompt ? user_prompt : sudo_strtable[I_PASSPROMPT], user_name, user_shost);
+	prompt = expand_prompt(user_prompt ? user_prompt : def_str(I_PASSPROMPT),
 	    user_name, user_shost);
 	verify_user(prompt);
    }
    if (status != TS_ERROR)
 	update_timestamp(timestampdir, timestampfile);
-    (void) free(timestampdir);
+    free(timestampdir);
    if (timestampfile)
-	(void) free(timestampfile);
+	free(timestampfile);
 }
 /*
@@ -119,7 +120,7 @@ static void
 lecture()
 {
-    if (sudo_flag_set(FL_LECTURE)) {
+    if (def_flag(I_LECTURE)) {
 	(void) fputs("\n\
 We trust you have received the usual lecture from the local System\n\
 Administrator. It usually boils down to these two things:\n\
@@ -226,10 +227,10 @@ user_is_exempt()
    struct group *grp;
    char **gr_mem;
-    if (!sudo_strtable[I_EXEMPT_GRP])
+    if (!def_str(I_EXEMPT_GRP))
 	return(FALSE);
-    if (!(grp = getgrnam(sudo_strtable[I_EXEMPT_GRP])))
+    if (!(grp = getgrnam(def_str(I_EXEMPT_GRP))))
 	return(FALSE);
    if (getgid() == grp->gr_gid)
@@ -251,9 +252,9 @@ build_timestamp(timestampdir, timestampfile)
    char **timestampdir;
    char **timestampfile;
 {
-    char *dirparent = sudo_strtable[I_TIMESTAMPDIR];
+    char *dirparent = def_str(I_TIMESTAMPDIR);
-    if (sudo_flag_set(FL_TTY_TICKETS)) {
+    if (def_flag(I_TTY_TICKETS)) {
 	char *p;
 	if ((p = strrchr(user_tty, '/')))
@@ -285,7 +286,7 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
 {
    struct stat sb;
    time_t now;
-    char *dirparent = sudo_strtable[I_TIMESTAMPDIR];
+    char *dirparent = def_str(I_TIMESTAMPDIR);
    int status = TS_ERROR;		/* assume the worst */
    /*
@@ -412,13 +413,13 @@ timestamp_status(timestampdir, timestampfile, user, make_dirs)
     */
    if (status == TS_OLD) {
 	now = time(NULL);
-	if (sudo_inttable[I_TS_TIMEOUT] && 
+	if (def_ival(I_TS_TIMEOUT) && 
-	    now - sb.st_mtime < 60 * sudo_inttable[I_TS_TIMEOUT]) {
+	    now - sb.st_mtime < 60 * def_ival(I_TS_TIMEOUT)) {
 	    /*
 	     * Check for bogus time on the stampfile.  The clock may
 	     * have been set back or someone could be trying to spoof us.
 	     */
-	    if (sb.st_mtime > now + 60 * sudo_inttable[I_TS_TIMEOUT] * 2) {
+	    if (sb.st_mtime > now + 60 * def_ival(I_TS_TIMEOUT) * 2) {
 		log_error(NO_EXIT,
 		    "timestamp too far in the future: %20.20s",
 		    4 + ctime(&sb.st_mtime));
@@ -468,7 +469,7 @@ remove_timestamp(remove)
 	}
    }
-    (void) free(timestampdir);
+    free(timestampdir);
    if (timestampfile)
-	(void) free(timestampfile);
+	free(timestampfile);
 }
--- a/config.h.in
+++ b/config.h.in
@@ -125,63 +125,6 @@
 /* Define if you want to use execv() instead of execvp().  */
 #undef USE_EXECV
 /* Define if you a different ticket file for each tty.  */
 #undef USE_TTY_TICKETS
 /* Define if you want to insult the user for entering an incorrect password.  */
 #undef USE_INSULTS
 /* Define if you want the insults from the "classic" version sudo.  */
 #undef CLASSIC_INSULTS
 /* Define if you want 2001-like insults.  */
 #undef HAL_INSULTS
 /* Define if you want insults from the "Goon Show" */
 #undef GOONS_INSULTS
 /* Define if you want insults culled from the twisted minds of CSOps.  */
 #undef CSOPS_INSULTS
 /* Define to override the user's path with a builtin one.  */
 #undef SECURE_PATH
 /* Define if you use S/Key.  */
 #undef HAVE_SKEY
 /* Define if you use NRL OPIE.  */
 #undef HAVE_OPIE
 /* Define if you want a two line OTP (skey/opie) prompt.  */
 #undef LONG_OTP_PROMPT
 /* Define if you use SecurID.  */
 #undef HAVE_SECURID
 /* Define if you use AIX general authentication.  */
 #undef HAVE_AUTHENTICATE
 /* Define if you use Kerberos IV or Kerberos V < 1.1.  */
 #undef HAVE_KERB4
 /* Define if you use Kerberos V version 1.1 or higher.  */
 #undef HAVE_KERB5
 /* Define if you use SIA.  */
 #undef HAVE_SIA
 /* Define if you use PAM.  */
 #undef HAVE_PAM
 /* Define if you use AFS.  */
 #undef HAVE_AFS
 /* Define if you use OSF DCE.  */
 #undef HAVE_DCE
 /* Define if you use the FWTK authsrv daemon.  */
 #undef HAVE_FWTK
 /* Define if you have POSIX signals.  */
 #undef HAVE_SIGACTION
 #ifdef HAVE_SIGACTION
@@ -378,12 +321,12 @@
 /* Define if your struct sockadr has an sa_len field.  */
 #undef HAVE_SA_LEN
 /* Define if you want visudo to honor EDITOR and VISUAL env variables.  */
 #undef ENV_EDITOR
 /* Define to avoid using the passwd/shadow file for authentication.  */
 #undef WITHOUT_PASSWD
 /* Define if you don't want sudo to prompt for a password by default.  */
 #undef NO_AUTHENTICATION
 /* Define to void if your C compiler fully groks void, else char */
 #undef VOID
@@ -394,6 +337,38 @@
 /* and syslog(3) returns non-zero to denote failure */
 #undef BROKEN_SYSLOG
 /* Define if the code in interfaces.c does not compile for you.  */
 #undef STUB_LOAD_INTERFACES
 /*
 * Defaults for options.  These may be overridden via a "Defaults" line
 * in the sudoers file.
 */
 /* Define if you a different ticket file for each tty.  */
 #undef USE_TTY_TICKETS
 /* Define if you want to insult the user for entering an incorrect password.  */
 #undef USE_INSULTS
 /* Define if you want the insults from the "classic" version sudo.  */
 #undef CLASSIC_INSULTS
 /* Define if you want 2001-like insults.  */
 #undef HAL_INSULTS
 /* Define if you want insults from the "Goon Show" */
 #undef GOONS_INSULTS
 /* Define if you want insults culled from the twisted minds of CSOps.  */
 #undef CSOPS_INSULTS
 /* Define to override the user's path with a builtin one.  */
 #undef SECURE_PATH
 /* Define if you want a two line OTP (skey/opie) prompt.  */
 #undef LONG_OTP_PROMPT
 /* The umask that the root-run prog should use */
 #undef SUDO_UMASK
@@ -425,9 +400,9 @@
 #undef NO_ROOT_SUDO
 /* Define to be the user that gets sudo mail.  */
-#undef ALERTMAIL
+#undef MAILTO
-/* Define to be the subject of the mail sent to ALERTMAIL by sudo.  */
+/* Define to be the subject of the mail sent to MAILTO by sudo.  */
 #undef MAILSUBJECT
 /* Define to be the message given for a bad password.  */
@@ -436,9 +411,6 @@
 /* Define to be the password prompt.  */
 #undef PASSPROMPT
 /* Define if you want visudo to honor EDITOR and VISUAL env variables.  */
 #undef ENV_EDITOR
 /* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH */
 #undef LOGGING
@@ -478,8 +450,47 @@
 /* Define if you want sudo to set $HOME in shell mode.  */
 #undef SHELL_SETS_HOME
-/* Define if the code in interfaces.c does not compile for you.  */
+/* Define if you don't want sudo to prompt for a password by default.  */
-#undef STUB_LOAD_INTERFACES
+#undef NO_AUTHENTICATION
 /*
 * Authentication methods.
 */
 /* Define if you use S/Key.  */
 #undef HAVE_SKEY
 /* Define if you use NRL OPIE.  */
 #undef HAVE_OPIE
 /* Define if you use SecurID.  */
 #undef HAVE_SECURID
 /* Define if you use AIX general authentication.  */
 #undef HAVE_AUTHENTICATE
 /* Define if you use Kerberos IV or Kerberos V < 1.1.  */
 #undef HAVE_KERB4
 /* Define if you use Kerberos V version 1.1 or higher.  */
 #undef HAVE_KERB5
 /* Define if you use SIA.  */
 #undef HAVE_SIA
 /* Define if you use PAM.  */
 #undef HAVE_PAM
 /* Define if you use AFS.  */
 #undef HAVE_AFS
 /* Define if you use OSF DCE.  */
 #undef HAVE_DCE
 /* Define if you use the FWTK authsrv daemon.  */
 #undef HAVE_FWTK
 /**********  You probably don't want to modify anything below here  ***********/
--- a/809
+++ b/809
--- a/configure.in
+++ b/configure.in
@@ -71,6 +71,14 @@ AC_ARG_WITH(otp-only, [  --with-otp-only         deprecated],
 		;;
 esac])
 AC_ARG_WITH(alertmail, [  --with-alertmail        deprecated],
 [case $with_alertmail in
    *)		with_mailto="$with_alertmail"
 		AC_DEFINE(WITHOUT_PASSWD)
 		AC_MSG_WARN([--with-alertmail option deprecated, treating as --mailto])
 		;;
 esac])
 dnl
 dnl Options for --with
 dnl
@@ -364,7 +372,7 @@ AC_ARG_WITH(logging, [  --with-logging          log via syslog, file, or both],
 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
 AC_MSG_CHECKING(which syslog facility sudo should log with)
-AC_ARG_WITH(logfac, [  --with-logfac           syslog facility to log with (default is LOG_LOCAL2)],
+AC_ARG_WITH(logfac, [  --with-logfac           syslog facility to log with (default is local2)],
 [case $with_logfac in  
    yes)	echo "Must give --with-logfac an argument."
 		exit 1
@@ -372,13 +380,13 @@ AC_ARG_WITH(logfac, [  --with-logfac           syslog facility to log with (defa
    no)		echo "Sorry, --without-logfac not supported."
 		exit 1
 		;;
-    *)		AC_DEFINE_UNQUOTED(LOGFAC, $with_logfac)
+    *)		AC_DEFINE_UNQUOTED(LOGFAC, "$with_logfac")
 		AC_MSG_RESULT([$with_logfac])
 		;;
-esac], [AC_DEFINE(LOGFAC, LOG_LOCAL2) AC_MSG_RESULT(LOG_LOCAL2)])
+esac], [AC_DEFINE_UNQUOTED(LOGFAC, "local2") AC_MSG_RESULT("local2")])
 AC_MSG_CHECKING(at which syslog priority to log commands)
-AC_ARG_WITH(goodpri, [  --with-goodpri          syslog priority for commands (def is LOG_NOTICE)],
+AC_ARG_WITH(goodpri, [  --with-goodpri          syslog priority for commands (def is notice)],
 [case $with_goodpri in  
    yes)	echo "Must give --with-goodpri an argument."
 		exit 1
@@ -386,10 +394,10 @@ AC_ARG_WITH(goodpri, [  --with-goodpri          syslog priority for commands (de
    no)		echo "Sorry, --without-goodpri not supported."
 		exit 1
 		;;
-    *)		AC_DEFINE_UNQUOTED(LOGFAC, $with_goodpri)
+    *)		AC_DEFINE_UNQUOTED(LOGFAC, "$with_goodpri")
 		AC_MSG_RESULT([$with_goodpri])
 		;;
-esac], [AC_DEFINE(PRI_SUCCESS, LOG_NOTICE) AC_MSG_RESULT(LOG_NOTICE)])
+esac], [AC_DEFINE_UNQUOTED(PRI_SUCCESS, "notice") AC_MSG_RESULT("notice")])
 AC_MSG_CHECKING(at which syslog priority to log failures)
 AC_ARG_WITH(badpri, [  --with-badpri           syslog priority for failures (def is LOG_ALERT)],
@@ -400,10 +408,10 @@ AC_ARG_WITH(badpri, [  --with-badpri           syslog priority for failures (def
    no)		echo "Sorry, --without-badpri not supported."
 		exit 1
 		;;
-    *)		AC_DEFINE_UNQUOTED(LOGFAC, $with_badpri)
+    *)		AC_DEFINE_UNQUOTED(LOGFAC, "$with_badpri")
 		AC_MSG_RESULT([$with_badpri])
 		;;
-esac], [AC_DEFINE(PRI_FAILURE, LOG_ALERT) AC_MSG_RESULT(LOG_ALERT)])
+esac], [AC_DEFINE_UNQUOTED(PRI_FAILURE, "alert") AC_MSG_RESULT("alert")])
 AC_ARG_WITH(logpath, [  --with-logpath          path to the sudo log file],
 [case $with_logpath in  
@@ -446,17 +454,17 @@ AC_ARG_WITH(ignore-dot, [  --with-ignore-dot       ignore '.' in the PATH],
 esac], AC_MSG_RESULT(no))
 AC_MSG_CHECKING(who should get the mail that sudo sends)
-AC_ARG_WITH(alertmail, [  --with-alertmail        who should get sudo mail (default is "root")],
+AC_ARG_WITH(mailto, [  --with-mailto           who should get sudo mail (default is "root")],
-[case $with_alertmail in  
+[case $with_mailto in  
-    yes)	echo "Must give --with-alertmail an argument."
+    yes)	echo "Must give --with-mailto an argument."
 		exit 1
 		;;
-    no)		echo "Sorry, --without-alertmail not supported."
+    no)		echo "Sorry, --without-mailto not supported."
 		;;
-    *)		AC_DEFINE_UNQUOTED(ALERTMAIL, "$with_alertmail")
+    *)		AC_DEFINE_UNQUOTED(MAILTO, "$with_mailto")
-		AC_MSG_RESULT([$with_alertmail])
+		AC_MSG_RESULT([$with_mailto])
 		;;
-esac], [AC_DEFINE(ALERTMAIL, "root") AC_MSG_RESULT(root)])
+esac], [AC_DEFINE(MAILTO, "root") AC_MSG_RESULT(root)])
 AC_ARG_WITH(mailsubject, [  --with-mailsubject      subject of sudo mail],
 [case $with_mailsubject in  
--- a/defaults.c
+++ b/defaults.c
@@ -97,139 +97,138 @@ static struct strmap priorities[] = {
 /*
 * Local prototypes.
 */
-static int store_int __P((char *, int, int));
+static int store_int __P((char *, struct sudo_defs_types *, int));
-static int store_str __P((char *, int, int));
+static int store_str __P((char *, struct sudo_defs_types *, int));
-static int store_syslogfac __P((char *, int, int));
+static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
-static int store_syslogpri __P((char *, int, int));
+static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
-static int store_umask __P((char *, int, int));
+static int store_mode __P((char *, struct sudo_defs_types *, int));
 static char *num_to_name __P((int, struct strmap *));
 /*
- * Structure describing compile-time and run-time options.
+ * Table describing compile-time and run-time options.
 * Index for T_INT starts at one since index 0 is for flags.
 * XXX - syslog things should be strings (and !facility should turn off)
 * XXX - some of these names are pretty lame.
 */
-struct sudo_defs_types {
+struct sudo_defs_types sudo_defs_table[] = {
    char *name;
    unsigned int type;
    unsigned int index;
    int (*store) __P((char *, int, int));
    char *desc;
 } sudo_defs_table[] = {
    {
-	"long_otp_prompt", T_FLAG, FL_LONG_OTP_PROMPT, NULL,
+	"syslog_ifac", T_INT, { 0 },
 	NULL
    }, {
 	"syslog_igoodpri", T_INT, { 0 },
 	NULL
    }, {
 	"syslog_ibadpri", T_INT, { 0 },
 	NULL
    }, {
 	"syslog", T_LOGFAC|T_BOOL, { 0 },
 	"Syslog facility if syslog is being used for logging: %s"
    }, {
 	"syslog_goodpri", T_LOGPRI, { 0 },
 	"Syslog priority to use when user authenticates successfully: %s"
    }, {
 	"syslog_badpri", T_LOGPRI, { 0 },
 	"Syslog priority to use when user authenticates unsuccessfully: %s"
    }, {
 	"long_otp_prompt", T_FLAG, { 0 },
 	"Put OTP prompt on its own line"
    }, {
-	"ignore_dot", T_FLAG, FL_IGNORE_DOT, NULL,
+	"ignore_dot", T_FLAG, { 0 },
 	"Ignore '.' in $PATH"
    }, {
-	"mail_if_no_user", T_FLAG, FL_MAIL_IF_NOUSER, NULL,
+	"mail_always", T_FLAG, { 0 },
 	"Always send mail when sudo is run"
    }, {
 	"mail_if_no_user", T_FLAG, { 0 },
 	"Send mail if the user is not in sudoers"
    }, {
-	"mail_if_no_host", T_FLAG, FL_MAIL_IF_NOHOST, NULL,
+	"mail_if_no_host", T_FLAG, { 0 },
 	"Send mail if the user is not in sudoers for this host"
    }, {
-	"mail_if_no_perms", T_FLAG, FL_MAIL_IF_NOPERMS, NULL,
+	"mail_if_no_perms", T_FLAG, { 0 },
 	"Send mail if the user is not allowed to run a command"
    }, { 
 	"tty_tickets", T_FLAG, FL_TTY_TICKETS, NULL,
 	"Use a separate timestamp for each user/tty combo"
    }, { 
 	"lecture", T_FLAG, FL_LECTURE, NULL,
 	"Lecture user the first time they run sudo"
    }, { 
 	"authenticate", T_FLAG, FL_AUTHENTICATE, NULL,
 	"Require users to authenticate by default"
    }, { 
 	"root_sudo", T_FLAG, FL_ROOT_SUDO, NULL,
 	"Root may run sudo"
    }, { 
 	"log_host", T_FLAG, FL_LOG_HOST, NULL,
 	"Log the hostname in the (non-syslog) log file"
    }, { 
 	"log_year", T_FLAG, FL_LOG_YEAR, NULL,
 	"Log the year in the (non-syslog) log file"
    }, { 
 	"shell_noargs", T_FLAG, FL_SHELL_NOARGS, NULL,
 	"If sudo is invoked with no arguments, start a shell"
    }, { 
 	"set_home", T_FLAG, FL_SET_HOME, NULL,
 	"Set $HOME to the target user when starting a shell with -s"
    }, { 
 	"path_info", T_FLAG, FL_PATH_INFO, NULL,
 	"Allow some information gathering to give useful error messages"
    }, { 
 	"fqdn", T_FLAG, FL_FQDN, NULL,
 	"Require fully-qualified hsotnames in the sudoers file"
    }, { 
 	"insults", T_FLAG, FL_INSULTS, NULL,
 	"Insult the user when they enter an incorrect password"
    }, { 
 	"syslog", T_INT|T_BOOL, I_LOGFAC, store_syslogfac,
 	"Syslog facility: %s"
    }, { 
 	"syslog_goodpri", T_INT, I_GOODPRI, store_syslogpri,
 	"Syslog priority to use when user authenticates successfully: %s"
    }, { 
 	"syslog_badpri", T_INT, I_BADPRI, store_syslogpri,
 	"Syslog priority to use when user authenticates unsuccessfully: %s"
    }, { 
 	"loglinelen", T_INT, I_LOGLEN, store_int,
 	"Number of length at which to wrap log file lines (0 for no wrap): %d"
    }, { 
 	"timestamp_timeout", T_INT, I_TS_TIMEOUT, store_int,
 	"Authentication timestamp timeout: %d minutes"
    }, { 
 	"passwd_timeout", T_INT, I_PW_TIMEOUT, store_int,
 	"Password prompt timeout: %d minutes"
    }, { 
 	"passwd_tries", T_INT, I_PW_TRIES, store_int,
 	"Number of tries to enter a password: %d"
    }, { 
 	"umask", T_INT|T_BOOL, I_UMASK, store_umask,
 	"Umask to use or 0777 to use user's: 0%o"
    }, { 
 	"logfile", T_STR, I_LOGFILE, store_str,
 	"Path to log file: %s"
    }, { 
 	"mailerpath", T_STR, I_MAILERPATH, store_str,
 	"Path to mail program: %s"
    }, { 
 	"mailerflags", T_STR, I_MAILERARGS, store_str,
 	"Flags for mail program: %s"
    }, { 
 	"alertmail", T_STR, I_ALERTMAIL, store_str,
 	"Address to send mail to: %s"
    }, { 
 	"mailsub", T_STR, I_MAILSUB, store_str,
 	"Subject line for mail messages: %s"
    }, { 
 	"badpass_message", T_STR, I_BADPASS_MSG, store_str,
 	"Incorrect password message: %s"
    }, { 
 	"timestampdir", T_STR, I_TIMESTAMPDIR, store_str,
 	"Path to authentication timestamp dir: %s"
    }, { 
 	"exempt_group", T_STR, I_EXEMPT_GRP, store_str,
 	"Users in this group are exempt from password and PATH requirements: %s"
    }, { 
 	"passprompt", T_STR, I_PASSPROMPT, store_str,
 	"Default password prompt: %s"
    }, { 
 	"runas_default", T_STR, I_RUNAS_DEF, store_str,
 	"Default user to run commands as: %s"
    }, { 
 	"secure_path", T_STR, I_SECURE_PATH, store_str,
 	"Override user's $PATH with: %s"
    }, {
-	NULL, 0, 0, NULL, NULL
+	"tty_tickets", T_FLAG, { 0 },
 	"Use a separate timestamp for each user/tty combo"
    }, {
 	"lecture", T_FLAG, { 0 },
 	"Lecture user the first time they run sudo"
    }, {
 	"authenticate", T_FLAG, { 0 },
 	"Require users to authenticate by default"
    }, {
 	"root_sudo", T_FLAG, { 0 },
 	"Root may run sudo"
    }, {
 	"log_host", T_FLAG, { 0 },
 	"Log the hostname in the (non-syslog) log file"
    }, {
 	"log_year", T_FLAG, { 0 },
 	"Log the year in the (non-syslog) log file"
    }, {
 	"shell_noargs", T_FLAG, { 0 },
 	"If sudo is invoked with no arguments, start a shell"
    }, {
 	"set_home", T_FLAG, { 0 },
 	"Set $HOME to the target user when starting a shell with -s"
    }, {
 	"path_info", T_FLAG, { 0 },
 	"Allow some information gathering to give useful error messages"
    }, {
 	"fqdn", T_FLAG, { 0 },
 	"Require fully-qualified hsotnames in the sudoers file"
    }, {
 	"insults", T_FLAG, { 0 },
 	"Insult the user when they enter an incorrect password"
    }, {
 	"loglinelen", T_INT, { 0 },
 	"Length at which to wrap log file lines (0 for no wrap): %d"
    }, {
 	"timestamp_timeout", T_INT|T_BOOL, { 0 },
 	"Authentication timestamp timeout: %d minutes"
    }, {
 	"passwd_timeout", T_INT|T_BOOL, { 0 },
 	"Password prompt timeout: %d minutes"
    }, {
 	"passwd_tries", T_INT, { 0 },
 	"Number of tries to enter a password: %d"
    }, {
 	"umask", T_MODE|T_BOOL, { 0 },
 	"Umask to use or 0777 to use user's: 0%o"
    }, {
 	"logfile", T_STR|T_BOOL, { 0 },
 	"Path to log file: %s"
    }, {
 	"mailerpath", T_STR|T_BOOL, { 0 },
 	"Path to mail program: %s"
    }, {
 	"mailerflags", T_STR|T_BOOL, { 0 },
 	"Flags for mail program: %s"
    }, {
 	"mailto", T_STR|T_BOOL, { 0 },
 	"Address to send mail to: %s"
    }, {
 	"mailsub", T_STR, { 0 },
 	"Subject line for mail messages: %s"
    }, {
 	"badpass_message", T_STR, { 0 },
 	"Incorrect password message: %s"
    }, {
 	"timestampdir", T_STR, { 0 },
 	"Path to authentication timestamp dir: %s"
    }, {
 	"exempt_group", T_STR|T_BOOL, { 0 },
 	"Users in this group are exempt from password and PATH requirements: %s"
    }, {
 	"passprompt", T_STR, { 0 },
 	"Default password prompt: %s"
    }, {
 	"runas_default", T_STR, { 0 },
 	"Default user to run commands as: %s"
    }, {
 	"secure_path", T_STR|T_BOOL, { 0 },
 	"Value to override user's $PATH with: %s"
    }, {
 	NULL, 0, { 0 }, NULL
    }
 };
 unsigned int sudo_inttable[SUDO_INTTABLE_LAST];
 char *sudo_strtable[SUDO_STRTABLE_LAST];
 /*
 * Print version and configure info.
 */
@@ -239,28 +238,26 @@ dump_defaults()
    struct sudo_defs_types *cur;
    for (cur = sudo_defs_table; cur->name; cur++) {
-	switch (cur->type & T_MASK) {
+	if (cur->desc) {
-	    case T_FLAG:
+	    switch (cur->type & T_MASK) {
-		if ((sudo_inttable[I_FLAGS]) & (cur->index))
+		case T_FLAG:
-		    puts(cur->desc);
+		    if (cur->sd_un.flag)
-		break;
+			puts(cur->desc);
-	    case T_STR:
+		    break;
-		if (sudo_strtable[cur->index]) {
+		case T_STR:
-		    (void) printf(cur->desc, sudo_strtable[cur->index]);
+		case T_LOGFAC:
 		case T_LOGPRI:
 		    if (cur->sd_un.str) {
 			(void) printf(cur->desc, cur->sd_un.str);
 			putchar('\n');
 		    }
 		    break;
 		case T_INT:
 		case T_MODE:
 		    (void) printf(cur->desc, cur->sd_un.ival);
 		    putchar('\n');
-		}
+		    break;
-		break;
+	    }
 	    case T_INT:
 		if (cur->index == I_LOGFAC)
 		    (void) printf(cur->desc,
 			num_to_name(sudo_inttable[cur->index], facilities));
 		else if (cur->index == I_GOODPRI || cur->index == I_BADPRI)
 		    (void) printf(cur->desc,
 			num_to_name(sudo_inttable[cur->index], priorities));
 		else
 		    (void) printf(cur->desc, sudo_inttable[cur->index]);
 		putchar('\n');
 		break;
 	}
    }
@@ -282,40 +279,24 @@ list_options()
    (void) puts("Available options in a sudoers ``Defaults'' line:\n");
    for (cur = sudo_defs_table; cur->name; cur++) {
-	switch (cur->type & T_MASK) {
+	if (cur->name && cur->desc) {
-	    case T_FLAG:
+	    switch (cur->type & T_MASK) {
-		(void) printf("%s: %s\n", cur->name, cur->desc);
+		case T_FLAG:
 		break;
 	    case T_STR:
 	    case T_INT:
 		p = strrchr(cur->desc, ':');
 		if (p)
 		    (void) printf("%s: %.*s\n", cur->name, p - cur->desc,
 			cur->desc);
 		else
 		    (void) printf("%s: %s\n", cur->name, cur->desc);
-		break;
+		    break;
 		default:
 		    p = strrchr(cur->desc, ':');
 		    if (p)
 			(void) printf("%s: %.*s\n", cur->name, p - cur->desc,
 			    cur->desc);
 		    else
 			(void) printf("%s: %s\n", cur->name, cur->desc);
 		    break;
 	    }
 	}
    }
 }
 /*
 * Convert a syslog number to a name.
 */
 static char *
 num_to_name(num, table)
    int num;
    struct strmap *table;
 {
    struct strmap *t;
    for (t = table; t->name; t++)
 	if (t->num == num)
 	    return(t->name);
    return("disabled");
 }
 /*
 * Sets/clears an entry in the defaults structure
 * If a variable that takes a value is used in a boolean
@@ -344,6 +325,22 @@ set_default(var, val, op)
    }
    switch (cur->type & T_MASK) {
 	case T_LOGFAC:
 	    if (!store_syslogfac(val, cur, op)) {
 		(void) fprintf(stderr,
 		    "%s: value '%s' is invalid for option '%s'\n", Argv[0],
 		    val, var);
 		return(FALSE);
 	    }
 	    break;
 	case T_LOGPRI:
 	    if (!store_syslogpri(val, cur, op)) {
 		(void) fprintf(stderr,
 		    "%s: value '%s' is invalid for option '%s'\n", Argv[0],
 		    val, var);
 		return(FALSE);
 	    }
 	    break;
 	case T_STR:
 	    if (!val) {
 		/* Check for bogus boolean usage or lack of a value. */
@@ -354,7 +351,7 @@ set_default(var, val, op)
 		    return(FALSE);
 		}
 	    }
-	    if (!cur->store(val, cur->index, op)) {
+	    if (!store_str(val, cur, op)) {
 		(void) fprintf(stderr,
 		    "%s: value '%s' is invalid for option '%s'\n", Argv[0],
 		    val, var);
@@ -371,7 +368,24 @@ set_default(var, val, op)
 		    return(FALSE);
 		}
 	    }
-	    if (!cur->store(val, cur->index, op)) {
+	    if (!store_int(val, cur, op)) {
 		(void) fprintf(stderr,
 		    "%s: value '%s' is invalid for option '%s'\n", Argv[0],
 		    val, var);
 		return(FALSE);
 	    }
 	    break;
 	case T_MODE:
 	    if (!val) {
 		/* Check for bogus boolean usage or lack of a value. */
 		if (!(cur->type & T_BOOL) || op != FALSE) {
 		    (void) fprintf(stderr,
 			"%s: no value specified for `%s' on line %d\n", Argv[0],
 			var, sudolineno);
 		    return(FALSE);
 		}
 	    }
 	    if (!store_mode(val, cur, op)) {
 		(void) fprintf(stderr,
 		    "%s: value '%s' is invalid for option '%s'\n", Argv[0],
 		    val, var);
@@ -385,10 +399,7 @@ set_default(var, val, op)
 		    Argv[0], var, sudolineno);
 		return(FALSE);
 	    }
-	    if (op == TRUE)
+	    cur->sd_un.flag = op;
 		sudo_inttable[0] |= cur->index;
 	    else
 		sudo_inttable[0] &= ~(cur->index);
 	    break;
    }
@@ -403,108 +414,108 @@ void
 init_defaults()
 {
    static int firsttime = 1;
-    int i;
+    struct sudo_defs_types *def;
    /* Free any strings that were set. */
    if (!firsttime) {
-	for (i = 0; i < SUDO_STRTABLE_LAST; i++)
+	for (def = sudo_defs_table; def->name; def++)
-	    if (sudo_strtable[i])
+	    switch (def->type & T_MASK) {
-		free(sudo_strtable[i]);
+		case T_STR:
 		case T_LOGFAC:
 		case T_LOGPRI:
 		    if (def->sd_un.str)
 			free(def->sd_un.str);
 		    break;
 	    }
    }
    memset(sudo_strtable, 0, sizeof(sudo_strtable));
    memset(sudo_inttable, 0, sizeof(sudo_inttable));
    /* First initialize the flags. */
 #ifdef LONG_OTP_PROMPT
-    sudo_inttable[I_FLAGS] |= FL_LONG_OTP_PROMPT;
+    def_flag(I_LONG_OTP_PROMPT) = TRUE;
 #endif
 #ifdef IGNORE_DOT_PATH
-    sudo_inttable[I_FLAGS] |= FL_IGNORE_DOT;
+    def_flag(I_IGNORE_DOT) = TRUE;
 #endif
 #ifdef ALWAYS_SEND_MAIL
-    sudo_inttable[I_FLAGS] |= FL_MAIL_ALWAYS;
+    def_flag(I_MAIL_ALWAYS) = TRUE;
 #endif
 #ifdef SEND_MAIL_WHEN_NO_USER
-    sudo_inttable[I_FLAGS] |= FL_MAIL_IF_NOUSER;
+    def_flag(I_MAIL_IF_NOUSER) = TRUE;
 #endif
 #ifdef SEND_MAIL_WHEN_NO_HOST
-    sudo_inttable[I_FLAGS] |= FL_MAIL_IF_NOHOST;
+    def_flag(I_MAIL_IF_NOHOST) = TRUE;
 #endif
 #ifdef SEND_MAIL_WHEN_NOT_OK
-    sudo_inttable[I_FLAGS] |= FL_MAIL_IF_NOPERMS;
+    def_flag(I_MAIL_IF_NOPERMS) = TRUE;
 #endif
 #ifdef USE_TTY_TICKETS
-    sudo_inttable[I_FLAGS] |= FL_TTY_TICKETS;
+    def_flag(I_TTY_TICKETS) = TRUE;
 #endif
 #ifndef NO_LECTURE
-    sudo_inttable[I_FLAGS] |= FL_LECTURE;
+    def_flag(I_LECTURE) = TRUE;
 #endif
 #ifndef NO_AUTHENTICATION
-    sudo_inttable[I_FLAGS] |= FL_AUTHENTICATE;
+    def_flag(I_AUTHENTICATE) = TRUE;
 #endif
 #ifndef NO_ROOT_SUDO
-    sudo_inttable[I_FLAGS] |= FL_ROOT_SUDO;
+    def_flag(I_ROOT_SUDO) = TRUE;
 #endif
 #ifdef HOST_IN_LOG
-    sudo_inttable[I_FLAGS] |= FL_LOG_HOST;
+    def_flag(I_LOG_HOST) = TRUE;
 #endif
 #ifdef SHELL_IF_NO_ARGS
-    sudo_inttable[I_FLAGS] |= FL_SHELL_NOARGS;
+    def_flag(I_SHELL_NOARGS) = TRUE;
 #endif
 #ifdef SHELL_SETS_HOME
-    sudo_inttable[I_FLAGS] |= FL_SET_HOME;
+    def_flag(I_SET_HOME) = TRUE;
 #endif
 #ifndef DONT_LEAK_PATH_INFO
-    sudo_inttable[I_FLAGS] |= FL_PATH_INFO;
+    def_flag(I_PATH_INFO) = TRUE;
 #endif
 #ifdef FQDN
-    sudo_inttable[I_FLAGS] |= FL_FQDN;
+    def_flag(I_FQDN) = TRUE;
 #endif
 #ifdef USE_INSULTS
-    sudo_inttable[I_FLAGS] |= FL_INSULTS;
+    def_flag(I_INSULTS) = TRUE;
 #endif
-    /* Then initialize the ints. */
+    /* Syslog options need special care since they both strings and ints */
 #if (LOGGING & SLOG_SYSLOG)
-    sudo_inttable[I_LOGFAC] = LOGFAC;
+    (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_LOGFACSTR], TRUE);
-    sudo_inttable[I_GOODPRI] = PRI_SUCCESS;
+    (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_GOODPRISTR], TRUE);
-    sudo_inttable[I_BADPRI] = PRI_FAILURE;
+    (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_BADPRISTR], TRUE);
 #else
    sudo_inttable[I_LOGFAC] = (unsigned int)-1;
 #endif
    /* Then initialize the int-like things. */
 #ifdef SUDO_UMASK
-    sudo_inttable[I_UMASK] = SUDO_UMASK;
+    def_mode(I_UMASK) = SUDO_UMASK;
 #else
-    sudo_inttable[I_UMASK] = 0777;
+    def_mode(I_UMASK) = 0777;
 #endif
-    sudo_inttable[I_LOGLEN] = MAXLOGFILELEN;
+    def_ival(I_LOGLEN) = MAXLOGFILELEN;
-    sudo_inttable[I_TS_TIMEOUT] = TIMEOUT;
+    def_ival(I_TS_TIMEOUT) = TIMEOUT;
-    sudo_inttable[I_PW_TIMEOUT] = PASSWORD_TIMEOUT;
+    def_ival(I_PW_TIMEOUT) = PASSWORD_TIMEOUT;
-    sudo_inttable[I_PW_TRIES] = TRIES_FOR_PASSWORD;
+    def_ival(I_PW_TRIES) = TRIES_FOR_PASSWORD;
    /* Finally do the strings */
-    sudo_strtable[I_ALERTMAIL] = estrdup(ALERTMAIL);
+    def_str(I_MAILTO) = estrdup(MAILTO);
-    sudo_strtable[I_MAILSUB] = estrdup(MAILSUBJECT);
+    def_str(I_MAILSUB) = estrdup(MAILSUBJECT);
-    sudo_strtable[I_BADPASS_MSG] = estrdup(INCORRECT_PASSWORD);
+    def_str(I_BADPASS_MSG) = estrdup(INCORRECT_PASSWORD);
-    sudo_strtable[I_TIMESTAMPDIR] = estrdup(_PATH_SUDO_TIMEDIR);
+    def_str(I_TIMESTAMPDIR) = estrdup(_PATH_SUDO_TIMEDIR);
-    sudo_strtable[I_PASSPROMPT] = estrdup(PASSPROMPT);
+    def_str(I_PASSPROMPT) = estrdup(PASSPROMPT);
-    sudo_strtable[I_RUNAS_DEF] = estrdup(RUNAS_DEFAULT);
+    def_str(I_RUNAS_DEF) = estrdup(RUNAS_DEFAULT);
 #ifdef _PATH_SENDMAIL
-    sudo_strtable[I_MAILERPATH] = estrdup(_PATH_SENDMAIL);
+    def_str(I_MAILERPATH) = estrdup(_PATH_SENDMAIL);
    def_str(I_MAILERFLAGS) = estrdup("-t");
 #endif
 #if (LOGGING & SLOG_FILE)
-    sudo_strtable[I_LOGFILE] = estrdup(_PATH_SUDO_LOGFILE);
+    def_str(I_LOGFILE) = estrdup(_PATH_SUDO_LOGFILE);
 #endif
 #ifdef EXEMPTGROUP
-    sudo_strtable[I_EXEMPT_GRP] = estrdup(EXEMPTGROUP);
+    def_str(I_EXEMPT_GRP) = estrdup(EXEMPTGROUP);
 #endif
 #ifdef SECURE_PATH
-    sudo_strtable[I_SECURE_PATH] = estrdup(SECURE_PATH);
+    def_str(I_SECURE_PATH) = estrdup(SECURE_PATH);
 #endif
 #if 0
    /* XXX - implement */
    sudo_strtable[I_MAILERARGS] = estrdup(XXX);
 #endif
    /*
@@ -513,104 +524,122 @@ init_defaults()
     * value changes we get the change.
     */
    if (user_runas == NULL)
-	user_runas = &sudo_strtable[I_RUNAS_DEF];
+	user_runas = &def_str(I_RUNAS_DEF);
    firsttime = 0;
 }
 static int
-store_int(val, index, op)
+store_int(val, def, op)
    char *val;
-    int index;
+    struct sudo_defs_types *def;
    int op;
 {
    char *endp;
    unsigned long ul;
    if (op == FALSE) {
-	sudo_inttable[index] = 0;
+	def->sd_un.ival = 0;
    } else {
 	ul = strtoul(val, &endp, 10);
 	if (*endp != '\0')
 	    return(FALSE);
 	/* XXX - should check against UINT_MAX */
-	sudo_inttable[index] = (unsigned int)ul;
+	def->sd_un.ival = (unsigned int)ul;
    }
    return(TRUE);
 }
 static int
-store_str(val, index, op)
+store_str(val, def, op)
    char *val;
-    int index;
+    struct sudo_defs_types *def;
    int op;
 {
-    if (sudo_strtable[index])
+    if (def->sd_un.str)
-	free(sudo_strtable[index]);
+	free(def->sd_un.str);
    if (op == FALSE)
-	sudo_strtable[index] = NULL;
+	def->sd_un.str = NULL;
    else
-	sudo_strtable[index] = estrdup(val);
+	def->sd_un.str = estrdup(val);
    return(TRUE);
 }
 static int
-store_syslogfac(val, index, op)
+store_syslogfac(val, def, op)
    char *val;
-    int index;
+    struct sudo_defs_types *def;
    int op;
 {
    struct strmap *fac;
    if (op == FALSE) {
-	sudo_inttable[index] = (unsigned int)-1;
+	free(def->sd_un.str);
 	def->sd_un.str = NULL;
 	return(TRUE);
    }
    for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
 	;
    if (fac->name == NULL)
-	return(FALSE);
+	return(FALSE);				/* not found */
-    sudo_inttable[index] = fac->num;
+
    /* Store both name and number. */
    if (def->sd_un.str)
 	free(def->sd_un.str);
    def->sd_un.str = estrdup(fac->name);
    sudo_defs_table[I_LOGFAC].sd_un.ival = fac->num;
    return(TRUE);
 }
 static int
-store_syslogpri(val, index, op)
+store_syslogpri(val, def, op)
    char *val;
-    int index;
+    struct sudo_defs_types *def;
    int op;
 {
    struct strmap *pri;
    struct sudo_defs_types *idef;
    if (op == FALSE)
 	return(FALSE);
    if (def == &sudo_defs_table[I_GOODPRISTR])
 	idef = &sudo_defs_table[I_GOODPRI];
    else if (def == &sudo_defs_table[I_BADPRISTR])
 	idef = &sudo_defs_table[I_BADPRI];
    else
 	return(FALSE);
    for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
 	;
    if (pri->name == NULL)
-	return(FALSE);
+	return(FALSE);				/* not found */
-    sudo_inttable[index] = pri->num;
+
    /* Store both name and number. */
    if (def->sd_un.str)
 	free(def->sd_un.str);
    def->sd_un.str = estrdup(pri->name);
    idef->sd_un.ival = pri->num;
    return(TRUE);
 }
 static int
-store_umask(val, index, op)
+store_mode(val, def, op)
    char *val;
-    int index;
+    struct sudo_defs_types *def;
    int op;
 {
    char *endp;
    unsigned long ul;
    if (op == FALSE) {
-	sudo_inttable[index] = 0777;
+	def->sd_un.mode = 0777;
    } else {
 	ul = strtoul(val, &endp, 8);
 	if (*endp != '\0' || ul >= 0777)
 	    return(FALSE);
-	sudo_inttable[index] = (mode_t)ul;
+	def->sd_un.mode = (mode_t)ul;
    }
    return(TRUE);
 }
--- a/defaults.h
+++ b/defaults.h
@@ -38,74 +38,94 @@
 #define _SUDO_DEFAULTS_H
 /*
- * Four types of defaults: strings, integers, booleans, and flags.
+ * Structure describing compile-time and run-time options.
- * Note that flags have their value in the index field.
+ */
 struct sudo_defs_types {
    char *name;
    int type;
    union {
 	int flag;
 	char *str;
 	unsigned int ival;
 	mode_t mode;
    } sd_un;
    char *desc;
 };
 /*
 * Four types of defaults: strings, integers, and flags.
 * Also, T_INT or T_STR may be ANDed with T_BOOL to indicate that
- * a value is not required.
+ * a value is not required.  Flags are boolean by nature...
 */
-#define T_INT	0x01
+#define T_INT		0x001
-#define T_STR	0x02
+#define T_STR		0x002
-#define T_FLAG	0x08
+#define T_FLAG		0x003
-#define T_MASK	0x0F
+#define T_MODE		0x004
-#define T_BOOL	0x10
+#define T_LOGFAC	0x005
 #define T_LOGPRI	0x006
 #define T_MASK		0x0FF
 #define T_BOOL		0x100
 /*
- * Flag values
+ * Indexes into sudo_defs_table
 */
-#define FL_LONG_OTP_PROMPT	0x00001
+
-#define FL_IGNORE_DOT		0x00002
+/* Integer versions of syslog options.  */
-#define FL_MAIL_ALWAYS		0x00004
+#define	I_LOGFAC	0	/* syslog facility */
-#define FL_MAIL_IF_NOUSER	0x00008
+#define	I_GOODPRI	1	/* syslog priority for successful auth */
-#define FL_MAIL_IF_NOHOST	0x00010
+#define	I_BADPRI	2	/* syslog priority for unsuccessful auth */
-#define FL_MAIL_IF_NOPERMS	0x00020
+
-#define FL_TTY_TICKETS		0x00040
+/* String versions of syslog options.  */
-#define FL_LECTURE		0x00080
+#define	I_LOGFACSTR	3	/* syslog facility */
-#define FL_AUTHENTICATE		0x00100
+#define	I_GOODPRISTR	4	/* syslog priority for successful auth */
-#define FL_ROOT_SUDO		0x00200
+#define	I_BADPRISTR	5	/* syslog priority for unsuccessful auth */
-#define FL_LOG_HOST		0x00400
+
-#define FL_SHELL_NOARGS		0x00800
+/* Booleans */
-#define FL_SET_HOME		0x01000
+#define I_LONG_OTP_PROMPT	6
-#define FL_PATH_INFO		0x02000
+#define I_IGNORE_DOT		7
-#define FL_FQDN			0x04000
+#define I_MAIL_ALWAYS		8
-#define FL_INSULTS		0x08000
+#define I_MAIL_IF_NOUSER	9
-#define FL_LOG_YEAR		0x10000
+#define I_MAIL_IF_NOHOST	10
-#define FL_MAX			0xFFFFF
+#define I_MAIL_IF_NOPERMS	11
 #define I_TTY_TICKETS		12
 #define I_LECTURE		13
 #define I_AUTHENTICATE		14
 #define I_ROOT_SUDO		15
 #define I_LOG_HOST		16
 #define I_LOG_YEAR		17
 #define I_SHELL_NOARGS		18
 #define I_SET_HOME		19
 #define I_PATH_INFO		20
 #define I_FQDN			21
 #define I_INSULTS		22
 /* Integer values */
 #define	I_LOGLEN	23	/* wrap log file line after N chars */
 #define	I_TS_TIMEOUT	24	/* timestamp stale after N minutes */
 #define	I_PW_TIMEOUT	25	/* exit if pass not entered in N minutes */
 #define	I_PW_TRIES	26	/* exit after N bad password tries */
 #define	I_UMASK		27	/* umask to use or 0777 to use user's */
 /* Strings */
 #define	I_LOGFILE	28	/* path to logfile (or NULL for none) */
 #define	I_MAILERPATH	29	/* path to sendmail or other mailer */
 #define	I_MAILERFLAGS	30	/* flags to pass to the mailer */
 #define	I_MAILTO	31	/* who to send bitch mail to */
 #define	I_MAILSUB	32	/* subject line of mail msg */
 #define	I_BADPASS_MSG	33	/* what to say when passwd is wrong */
 #define	I_TIMESTAMPDIR	34	/* path to timestamp dir */
 #define	I_EXEMPT_GRP	35	/* no password or PATH override for these */
 #define	I_PASSPROMPT	36	/* password prompt */
 #define	I_RUNAS_DEF	37	/* default user to run commands as */
 #define	I_SECURE_PATH	38	/* set $PATH to this if not NULL */
 /*
- * Indexes into sudo_inttable
+ * Macros for accessing sudo_defs_table.
 */
-#define	I_FLAGS		0	/* various flags, as listed above */
+#define def_flag(_i)	(sudo_defs_table[(_i)].sd_un.flag)
-#define	I_LOGFAC	1	/* syslog facility */
+#define def_ival(_i)	(sudo_defs_table[(_i)].sd_un.ival)
-#define	I_GOODPRI	2	/* syslog priority for successful auth */
+#define def_str(_i)	(sudo_defs_table[(_i)].sd_un.str)
-#define	I_BADPRI	3	/* syslog priority for unsuccessful auth */
+#define def_mode(_i)	(sudo_defs_table[(_i)].sd_un.mode)
 #define	I_LOGLEN	4	/* wrap log file line after N chars */
 #define	I_TS_TIMEOUT	5	/* timestamp stale after N minutes */
 #define	I_PW_TIMEOUT	6	/* exit if pass not entered in N minutes */
 #define	I_PW_TRIES	7	/* exit after N bad password tries */
 #define	I_UMASK		8	/* umask to use or 0777 to use user's */
 /*
 * Indexes into sudo_strtable
 */
 #define	I_LOGFILE	0	/* path to logfile (or NULL for none) */
 #define	I_MAILERPATH	1	/* path to sendmail or other mailer */
 #define	I_MAILERARGS	2	/* flags to pass to the mailer */
 #define	I_ALERTMAIL	3	/* who to send bitch mail to */
 #define	I_MAILSUB	4	/* subject line of mail msg */
 #define	I_BADPASS_MSG	5	/* what to say when passwd is wrong */
 #define	I_TIMESTAMPDIR	6	/* path to timestamp dir */
 #define	I_EXEMPT_GRP	7	/* no password or PATH override for these */
 #define	I_PASSPROMPT	8	/* password prompt */
 #define	I_RUNAS_DEF	9	/* default user to run commands as */
 #define	I_SECURE_PATH	10	/* set $PATH to this if not NULL */
 #define SUDO_INTTABLE_LAST	9
 #define SUDO_STRTABLE_LAST	11
 #define sudo_flag_set(_f)	(sudo_inttable[I_FLAGS] & (_f))
 extern unsigned int sudo_inttable[SUDO_INTTABLE_LAST];
 extern char *sudo_strtable[SUDO_STRTABLE_LAST];
 /*
 * Prototypes
@@ -115,4 +135,6 @@ int set_default		__P((char *, char *, int));
 void init_defaults	__P((void));
 void list_options	__P((void));
 extern struct sudo_defs_types sudo_defs_table[];
 #endif /* _SUDO_DEFAULTS_H */
--- a/find_path.c
+++ b/find_path.c
@@ -72,7 +72,7 @@ static const char rcsid[] = "$Sudo$";
 * stores it in a statically allocated array, filling in a pointer
 * to the array.  Returns FOUND if the command was found, NOT_FOUND
 * if it was not found, or NOT_FOUND_DOT if it would have been found
- * but it is in '.' and FL_IGNORE_DOT is set.
+ * but it is in '.' and IGNORE_DOT is set.
 */
 int
 find_path(infile, outfile)
@@ -108,8 +108,8 @@ find_path(infile, outfile)
     * Grab PATH out of the environment (or from the string table
     * if SECURE_PATH is in effect) and make a local copy.
     */
-    if (sudo_strtable[I_SECURE_PATH])
+    if (def_str(I_SECURE_PATH))
-	path = sudo_strtable[I_SECURE_PATH];
+	path = def_str(I_SECURE_PATH);
    else if ((path = getenv("PATH")) == NULL)
 	return(NOT_FOUND);
    path = estrdup(path);
@@ -150,7 +150,7 @@ find_path(infile, outfile)
     */
    if (!result && checkdot) {
 	result = sudo_goodpath(infile);
-	if (result && sudo_flag_set(FL_IGNORE_DOT))
+	if (result && def_flag(I_IGNORE_DOT))
 	    return(NOT_FOUND_DOT);
    }
--- a/getspwuid.c
+++ b/getspwuid.c
@@ -144,9 +144,9 @@ sudo_getepw(pw)
 	spw = getprpwnam(pw->pw_name);
 	if (spw != NULL && spw->ufld.fd_encrypt != NULL) {
-#  ifdef __alpha
+# ifdef __alpha
 	    crypt_type = spw->ufld.fd_oldcrypt;
-#  endif /* __alpha */
+# endif /* __alpha */
 	    return(spw->ufld.fd_encrypt);
 	}
    }
--- a/logging.c
+++ b/logging.c
@@ -154,32 +154,32 @@ do_logfile(msg)
    char *beg, *oldend, *end;
    FILE *fp;
    mode_t oldmask;
-    int maxlen = sudo_inttable[I_LOGLEN];
+    int maxlen = def_ival(I_LOGLEN);
    oldmask = umask(077);
-    fp = fopen(sudo_strtable[I_LOGFILE], "a");
+    fp = fopen(def_str(I_LOGFILE), "a");
    (void) umask(oldmask);
    if (fp == NULL) {
 	easprintf(&full_line, "Can't open log file: %s: %s",
-	    sudo_strtable[I_LOGFILE], strerror(errno));
+	    def_str(I_LOGFILE), strerror(errno));
 	send_mail(full_line);
 	free(full_line);
    } else if (!lock_file(fileno(fp), SUDO_LOCK)) {
 	easprintf(&full_line, "Can't lock log file: %s: %s",
-	    sudo_strtable[I_LOGFILE], strerror(errno));
+	    def_str(I_LOGFILE), strerror(errno));
 	send_mail(full_line);
 	free(full_line);
    } else {
-	if (sudo_inttable[I_LOGLEN] == 0) {
+	if (def_ival(I_LOGLEN) == 0) {
 	    /* Don't pretty-print long log file lines (hard to grep) */
-	    if (sudo_flag_set(FL_LOG_HOST))
+	    if (def_flag(I_LOG_HOST))
 		(void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(),
 		    user_name, user_shost, msg);
 	    else
 		(void) fprintf(fp, "%s : %s : %s\n", get_timestr(),
 		    user_name, msg);
 	} else {
-	    if (sudo_flag_set(FL_LOG_HOST))
+	    if (def_flag(I_LOG_HOST))
 		easprintf(&full_line, "%s : %s : HOST=%s : %s", get_timestr(),
 		    user_name, user_shost, msg);
 	    else
@@ -255,9 +255,9 @@ log_auth(status, inform_user)
    int pri;
    if (status & VALIDATE_OK)
-	pri = PRI_SUCCESS;
+	pri = def_ival(I_GOODPRI);
    else
-	pri = PRI_FAILURE;
+	pri = def_ival(I_BADPRI);
    /* Set error message, if any. */
    if (status & VALIDATE_OK)
@@ -298,9 +298,9 @@ log_auth(status, inform_user)
    /*
     * Log via syslog and/or a file.
     */
-    if (sudo_inttable[I_LOGFAC] != (unsigned int)-1)
+    if (def_str(I_LOGFACSTR))
 	do_syslog(pri, logline);
-    if (sudo_strtable[I_LOGFILE])
+    if (def_str(I_LOGFILE))
 	do_logfile(logline);
    free(logline);
@@ -379,9 +379,9 @@ log_error(va_alist)
    /*
     * Log to syslog and/or a file.
     */
-    if (sudo_inttable[I_LOGFAC] != (unsigned int)-1)
+    if (def_str(I_LOGFACSTR))
-	do_syslog(PRI_FAILURE, logline);
+	do_syslog(def_ival(I_BADPRI), logline);
-    if (sudo_strtable[I_LOGFILE])
+    if (def_str(I_LOGFILE))
 	do_logfile(logline);
    free(logline);
@@ -389,8 +389,10 @@ log_error(va_alist)
 	free(message);
 }
 #define MAX_MAILFLAGS	63
 /*
- * Send a message to ALERTMAIL
+ * Send a message to MAILTO user
 */
 static void
 send_mail(line)
@@ -401,7 +403,7 @@ send_mail(line)
    int pfd[2], pid;
    /* Just return if mailer is disabled. */
-    if (!sudo_strtable[I_MAILERPATH])
+    if (!def_str(I_MAILERPATH) || !def_str(I_MAILTO))
 	return;
    if ((pid = fork()) > 0) {	/* Child. */
@@ -425,15 +427,37 @@ send_mail(line)
 		exit(1);
 		break;
 	    case 0:
-		/* Grandchild. */
+		{
-		(void) close(pfd[1]);
+		    char *argv[MAX_MAILFLAGS + 1];
-		(void) dup2(pfd[0], STDIN_FILENO);
+		    char *mpath, *mflags;
-		(void) close(pfd[0]);
+		    int i;
-		/* Run sendmail as root so user cannot kill it. */
+		    /* Grandchild. */
-		set_perms(PERM_ROOT, 0);
+		    (void) close(pfd[1]);
-		execl(_PATH_SENDMAIL, "sendmail", "-t", NULL);
+		    (void) dup2(pfd[0], STDIN_FILENO);
-		_exit(127);
+		    (void) close(pfd[0]);
 		    /* Build up an argv based the mailer path and flags */
 		    mflags = estrdup(def_str(I_MAILERFLAGS));
 		    mpath = estrdup(def_str(I_MAILERPATH));
 		    if ((argv[0] = strrchr(mpath, ' ')))
 			argv[0]++;
 		    else
 			argv[0] = mpath;
 		    i = 1;
 		    if ((p = strtok(mflags, " \t"))) {
 			do {
 			    argv[i] = p;
 			} while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t")));
 		    }
 		    argv[i] = NULL;
 		    /* Run mailer as root so user cannot kill it. */
 		    set_perms(PERM_ROOT, 0);
 		    execv(mpath, argv);
 		    _exit(127);
 		}
 		break;
 	}
@@ -442,8 +466,8 @@ send_mail(line)
 	/* Pipes are all setup, send message via sendmail. */
 	(void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ",
-	    sudo_strtable[I_ALERTMAIL], user_name);
+	    def_str(I_MAILTO), user_name);
-	for (p = sudo_strtable[I_MAILSUB]; *p; p++) {
+	for (p = def_str(I_MAILSUB); *p; p++) {
 	    /* Expand escapes in the subject */
 	    if (*p == '%' && *(p+1) != '%') {
 		switch (*(++p)) {
@@ -486,16 +510,16 @@ mail_auth(status, line)
    int mail_mask;
    /* If any of these bits are set in status, we send mail. */
-    if (sudo_flag_set(FL_MAIL_ALWAYS))
+    if (def_flag(I_MAIL_ALWAYS))
 	mail_mask =
 	    VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK;
    else {
 	mail_mask = VALIDATE_ERROR;
-	if (sudo_flag_set(FL_MAIL_IF_NOUSER))
+	if (def_flag(I_MAIL_IF_NOUSER))
 	    mail_mask |= FLAG_NO_USER;
-	if (sudo_flag_set(FL_MAIL_IF_NOHOST))
+	if (def_flag(I_MAIL_IF_NOHOST))
 	    mail_mask |= FLAG_NO_HOST;
-	if (sudo_flag_set(FL_MAIL_IF_NOPERMS))
+	if (def_flag(I_MAIL_IF_NOPERMS))
 	    mail_mask |= VALIDATE_NOT_OK;
    }
@@ -538,24 +562,23 @@ get_timestr()
    struct tm *timeptr;
    timeptr = localtime(&now);
-    if (sudo_flag_set(FL_LOG_YEAR))
+    if (def_flag(I_LOG_YEAR))
 	s = "%h %e %T %Y";
    else
 	s = "%h %e %T";
    /* strftime() does not guarantee to NUL-terminate so we must check. */
    buf[sizeof(buf) - 1] = '\0';
-    if (strftime(buf, sizeof(buf), s, timeptr) && !buf[sizeof(buf) - 1])
+    if (strftime(buf, sizeof(buf), s, timeptr) && buf[sizeof(buf) - 1] == '\0')
 	return(buf);
-#else
+#endif /* HAVE_STRFTIME */
    s = ctime(&now) + 4;		/* skip day of the week */
-    if (sudo_flag_set(FL_LOG_YEAR))
+    if (def_flag(I_LOG_YEAR))
 	s[20] = '\0';			/* avoid the newline */
    else
 	s[15] = '\0';			/* don't care about year */
    return(s);
 #endif /* HAVE_STRFTIME */
 }
--- a/parse.yacc
+++ b/parse.yacc
@@ -115,7 +115,7 @@ int top = 0, stacksize = 0;
 	match[top].cmnd   = -1; \
 	match[top].host   = -1; \
 	match[top].runas  = -1; \
-	match[top].nopass = sudo_flag_set(FL_AUTHENTICATE) ? -1 : TRUE; \
+	match[top].nopass = def_flag(I_AUTHENTICATE) ? -1 : TRUE; \
 	top++; \
    } while (0)
@@ -324,7 +324,7 @@ privilege	:	hostlist '=' cmndspeclist {
 			     */
 			    host_matches = -1;
 			    runas_matches = -1;
-			    if (sudo_flag_set(FL_AUTHENTICATE))
+			    if (def_flag(I_AUTHENTICATE))
 				no_passwd = -1;
 			    else
 				no_passwd = TRUE;
@@ -460,7 +460,7 @@ runasspec	:	/* empty */ {
 			     */
 			    if (runas_matches == -1)
 				runas_matches = (strcmp(*user_runas,
-				    sudo_strtable[I_RUNAS_DEF]) == 0);
+				    def_str(I_RUNAS_DEF)) == 0);
 			}
 		|	RUNAS runaslist { ; }
 		;
@@ -996,13 +996,13 @@ list_matches()
 	    } while ((p = strtok(NULL, ", ")));
 	    (void) fputs(") ", stdout);
 	} else {
-	    (void) printf("(%s) ", sudo_strtable[I_RUNAS_DEF]);
+	    (void) printf("(%s) ", def_str(I_RUNAS_DEF));
 	}
 	/* Is a password required? */
-	if (cm_list[i].nopasswd == TRUE && sudo_flag_set(FL_AUTHENTICATE))
+	if (cm_list[i].nopasswd == TRUE && def_flag(I_AUTHENTICATE))
 	    (void) fputs("NOPASSWD: ", stdout);
-	else if (cm_list[i].nopasswd == FALSE && !sudo_flag_set(FL_AUTHENTICATE))
+	else if (cm_list[i].nopasswd == FALSE && !def_flag(I_AUTHENTICATE))
 	    (void) fputs("PASSWD: ", stdout);
 	/* Print the actual command or expanded Cmnd_Alias. */
--- a/sudo.c
+++ b/sudo.c
@@ -229,9 +229,9 @@ main(argc, argv)
    init_defaults();
    /* Initialize syslog(3) if we are using it. */
-    if (sudo_inttable[I_LOGFAC] != (unsigned int)-1) {
+    if (def_str(I_LOGFACSTR)) {
 #ifdef LOG_NFACILITIES
-	openlog("sudo", 0, sudo_inttable[I_LOGFAC]);
+	openlog("sudo", 0, def_ival(I_LOGFAC));
 #else
 	openlog("sudo", 0);
 #endif /* LOG_NFACILITIES */
@@ -298,7 +298,7 @@ main(argc, argv)
 	    errorlineno);
    /* Is root even allowed to run sudo? */
-    if (getuid() == 0 && !sudo_flag_set(FL_ROOT_SUDO)) {
+    if (getuid() == 0 && !def_flag(I_ROOT_SUDO)) {
 	(void) fputs("You are already root, you don't need to use sudo.\n",
 	    stderr);
 	exit(1);
@@ -342,7 +342,7 @@ main(argc, argv)
 		"please report this error to sudo-bugs@courtesan.com");
 	}
-	if (sudo_inttable[I_LOGFAC] != (unsigned int)-1)
+	if (def_ival(I_LOGFACSTR))
 	    closelog();
 	/* Reset signal mask before we exec. */
@@ -353,12 +353,12 @@ main(argc, argv)
 #endif /* POSIX_SIGNALS */
 	/* Override user's umask if configured to do so. */
-	if (sudo_inttable[I_UMASK] != 0777)
+	if (def_ival(I_UMASK) != 0777)
-	    (void) umask((mode_t)sudo_inttable[I_UMASK]);
+	    (void) umask(def_mode(I_UMASK));
 	/* Replace the PATH envariable with a secure one. */
-	if (sudo_strtable[I_SECURE_PATH] && !user_is_exempt())
+	if (def_str(I_SECURE_PATH) && !user_is_exempt())
-	    if (sudo_setenv("PATH", sudo_strtable[I_SECURE_PATH])) {
+	    if (sudo_setenv("PATH", def_str(I_SECURE_PATH))) {
 		(void) fprintf(stderr, "%s: cannot allocate memory!\n",
 		    Argv[0]);
 		exit(1);
@@ -382,7 +382,7 @@ main(argc, argv)
 	log_auth(validated, 1);
 	exit(1);
    } else if (validated & VALIDATE_NOT_OK) {
-	if (sudo_flag_set(FL_PATH_INFO)) {
+	if (def_flag(I_PATH_INFO)) {
 	    /*
 	     * We'd like to not leak path info at all here, but that can
 	     * *really* confuse the users.  To really close the leak we'd
@@ -448,7 +448,7 @@ init_vars(sudo_mode)
 	log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
    } else
 	user_host = estrdup(thost);
-    if (sudo_flag_set(FL_FQDN)) {
+    if (def_flag(I_FQDN)) {
 	if (!(hp = gethostbyname(user_host))) {
 	    log_error(USE_ERRNO|MSG_ONLY|NO_EXIT,
 		"unable to lookup %s via gethostbyname()", user_host);
@@ -556,7 +556,7 @@ parse_args()
    NewArgc = Argc - 1;
    if (Argc < 2) {			/* no options and no command */
-	if (!sudo_flag_set(FL_SHELL_NOARGS))
+	if (!def_flag(I_SHELL_NOARGS))
 	    usage(1);
 	rval |= MODE_SHELL;
 	return(rval);
@@ -652,7 +652,7 @@ parse_args()
 		break;
 	    case 's':
 		rval |= MODE_SHELL;
-		if (sudo_flag_set(FL_SET_HOME))
+		if (def_flag(I_SET_HOME))
 		    rval |= MODE_RESET_HOME;
 		break;
 	    case 'H':
@@ -661,7 +661,7 @@ parse_args()
 	    case '-':
 		NewArgc--;
 		NewArgv++;
-		if (sudo_flag_set(FL_SHELL_NOARGS) && rval == MODE_RUN)
+		if (def_flag(I_SHELL_NOARGS) && rval == MODE_RUN)
 		    rval |= MODE_SHELL;
 		return(rval);
 	    case '\0':
--- a/sudo.tab.c
+++ b/sudo.tab.c
@@ -133,7 +133,7 @@ int top = 0, stacksize = 0;
 	match[top].cmnd   = -1; \
 	match[top].host   = -1; \
 	match[top].runas  = -1; \
-	match[top].nopass = sudo_flag_set(FL_AUTHENTICATE) ? -1 : TRUE; \
+	match[top].nopass = def_flag(I_AUTHENTICATE) ? -1 : TRUE; \
 	top++; \
    } while (0)
@@ -763,13 +763,13 @@ list_matches()
 	    } while ((p = strtok(NULL, ", ")));
 	    (void) fputs(") ", stdout);
 	} else {
-	    (void) printf("(%s) ", sudo_strtable[I_RUNAS_DEF]);
+	    (void) printf("(%s) ", def_str(I_RUNAS_DEF));
 	}
 	/* Is a password required? */
-	if (cm_list[i].nopasswd == TRUE && sudo_flag_set(FL_AUTHENTICATE))
+	if (cm_list[i].nopasswd == TRUE && def_flag(I_AUTHENTICATE))
 	    (void) fputs("NOPASSWD: ", stdout);
-	else if (cm_list[i].nopasswd == FALSE && !sudo_flag_set(FL_AUTHENTICATE))
+	else if (cm_list[i].nopasswd == FALSE && !def_flag(I_AUTHENTICATE))
 	    (void) fputs("PASSWD: ", stdout);
 	/* Print the actual command or expanded Cmnd_Alias. */
@@ -1216,7 +1216,7 @@ case 25:
 			     */
 			    host_matches = -1;
 			    runas_matches = -1;
-			    if (sudo_flag_set(FL_AUTHENTICATE))
+			    if (def_flag(I_AUTHENTICATE))
 				no_passwd = -1;
 			    else
 				no_passwd = TRUE;
@@ -1379,7 +1379,7 @@ case 40:
 			     */
 			    if (runas_matches == -1)
 				runas_matches = (strcmp(*user_runas,
-				    sudo_strtable[I_RUNAS_DEF]) == 0);
+				    def_str(I_RUNAS_DEF)) == 0);
 			}
 break;
 case 41: