isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Call gettext() on parameters for warning()/warningx() instead of

Browse Source 
having warning() do it for us.
This commit is contained in:
Todd C. Miller
2012-11-25 09:34:04 -05:00
parent 15c69e0e3f
commit 7b3d268687
31 changed files with 205 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
common/sudo_conf.c
View File

@@ -308,20 +308,20 @@ sudo_conf_read(void)
case SUDO_PATH_MISSING: case SUDO_PATH_MISSING:
/* Root should always be able to read sudo.conf. */ /* Root should always be able to read sudo.conf. */
if (errno != ENOENT && geteuid() == ROOT_UID) if (errno != ENOENT && geteuid() == ROOT_UID)
warning(N_("unable to stat %s"), _PATH_SUDO_CONF); warning(_("unable to stat %s"), _PATH_SUDO_CONF);
goto done; goto done;
case SUDO_PATH_BAD_TYPE: case SUDO_PATH_BAD_TYPE:
warningx(N_("%s is not a regular file"), _PATH_SUDO_CONF); warningx(_("%s is not a regular file"), _PATH_SUDO_CONF);
goto done; goto done;
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
warningx(N_("%s is owned by uid %u, should be %u"), warningx(_("%s is owned by uid %u, should be %u"),
_PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID); _PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID);
goto done; goto done;
case SUDO_PATH_WORLD_WRITABLE: case SUDO_PATH_WORLD_WRITABLE:
warningx(N_("%s is world writable"), _PATH_SUDO_CONF); warningx(_("%s is world writable"), _PATH_SUDO_CONF);
goto done; goto done;
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
warningx(N_("%s is group writable"), _PATH_SUDO_CONF); warningx(_("%s is group writable"), _PATH_SUDO_CONF);
goto done; goto done;
default: default:
/* NOTREACHED */ /* NOTREACHED */
@@ -330,7 +330,7 @@ sudo_conf_read(void)
if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) { if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) {
if (errno != ENOENT && geteuid() == ROOT_UID) if (errno != ENOENT && geteuid() == ROOT_UID)
warning(N_("unable to open %s"), _PATH_SUDO_CONF); warning(_("unable to open %s"), _PATH_SUDO_CONF);
goto done; goto done;
} }

14
plugins/sudoers/auth/fwtk.c
View File

@@ -57,22 +57,22 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth)
debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH) debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH)
if ((confp = cfg_read("sudo")) == (Cfg *)-1) { if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
warningx(N_("unable to read fwtk config")); warningx(_("unable to read fwtk config"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
if (auth_open(confp)) { if (auth_open(confp)) {
warningx(N_("unable to connect to authentication server")); warningx(_("unable to connect to authentication server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
/* Get welcome message from auth server */ /* Get welcome message from auth server */
if (auth_recv(resp, sizeof(resp))) { if (auth_recv(resp, sizeof(resp))) {
warningx(N_("lost connection to authentication server")); warningx(_("lost connection to authentication server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
if (strncmp(resp, "Authsrv ready", 13) != 0) { if (strncmp(resp, "Authsrv ready", 13) != 0) {
warningx(N_("authentication server error:\n%s"), resp); warningx(_("authentication server error:\n%s"), resp);
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -92,7 +92,7 @@ sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
restart: restart:
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
warningx(N_("lost connection to authentication server")); warningx(_("lost connection to authentication server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -125,7 +125,7 @@ restart:
/* Send the user's response to the server */ /* Send the user's response to the server */
(void) snprintf(buf, sizeof(buf), "response '%s'", pass); (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) { if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
warningx(N_("lost connection to authentication server")); warningx(_("lost connection to authentication server"));
error = AUTH_FATAL; error = AUTH_FATAL;
goto done; goto done;
} }
@@ -137,7 +137,7 @@ restart:
/* Main loop prints "Permission Denied" or insult. */ /* Main loop prints "Permission Denied" or insult. */
if (strcmp(resp, "Permission Denied.") != 0) if (strcmp(resp, "Permission Denied.") != 0)
warningx(N"%s", resp); warningx("%s", resp);
error = AUTH_FAILURE; error = AUTH_FAILURE;
done: done:
zero_bytes(pass, strlen(pass)); zero_bytes(pass, strlen(pass));

2
plugins/sudoers/auth/rfc1938.c
View File

@@ -101,7 +101,7 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
*/ */
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) { if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
if (IS_ONEANDONLY(auth)) { if (IS_ONEANDONLY(auth)) {
warningx(N_("you do not exist in the %s database"), auth->name); warningx(_("you do not exist in the %s database"), auth->name);
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} else { } else {
debug_return_int(AUTH_FAILURE); debug_return_int(AUTH_FAILURE);

22
plugins/sudoers/auth/securid5.c
View File

@@ -78,7 +78,7 @@ sudo_securid_init(struct passwd *pw, sudo_auth *auth)
if (AceInitialize() != SD_FALSE) if (AceInitialize() != SD_FALSE)
debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_SUCCESS);
warningx(N_("failed to initialise the ACE API library")); warningx(_("failed to initialise the ACE API library"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -104,7 +104,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
/* Re-initialize SecurID every time. */ /* Re-initialize SecurID every time. */
if (SD_Init(sd) != ACM_OK) { if (SD_Init(sd) != ACM_OK) {
warningx(N_("unable to contact the SecurID server")); warningx(_("unable to contact the SecurID server"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
@@ -113,23 +113,23 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
switch (retval) { switch (retval) {
case ACM_OK: case ACM_OK:
warningx(N_("User ID locked for SecurID Authentication")); warningx(_("User ID locked for SecurID Authentication"));
debug_return_int(AUTH_SUCCESS); debug_return_int(AUTH_SUCCESS);
case ACE_UNDEFINED_USERNAME: case ACE_UNDEFINED_USERNAME:
warningx(N_("invalid username length for SecurID")); warningx(_("invalid username length for SecurID"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
case ACE_ERR_INVALID_HANDLE: case ACE_ERR_INVALID_HANDLE:
warningx(N_("invalid Authentication Handle for SecurID")); warningx(_("invalid Authentication Handle for SecurID"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
case ACM_ACCESS_DENIED: case ACM_ACCESS_DENIED:
warningx(N_("SecurID communication failed")); warningx(_("SecurID communication failed"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
default: default:
warningx(N_("unknown SecurID error")); warningx(_("unknown SecurID error"));
debug_return_int(AUTH_FATAL); debug_return_int(AUTH_FATAL);
} }
} }
@@ -163,17 +163,17 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth)
break; break;
case ACE_UNDEFINED_PASSCODE: case ACE_UNDEFINED_PASSCODE:
warningx(N_("invalid passcode length for SecurID")); warningx(_("invalid passcode length for SecurID"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
case ACE_UNDEFINED_USERNAME: case ACE_UNDEFINED_USERNAME:
warningx(N_("invalid username length for SecurID")); warningx(_("invalid username length for SecurID"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
case ACE_ERR_INVALID_HANDLE: case ACE_ERR_INVALID_HANDLE:
warningx(N_("invalid Authentication Handle for SecurID")); warningx(_("invalid Authentication Handle for SecurID"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
@@ -212,7 +212,7 @@ then enter the new token code.\n", \
break; break;
default: default:
warningx(N_("unknown SecurID error")); warningx(_("unknown SecurID error"));
rval = AUTH_FATAL; rval = AUTH_FATAL;
break; break;
} }

44
plugins/sudoers/defaults.c
View File

@@ -205,7 +205,7 @@ set_default(char *var, char *val, int op)
break; break;
} }
if (!cur->name) { if (!cur->name) {
warningx(N_("unknown defaults entry `%s'"), var); warningx(_("unknown defaults entry `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
@@ -213,20 +213,20 @@ set_default(char *var, char *val, int op)
case T_LOGFAC: case T_LOGFAC:
if (!store_syslogfac(val, cur, op)) { if (!store_syslogfac(val, cur, op)) {
if (val) if (val)
warningx(N_("value `%s' is invalid for option `%s'"), warningx(_("value `%s' is invalid for option `%s'"),
val, var); val, var);
else else
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
case T_LOGPRI: case T_LOGPRI:
if (!store_syslogpri(val, cur, op)) { if (!store_syslogpri(val, cur, op)) {
if (val) if (val)
warningx(N_("value `%s' is invalid for option `%s'"), warningx(_("value `%s' is invalid for option `%s'"),
val, var); val, var);
else else
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -234,16 +234,16 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (ISSET(cur->type, T_PATH) && val && *val != '/') { if (ISSET(cur->type, T_PATH) && val && *val != '/') {
warningx(N_("values for `%s' must start with a '/'"), var); warningx(_("values for `%s' must start with a '/'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
if (!store_str(val, cur, op)) { if (!store_str(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -251,12 +251,12 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_int(val, cur, op)) { if (!store_int(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -264,12 +264,12 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_uint(val, cur, op)) { if (!store_uint(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -277,12 +277,12 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_float(val, cur, op)) { if (!store_float(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -290,18 +290,18 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_mode(val, cur, op)) { if (!store_mode(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
case T_FLAG: case T_FLAG:
if (val) { if (val) {
warningx(N_("option `%s' does not take a value"), var); warningx(_("option `%s' does not take a value"), var);
debug_return_bool(false); debug_return_bool(false);
} }
cur->sd_un.flag = op; cur->sd_un.flag = op;
@@ -310,22 +310,22 @@ set_default(char *var, char *val, int op)
if (!val) { if (!val) {
/* Check for bogus boolean usage or lack of a value. */ /* Check for bogus boolean usage or lack of a value. */
if (!ISSET(cur->type, T_BOOL) || op != false) { if (!ISSET(cur->type, T_BOOL) || op != false) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
} }
if (!store_list(val, cur, op)) { if (!store_list(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
case T_TUPLE: case T_TUPLE:
if (!val && !ISSET(cur->type, T_BOOL)) { if (!val && !ISSET(cur->type, T_BOOL)) {
warningx(N_("no value specified for `%s'"), var); warningx(_("no value specified for `%s'"), var);
debug_return_bool(false); debug_return_bool(false);
} }
if (!store_tuple(val, cur, op)) { if (!store_tuple(val, cur, op)) {
warningx(N_("value `%s' is invalid for option `%s'"), val, var); warningx(_("value `%s' is invalid for option `%s'"), val, var);
debug_return_bool(false); debug_return_bool(false);
} }
break; break;
@@ -580,7 +580,7 @@ check_defaults(int what, bool quiet)
} }
if (cur->name == NULL) { if (cur->name == NULL) {
if (!quiet) if (!quiet)
warningx(N_("unknown defaults entry `%s'"), def->var); warningx(_("unknown defaults entry `%s'"), def->var);
rc = false; rc = false;
} }
} }

10
plugins/sudoers/group_plugin.c
View File

@@ -100,28 +100,28 @@ group_plugin_load(char *plugin_info)
goto done; goto done;
} }
if (sb.st_uid != ROOT_UID) { if (sb.st_uid != ROOT_UID) {
warningx(N_("%s must be owned by uid %d"), path, ROOT_UID); warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
goto done; goto done;
} }
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
warningx(N_("%s must only be writable by owner"), path); warningx(_("%s must only be writable by owner"), path);
goto done; goto done;
} }
/* Open plugin and map in symbol. */ /* Open plugin and map in symbol. */
group_handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL); group_handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
if (!group_handle) { if (!group_handle) {
warningx(N_("unable to dlopen %s: %s"), path, dlerror()); warningx(_("unable to dlopen %s: %s"), path, dlerror());
goto done; goto done;
} }
group_plugin = dlsym(group_handle, "group_plugin"); group_plugin = dlsym(group_handle, "group_plugin");
if (group_plugin == NULL) { if (group_plugin == NULL) {
warningx(N_("unable to find symbol \"group_plugin\" in %s"), path); warningx(_("unable to find symbol \"group_plugin\" in %s"), path);
goto done; goto done;
} }
if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) { if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) {
warningx(N_("%s: incompatible group plugin major version %d, expected %d"), warningx(_("%s: incompatible group plugin major version %d, expected %d"),
path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version), path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version),
GROUP_API_VERSION_MAJOR); GROUP_API_VERSION_MAJOR);
goto done; goto done;

24
plugins/sudoers/ldap.c
View File

@@ -437,7 +437,7 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list)
nldaps++; nldaps++;
host = uri + 8; host = uri + 8;
} else { } else {
warningx(N_("unsupported LDAP uri type: %s"), uri); warningx(_("unsupported LDAP uri type: %s"), uri);
goto done; goto done;
} }
@@ -466,17 +466,17 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list)
} }
} }
if (hostbuf[0] == '\0') { if (hostbuf[0] == '\0') {
warningx(N_("invalid uri: %s"), uri_list->val); warningx(_("invalid uri: %s"), uri_list->val);
goto done; goto done;
} }
if (nldaps != 0) { if (nldaps != 0) {
if (nldap != 0) { if (nldap != 0) {
warningx(N_("unable to mix ldap and ldaps URIs")); warningx(_("unable to mix ldap and ldaps URIs"));
goto done; goto done;
} }
if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
warningx(N_("unable to mix ldaps and starttls")); warningx(_("unable to mix ldaps and starttls"));
goto done; goto done;
} }
ldap_conf.ssl_mode = SUDO_LDAP_SSL; ldap_conf.ssl_mode = SUDO_LDAP_SSL;
@@ -569,10 +569,10 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
} }
} }
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
warningx(N_("unable to initialize SSL cert and key db: %s"), warningx(_("unable to initialize SSL cert and key db: %s"),
ldapssl_err2string(rc)); ldapssl_err2string(rc));
if (ldap_conf.tls_certfile == NULL) if (ldap_conf.tls_certfile == NULL)
warningx(N_("you must set TLS_CERT in %s to use SSL"), warningx(_("you must set TLS_CERT in %s to use SSL"),
_PATH_LDAP_CONF); _PATH_LDAP_CONF);
goto done; goto done;
} }
@@ -995,13 +995,13 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize)
/* Make sure we have a formatted timestamp for __now__. */ /* Make sure we have a formatted timestamp for __now__. */
time(&now); time(&now);
if ((tp = gmtime(&now)) == NULL) { if ((tp = gmtime(&now)) == NULL) {
warning(N_("unable to get GMT time")); warning(_("unable to get GMT time"));
goto done; goto done;
} }
/* Format the timestamp according to the RFC. */ /* Format the timestamp according to the RFC. */
if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) { if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) {
warningx(N_("unable to format timestamp")); warningx(_("unable to format timestamp"));
goto done; goto done;
} }
@@ -1009,7 +1009,7 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize)
bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))", bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))",
timebuffer, timebuffer); timebuffer, timebuffer);
if (bytes < 0 || bytes >= buffersize) { if (bytes < 0 || bytes >= buffersize) {
warning(N_("unable to build time filter")); warning(_("unable to build time filter"));
bytes = 0; bytes = 0;
} }
@@ -2252,7 +2252,7 @@ sudo_ldap_open(struct sudo_nss *nss)
rc = ldap_initialize(&ld, buf); rc = ldap_initialize(&ld, buf);
efree(buf); efree(buf);
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
warningx(N_("unable to initialize LDAP: %s"), ldap_err2string(rc)); warningx(_("unable to initialize LDAP: %s"), ldap_err2string(rc));
} else } else
#endif #endif
rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port); rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
@@ -2286,7 +2286,7 @@ sudo_ldap_open(struct sudo_nss *nss)
} }
DPRINTF(("ldap_start_tls_s_np() ok"), 1); DPRINTF(("ldap_start_tls_s_np() ok"), 1);
#else #else
warningx(N_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()")); warningx(_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"));
#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */ #endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
} }
@@ -2522,7 +2522,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry)
DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1); DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1);
order = strtod((*bv)->bv_val, &ep); order = strtod((*bv)->bv_val, &ep);
if (ep == (*bv)->bv_val || *ep != '\0') { if (ep == (*bv)->bv_val || *ep != '\0') {
warningx(N_("invalid sudoOrder attribute: %s"), (*bv)->bv_val); warningx(_("invalid sudoOrder attribute: %s"), (*bv)->bv_val);
order = 0.0; order = 0.0;
} }
DPRINTF(("order attribute: %f", order), 1); DPRINTF(("order attribute: %f", order), 1);

2
plugins/sudoers/linux_audit.c
View File

@@ -90,7 +90,7 @@ linux_audit_command(char *argv[], int result)
/* Log command, ignoring ECONNREFUSED on error. */ /* Log command, ignoring ECONNREFUSED on error. */
rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result); rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
if (rc <= 0 && errno != ECONNREFUSED) if (rc <= 0 && errno != ECONNREFUSED)
warning(N_("unable to send audit message")); warning(_("unable to send audit message"));
efree(command); efree(command);

4
plugins/sudoers/logging.c
View File

@@ -335,9 +335,9 @@ log_failure(int status, int flags)
* their path to just contain a single dir. * their path to just contain a single dir.
*/ */
if (flags == NOT_FOUND) if (flags == NOT_FOUND)
warningx(N_("%s: command not found"), user_cmnd); warningx(_("%s: command not found"), user_cmnd);
else if (flags == NOT_FOUND_DOT) else if (flags == NOT_FOUND_DOT)
warningx(N_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
} }
debug_return; debug_return;

13
plugins/sudoers/plugin_error.c
View File

@@ -23,16 +23,10 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <setjmp.h> #include <setjmp.h>
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# include "compat/stdbool.h"
#endif /* HAVE_STDBOOL_H */
#include "missing.h" #include "missing.h"
#include "alloc.h" #include "alloc.h"
#include "error.h" #include "error.h"
#include "logging.h"
#include "sudo_plugin.h" #include "sudo_plugin.h"
#define DEFAULT_TEXT_DOMAIN "sudoers" #define DEFAULT_TEXT_DOMAIN "sudoers"
@@ -131,10 +125,7 @@ vwarningx2(const char *fmt, va_list ap)
static void static void
_warning(int use_errno, const char *fmt, va_list ap) _warning(int use_errno, const char *fmt, va_list ap)
{ {
int oldlocale, serrno = errno; int serrno = errno;
/* Warnings are displayed in the user's locale. */
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
if (sudo_conv != NULL) { if (sudo_conv != NULL) {
struct sudo_conv_message msg[6]; struct sudo_conv_message msg[6];
@@ -176,6 +167,4 @@ _warning(int use_errno, const char *fmt, va_list ap)
} }
putc('\n', stderr); putc('\n', stderr);
} }
sudoers_setlocale(oldlocale, NULL);
} }

4
plugins/sudoers/policy.c
View File

@@ -495,7 +495,7 @@ sudoers_policy_close(int exit_status, int error_code)
/* We do not currently log the exit status. */ /* We do not currently log the exit status. */
if (error_code) { if (error_code) {
errno = error_code; errno = error_code;
warning(N_("unable to execute %s"), safe_cmnd); warning(_("unable to execute %s"), safe_cmnd);
} }
/* Close the session we opened in sudoers_policy_init_session(). */ /* Close the session we opened in sudoers_policy_init_session(). */
@@ -603,7 +603,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose,
if (list_user) { if (list_user) {
list_pw = sudo_getpwnam(list_user); list_pw = sudo_getpwnam(list_user);
if (list_pw == NULL) { if (list_pw == NULL) {
warningx(N_("unknown user: %s"), list_user); warningx(_("unknown user: %s"), list_user);
debug_return_bool(-1); debug_return_bool(-1);
} }
} }

14
plugins/sudoers/sssd.c
View File

@@ -248,14 +248,14 @@ static int sudo_sss_open(struct sudo_nss *nss)
/* Load symbols */ /* Load symbols */
handle->ssslib = dlopen(path, RTLD_LAZY); handle->ssslib = dlopen(path, RTLD_LAZY);
if (handle->ssslib == NULL) { if (handle->ssslib == NULL) {
warningx(N_("Unable to dlopen %s: %s"), path, dlerror()); warningx(_("Unable to dlopen %s: %s"), path, dlerror());
warningx(N_("Unable to initialize SSS source. Is SSSD installed on your machine?")); warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?"));
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv"); handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv");
if (handle->fn_send_recv == NULL) { if (handle->fn_send_recv == NULL) {
warningx(N_("unable to find symbol \"%s\" in %s"), path, warningx(_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_send_recv"); "sss_sudo_send_recv");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
@@ -263,28 +263,28 @@ static int sudo_sss_open(struct sudo_nss *nss)
handle->fn_send_recv_defaults = handle->fn_send_recv_defaults =
dlsym(handle->ssslib, "sss_sudo_send_recv_defaults"); dlsym(handle->ssslib, "sss_sudo_send_recv_defaults");
if (handle->fn_send_recv_defaults == NULL) { if (handle->fn_send_recv_defaults == NULL) {
warningx(N_("unable to find symbol \"%s\" in %s"), path, warningx(_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_send_recv_defaults"); "sss_sudo_send_recv_defaults");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result"); handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result");
if (handle->fn_free_result == NULL) { if (handle->fn_free_result == NULL) {
warningx(N_("unable to find symbol \"%s\" in %s"), path, warningx(_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_free_result"); "sss_sudo_free_result");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values"); handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values");
if (handle->fn_get_values == NULL) { if (handle->fn_get_values == NULL) {
warningx(N_("unable to find symbol \"%s\" in %s"), path, warningx(_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_get_values"); "sss_sudo_get_values");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }
handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values"); handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values");
if (handle->fn_free_values == NULL) { if (handle->fn_free_values == NULL) {
warningx(N_("unable to find symbol \"%s\" in %s"), path, warningx(_("unable to find symbol \"%s\" in %s"), path,
"sss_sudo_free_values"); "sss_sudo_free_values");
debug_return_int(EFAULT); debug_return_int(EFAULT);
} }

16
plugins/sudoers/sudoers.c
View File

@@ -162,7 +162,7 @@ sudoers_policy_init(void *info, char * const envp[])
} }
} }
if (sources == 0) { if (sources == 0) {
warningx(N_("no valid sudoers sources found, quitting")); warningx(_("no valid sudoers sources found, quitting"));
debug_return_bool(-1); debug_return_bool(-1);
} }
@@ -239,14 +239,14 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Is root even allowed to run sudo? */ /* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) { if (user_uid == 0 && !def_root_sudo) {
warningx(N_("sudoers specifies that root is not allowed to sudo")); warningx(_("sudoers specifies that root is not allowed to sudo"));
goto bad; goto bad;
} }
/* Check for -C overriding def_closefrom. */ /* Check for -C overriding def_closefrom. */
if (user_closefrom >= 0 && user_closefrom != def_closefrom) { if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
if (!def_closefrom_override) { if (!def_closefrom_override) {
warningx(N_("you are not permitted to use the -C option")); warningx(_("you are not permitted to use the -C option"));
goto bad; goto bad;
} }
def_closefrom = user_closefrom; def_closefrom = user_closefrom;
@@ -344,7 +344,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY); int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
if (fd == -1) { if (fd == -1) {
audit_failure(NewArgv, N_("no tty")); audit_failure(NewArgv, N_("no tty"));
warningx(N_("sorry, you must have a tty to run sudo")); warningx(_("sorry, you must have a tty to run sudo"));
goto bad; goto bad;
} else } else
(void) close(fd); (void) close(fd);
@@ -395,18 +395,18 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
/* Finally tell the user if the command did not exist. */ /* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) { if (cmnd_status == NOT_FOUND_DOT) {
audit_failure(NewArgv, N_("command in current directory")); audit_failure(NewArgv, N_("command in current directory"));
warningx(N_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
goto bad; goto bad;
} else if (cmnd_status == NOT_FOUND) { } else if (cmnd_status == NOT_FOUND) {
audit_failure(NewArgv, N_("%s: command not found"), user_cmnd); audit_failure(NewArgv, N_("%s: command not found"), user_cmnd);
warningx(N_("%s: command not found"), user_cmnd); warningx(_("%s: command not found"), user_cmnd);
goto bad; goto bad;
} }
/* If user specified env vars make sure sudoers allows it. */ /* If user specified env vars make sure sudoers allows it. */
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) { if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
warningx(N_("sorry, you are not allowed to preserve the environment")); warningx(_("sorry, you are not allowed to preserve the environment"));
goto bad; goto bad;
} else } else
validate_env_vars(sudo_user.env_vars); validate_env_vars(sudo_user.env_vars);
@@ -1022,7 +1022,7 @@ find_editor(int nfiles, char **files, char ***argv_out)
} }
if (!editor_path) { if (!editor_path) {
audit_failure(NewArgv, N_("%s: command not found"), editor); audit_failure(NewArgv, N_("%s: command not found"), editor);
warningx(N_("%s: command not found"), editor); warningx(_("%s: command not found"), editor);
} }
debug_return_str(editor_path); debug_return_str(editor_path);
} }

2
plugins/sudoers/sudoreplay.c
View File

@@ -812,7 +812,7 @@ parse_logfile(char *logfile)
fp = fopen(logfile, "r"); fp = fopen(logfile, "r");
if (fp == NULL) { if (fp == NULL) {
warning(N_("unable to open %s"), logfile); warning(_("unable to open %s"), logfile);
goto bad; goto bad;
} }

6
plugins/sudoers/toke.c
View File

@@ -3561,19 +3561,19 @@ _push_include(char *path, bool isdir)
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(N_("%s is owned by uid %u, should be %u"), warningx(_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid, path, (unsigned int) sb.st_uid,
(unsigned int) sudoers_uid); (unsigned int) sudoers_uid);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WORLD_WRITABLE: case SUDO_PATH_WORLD_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(N_("%s is world writable"), path); warningx(_("%s is world writable"), path);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(N_("%s is owned by gid %u, should be %u"), warningx(_("%s is owned by gid %u, should be %u"),
path, (unsigned int) sb.st_gid, path, (unsigned int) sb.st_gid,
(unsigned int) sudoers_gid); (unsigned int) sudoers_gid);
} }

6
plugins/sudoers/toke.l
View File

@@ -839,19 +839,19 @@ _push_include(char *path, bool isdir)
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WRONG_OWNER: case SUDO_PATH_WRONG_OWNER:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(N_("%s is owned by uid %u, should be %u"), warningx(_("%s is owned by uid %u, should be %u"),
path, (unsigned int) sb.st_uid, path, (unsigned int) sb.st_uid,
(unsigned int) sudoers_uid); (unsigned int) sudoers_uid);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_WORLD_WRITABLE: case SUDO_PATH_WORLD_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(N_("%s is world writable"), path); warningx(_("%s is world writable"), path);
} }
debug_return_bool(false); debug_return_bool(false);
case SUDO_PATH_GROUP_WRITABLE: case SUDO_PATH_GROUP_WRITABLE:
if (sudoers_warnings) { if (sudoers_warnings) {
warningx(N_("%s is owned by gid %u, should be %u"), warningx(_("%s is owned by gid %u, should be %u"),
path, (unsigned int) sb.st_gid, path, (unsigned int) sb.st_gid,
(unsigned int) sudoers_gid); (unsigned int) sudoers_gid);
} }

2
plugins/sudoers/toke_util.c
View File

@@ -219,7 +219,7 @@ fill_args(const char *s, int len, int addspace)
if (addspace) if (addspace)
*p++ = ' '; *p++ = ' ';
if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != len) { if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != len) {
warningx(N_("fill_args: buffer overflow")); /* paranoia */ warningx(_("fill_args: buffer overflow")); /* paranoia */
sudoerserror(NULL); sudoerserror(NULL);
debug_return_bool(false); debug_return_bool(false);
} }

30
plugins/sudoers/visudo.c
View File

@@ -415,18 +415,18 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
* Sanity checks. * Sanity checks.
*/ */
if (stat(sp->tpath, &sb) < 0) { if (stat(sp->tpath, &sb) < 0) {
warningx(N_("unable to stat temporary file (%s), %s unchanged"), warningx(_("unable to stat temporary file (%s), %s unchanged"),
sp->tpath, sp->path); sp->tpath, sp->path);
goto done; goto done;
} }
if (sb.st_size == 0 && orig_size != 0) { if (sb.st_size == 0 && orig_size != 0) {
warningx(N_("zero length temporary file (%s), %s unchanged"), warningx(_("zero length temporary file (%s), %s unchanged"),
sp->tpath, sp->path); sp->tpath, sp->path);
sp->modified = true; sp->modified = true;
goto done; goto done;
} }
} else { } else {
warningx(N_("editor (%s) failed, %s unchanged"), editor, sp->path); warningx(_("editor (%s) failed, %s unchanged"), editor, sp->path);
goto done; goto done;
} }
@@ -449,7 +449,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
if (modified) if (modified)
sp->modified = modified; sp->modified = modified;
else else
warningx(N_("%s unchanged"), sp->tpath); warningx(_("%s unchanged"), sp->tpath);
rval = true; rval = true;
done: done:
@@ -488,7 +488,7 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet)
/* Parse the sudoers temp file */ /* Parse the sudoers temp file */
sudoersrestart(fp); sudoersrestart(fp);
if (sudoersparse() && !parse_error) { if (sudoersparse() && !parse_error) {
warningx(N_("unabled to parse temporary file (%s), unknown error"), warningx(_("unabled to parse temporary file (%s), unknown error"),
sp->tpath); sp->tpath);
parse_error = true; parse_error = true;
errorfile = sp->path; errorfile = sp->path;
@@ -579,21 +579,21 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
if (fstat(sp->fd, &sb) == -1) if (fstat(sp->fd, &sb) == -1)
error(1, _("unable to stat %s"), sp->path); error(1, _("unable to stat %s"), sp->path);
if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) { if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
warning(N_("unable to set (uid, gid) of %s to (%u, %u)"), warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid); sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid);
} }
if (chmod(sp->tpath, sb.st_mode & 0777) != 0) { if (chmod(sp->tpath, sb.st_mode & 0777) != 0) {
warning(N_("unable to change mode of %s to 0%o"), sp->tpath, warning(_("unable to change mode of %s to 0%o"), sp->tpath,
(unsigned int)(sb.st_mode & 0777)); (unsigned int)(sb.st_mode & 0777));
} }
} else { } else {
if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) { if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
warning(N_("unable to set (uid, gid) of %s to (%u, %u)"), warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
sp->tpath, SUDOERS_UID, SUDOERS_GID); sp->tpath, SUDOERS_UID, SUDOERS_GID);
goto done; goto done;
} }
if (chmod(sp->tpath, SUDOERS_MODE) != 0) { if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
warning(N_("unable to change mode of %s to 0%o"), sp->tpath, warning(_("unable to change mode of %s to 0%o"), sp->tpath,
SUDOERS_MODE); SUDOERS_MODE);
goto done; goto done;
} }
@@ -610,7 +610,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
} else { } else {
if (errno == EXDEV) { if (errno == EXDEV) {
char *av[4]; char *av[4];
warningx(N_("%s and %s not on the same file system, using mv to rename"), warningx(_("%s and %s not on the same file system, using mv to rename"),
sp->tpath, sp->path); sp->tpath, sp->path);
/* Build up argument vector for the command */ /* Build up argument vector for the command */
@@ -624,7 +624,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
/* And run it... */ /* And run it... */
if (run_command(_PATH_MV, av)) { if (run_command(_PATH_MV, av)) {
warningx(N_("command failed: '%s %s %s', %s unchanged"), warningx(_("command failed: '%s %s %s', %s unchanged"),
_PATH_MV, sp->tpath, sp->path, sp->path); _PATH_MV, sp->tpath, sp->path, sp->path);
(void) unlink(sp->tpath); (void) unlink(sp->tpath);
efree(sp->tpath); efree(sp->tpath);
@@ -634,7 +634,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
efree(sp->tpath); efree(sp->tpath);
sp->tpath = NULL; sp->tpath = NULL;
} else { } else {
warning(N_("error renaming %s, %s unchanged"), sp->tpath, sp->path); warning(_("error renaming %s, %s unchanged"), sp->tpath, sp->path);
(void) unlink(sp->tpath); (void) unlink(sp->tpath);
goto done; goto done;
} }
@@ -758,7 +758,7 @@ run_command(char *path, char **argv)
sudo_endgrent(); sudo_endgrent();
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
execv(path, argv); execv(path, argv);
warning(N_("unable to run %s"), path); warning(_("unable to run %s"), path);
_exit(127); _exit(127);
break; /* NOTREACHED */ break; /* NOTREACHED */
} }
@@ -810,13 +810,13 @@ check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms)
sudoers_path = "stdin"; sudoers_path = "stdin";
} else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) { } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) {
if (!quiet) if (!quiet)
warning(N_("unable to open %s"), sudoers_path); warning(_("unable to open %s"), sudoers_path);
goto done; goto done;
} }
init_parser(sudoers_path, quiet); init_parser(sudoers_path, quiet);
if (sudoersparse() && !parse_error) { if (sudoersparse() && !parse_error) {
if (!quiet) if (!quiet)
warningx(N_("failed to parse %s file, unknown error"), sudoers_path); warningx(_("failed to parse %s file, unknown error"), sudoers_path);
parse_error = true; parse_error = true;
errorfile = sudoers_path; errorfile = sudoers_path;
} }

2
src/error.c
View File

@@ -108,7 +108,7 @@ _warning(int use_errno, const char *fmt, va_list ap)
fputs(getprogname(), stderr); fputs(getprogname(), stderr);
if (fmt != NULL) { if (fmt != NULL) {
fputs(_(": "), stderr); fputs(_(": "), stderr);
vfprintf(stderr, _(fmt), ap); vfprintf(stderr, fmt, ap);
} }
if (use_errno) { if (use_errno) {
fputs(_(": "), stderr); fputs(_(": "), stderr);

4
src/exec.c
View File

@@ -377,7 +377,7 @@ sudo_execute(struct command_details *details, struct command_status *cstat)
/* One of the ttys must have gone away. */ /* One of the ttys must have gone away. */
goto do_tty_io; goto do_tty_io;
} }
warning(N_("select failed")); warning(_("select failed"));
sudo_debug_printf(SUDO_DEBUG_ERROR, sudo_debug_printf(SUDO_DEBUG_ERROR,
"select failure, terminating child"); "select failure, terminating child");
schedule_signal(SIGKILL); schedule_signal(SIGKILL);
@@ -479,7 +479,7 @@ do_tty_io:
if (ISSET(details->flags, CD_RBAC_ENABLED)) { if (ISSET(details->flags, CD_RBAC_ENABLED)) {
/* This is probably not needed in log_io mode. */ /* This is probably not needed in log_io mode. */
if (selinux_restore_tty() != 0) if (selinux_restore_tty() != 0)
warningx(N_("unable to restore tty label")); warningx(_("unable to restore tty label"));
} }
#endif #endif

2
src/exec_common.c
View File

@@ -67,7 +67,7 @@ disable_execute(char *const envp[])
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0) if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
debug_return_ptr(envp); debug_return_ptr(envp);
warning(N_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT")); warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));
#endif /* HAVE_PRIV_SET */ #endif /* HAVE_PRIV_SET */
#ifdef _PATH_SUDO_NOEXEC #ifdef _PATH_SUDO_NOEXEC

12
src/exec_pty.c
View File

@@ -1069,7 +1069,7 @@ exec_monitor(struct command_details *details, int backchannel)
error(1, _("unable to create pipe")); error(1, _("unable to create pipe"));
cmnd_pid = sudo_debug_fork(); cmnd_pid = sudo_debug_fork();
if (cmnd_pid == -1) { if (cmnd_pid == -1) {
warning(N_("unable to fork")); warning(_("unable to fork"));
goto bad; goto bad;
} }
if (cmnd_pid == 0) { if (cmnd_pid == 0) {
@@ -1145,7 +1145,7 @@ exec_monitor(struct command_details *details, int backchannel)
if (n == -1) { if (n == -1) {
if (errno == EINTR || errno == EAGAIN) if (errno == EINTR || errno == EAGAIN)
continue; continue;
warning(N_("error reading from signal pipe")); warning(_("error reading from signal pipe"));
goto done; goto done;
} }
/* /*
@@ -1166,7 +1166,7 @@ exec_monitor(struct command_details *details, int backchannel)
if (n == -1) { if (n == -1) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
warning(N_("error reading from pipe")); warning(_("error reading from pipe"));
goto done; goto done;
} }
/* Got errno or EOF, either way we are done with errpipe. */ /* Got errno or EOF, either way we are done with errpipe. */
@@ -1182,11 +1182,11 @@ exec_monitor(struct command_details *details, int backchannel)
if (n == -1) { if (n == -1) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
warning(N_("error reading from socketpair")); warning(_("error reading from socketpair"));
goto done; goto done;
} }
if (cstmp.type != CMD_SIGNO) { if (cstmp.type != CMD_SIGNO) {
warningx(N_("unexpected reply type on backchannel: %d"), warningx(_("unexpected reply type on backchannel: %d"),
cstmp.type); cstmp.type);
continue; continue;
} }
@@ -1274,7 +1274,7 @@ flush_output(void)
break; /* all I/O flushed */ break; /* all I/O flushed */
if (errno == EINTR || errno == ENOMEM) if (errno == EINTR || errno == ENOMEM)
continue; continue;
warning(N_("select failed")); warning(_("select failed"));
} }
if (perform_io(fdsr, fdsw, NULL) != 0 || nready == -1) if (perform_io(fdsr, fdsw, NULL) != 0 || nready == -1)
break; break;

20
src/load_plugins.c
View File

@@ -71,13 +71,13 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
if (info->path[0] == '/') { if (info->path[0] == '/') {
if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) { if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) {
warningx(N_("%s: %s"), info->path, strerror(ENAMETOOLONG)); warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG));
goto done; goto done;
} }
} else { } else {
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR, if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
info->path) >= sizeof(path)) { info->path) >= sizeof(path)) {
warningx(N_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path, warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
strerror(ENAMETOOLONG)); strerror(ENAMETOOLONG));
goto done; goto done;
} }
@@ -87,40 +87,40 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
goto done; goto done;
} }
if (sb.st_uid != ROOT_UID) { if (sb.st_uid != ROOT_UID) {
warningx(N_("%s must be owned by uid %d"), path, ROOT_UID); warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
goto done; goto done;
} }
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
warningx(N_("%s must be only be writable by owner"), path); warningx(_("%s must be only be writable by owner"), path);
goto done; goto done;
} }
/* Open plugin and map in symbol */ /* Open plugin and map in symbol */
handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL); handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
if (!handle) { if (!handle) {
warningx(N_("unable to dlopen %s: %s"), path, dlerror()); warningx(_("unable to dlopen %s: %s"), path, dlerror());
goto done; goto done;
} }
plugin = dlsym(handle, info->symbol_name); plugin = dlsym(handle, info->symbol_name);
if (!plugin) { if (!plugin) {
warningx(N_("%s: unable to find symbol %s"), path, warningx(_("%s: unable to find symbol %s"), path,
info->symbol_name); info->symbol_name);
goto done; goto done;
} }
if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) { if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) {
warningx(N_("%s: unknown policy type %d"), path, plugin->type); warningx(_("%s: unknown policy type %d"), path, plugin->type);
goto done; goto done;
} }
if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) { if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) {
warningx(N_("%s: incompatible policy major version %d, expected %d"), warningx(_("%s: incompatible policy major version %d, expected %d"),
path, SUDO_API_VERSION_GET_MAJOR(plugin->version), path, SUDO_API_VERSION_GET_MAJOR(plugin->version),
SUDO_API_VERSION_MAJOR); SUDO_API_VERSION_MAJOR);
goto done; goto done;
} }
if (plugin->type == SUDO_POLICY_PLUGIN) { if (plugin->type == SUDO_POLICY_PLUGIN) {
if (policy_plugin->handle) { if (policy_plugin->handle) {
warningx(N_("%s: only a single policy plugin may be loaded"), warningx(_("%s: only a single policy plugin may be loaded"),
_PATH_SUDO_CONF); _PATH_SUDO_CONF);
goto done; goto done;
} }
@@ -197,7 +197,7 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
} }
} }
if (policy_plugin->u.policy->check_policy == NULL) { if (policy_plugin->u.policy->check_policy == NULL) {
warningx(N_("policy plugin %s does not include a check_policy method"), warningx(_("policy plugin %s does not include a check_policy method"),
policy_plugin->name); policy_plugin->name);
rval = false; rval = false;
goto done; goto done;

12
src/net_ifs.c
View File

@@ -154,7 +154,7 @@ get_net_ifs(char **addrinfo)
"%s%s/", cp == *addrinfo ? "" : " ", "%s%s/", cp == *addrinfo ? "" : " ",
inet_ntoa(sin->sin_addr)); inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(N_("load_interfaces: overflow detected")); warningx(_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -163,7 +163,7 @@ get_net_ifs(char **addrinfo)
len = snprintf(cp, ailen - (*addrinfo - cp), len = snprintf(cp, ailen - (*addrinfo - cp),
"%s", inet_ntoa(sin->sin_addr)); "%s", inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(N_("load_interfaces: overflow detected")); warningx(_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -175,7 +175,7 @@ get_net_ifs(char **addrinfo)
len = snprintf(cp, ailen - (*addrinfo - cp), len = snprintf(cp, ailen - (*addrinfo - cp),
"%s%s/", cp == *addrinfo ? "" : " ", addrbuf); "%s%s/", cp == *addrinfo ? "" : " ", addrbuf);
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(N_("load_interfaces: overflow detected")); warningx(_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -184,7 +184,7 @@ get_net_ifs(char **addrinfo)
inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf)); inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf); len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf);
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(N_("load_interfaces: overflow detected")); warningx(_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -295,7 +295,7 @@ get_net_ifs(char **addrinfo)
"%s%s/", cp == *addrinfo ? "" : " ", "%s%s/", cp == *addrinfo ? "" : " ",
inet_ntoa(sin->sin_addr)); inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(N_("load_interfaces: overflow detected")); warningx(_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;
@@ -319,7 +319,7 @@ get_net_ifs(char **addrinfo)
len = snprintf(cp, ailen - (*addrinfo - cp), len = snprintf(cp, ailen - (*addrinfo - cp),
"%s", inet_ntoa(sin->sin_addr)); "%s", inet_ntoa(sin->sin_addr));
if (len <= 0 || len >= ailen - (*addrinfo - cp)) { if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
warningx(N_("load_interfaces: overflow detected")); warningx(_("load_interfaces: overflow detected"));
goto done; goto done;
} }
cp += len; cp += len;

16
src/parse_args.c
View File

@@ -184,7 +184,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
break; break;
case 'C': case 'C':
if (atoi(optarg) < 3) { if (atoi(optarg) < 3) {
warningx(N_("the argument to -C must be a number greater than or equal to 3")); warningx(_("the argument to -C must be a number greater than or equal to 3"));
usage(1); usage(1);
} }
sudo_settings[ARG_CLOSEFROM].value = optarg; sudo_settings[ARG_CLOSEFROM].value = optarg;
@@ -332,11 +332,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
if (ISSET(flags, MODE_LOGIN_SHELL)) { if (ISSET(flags, MODE_LOGIN_SHELL)) {
if (ISSET(flags, MODE_SHELL)) { if (ISSET(flags, MODE_SHELL)) {
warningx(N_("you may not specify both the `-i' and `-s' options")); warningx(_("you may not specify both the `-i' and `-s' options"));
usage(1); usage(1);
} }
if (ISSET(flags, MODE_PRESERVE_ENV)) { if (ISSET(flags, MODE_PRESERVE_ENV)) {
warningx(N_("you may not specify both the `-i' and `-E' options")); warningx(_("you may not specify both the `-i' and `-E' options"));
usage(1); usage(1);
} }
SET(flags, MODE_SHELL); SET(flags, MODE_SHELL);
@@ -346,9 +346,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
if (mode == MODE_EDIT && if (mode == MODE_EDIT &&
(ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) { (ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) {
if (ISSET(mode, MODE_PRESERVE_ENV)) if (ISSET(mode, MODE_PRESERVE_ENV))
warningx(N_("the `-E' option is not valid in edit mode")); warningx(_("the `-E' option is not valid in edit mode"));
if (env_add[0] != NULL) if (env_add[0] != NULL)
warningx(N_("you may not specify environment variables in edit mode")); warningx(_("you may not specify environment variables in edit mode"));
usage(1); usage(1);
} }
if ((runas_user != NULL || runas_group != NULL) && if ((runas_user != NULL || runas_group != NULL) &&
@@ -356,11 +356,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
usage(1); usage(1);
} }
if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) { if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
warningx(N_("the `-U' option may only be used with the `-l' option")); warningx(_("the `-U' option may only be used with the `-l' option"));
usage(1); usage(1);
} }
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) { if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
warningx(N_("the `-A' and `-S' options may not be used together")); warningx(_("the `-A' and `-S' options may not be used together"));
usage(1); usage(1);
} }
if ((argc == 0 && mode == MODE_EDIT) || if ((argc == 0 && mode == MODE_EDIT) ||
@@ -513,7 +513,7 @@ usage_excl(int fatal)
{ {
debug_decl(usage_excl, SUDO_DEBUG_ARGS) debug_decl(usage_excl, SUDO_DEBUG_ARGS)
warningx(N_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified")); warningx(_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"));
usage(fatal); usage(fatal);
} }

40
src/selinux.c
View File

@@ -82,7 +82,7 @@ audit_role_change(const security_context_t old_context,
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE, rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
message, NULL, NULL, ttyn, 1); message, NULL, NULL, ttyn, 1);
if (rc <= 0) if (rc <= 0)
warning(N_("unable to send audit message")); warning(_("unable to send audit message"));
efree(message); efree(message);
close(au_fd); close(au_fd);
} }
@@ -110,17 +110,17 @@ selinux_restore_tty(void)
/* Verify that the tty still has the context set by sudo. */ /* Verify that the tty still has the context set by sudo. */
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) { if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
warning(N_("unable to fgetfilecon %s"), se_state.ttyn); warning(_("unable to fgetfilecon %s"), se_state.ttyn);
goto skip_relabel; goto skip_relabel;
} }
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) { if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
warningx(N_("%s changed labels"), se_state.ttyn); warningx(_("%s changed labels"), se_state.ttyn);
goto skip_relabel; goto skip_relabel;
} }
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0) if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
warning(N_("unable to restore context for %s"), se_state.ttyn); warning(_("unable to restore context for %s"), se_state.ttyn);
skip_relabel: skip_relabel:
if (se_state.ttyfd != -1) { if (se_state.ttyfd != -1) {
@@ -160,7 +160,7 @@ relabel_tty(const char *ttyn, int ptyfd)
if (ptyfd == -1) { if (ptyfd == -1) {
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) { if (se_state.ttyfd == -1) {
warning(N_("unable to open %s, not relabeling tty"), ttyn); warning(_("unable to open %s, not relabeling tty"), ttyn);
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
@@ -169,21 +169,21 @@ relabel_tty(const char *ttyn, int ptyfd)
} }
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) { if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
warning(N_("unable to get current tty context, not relabeling tty")); warning(_("unable to get current tty context, not relabeling tty"));
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
if (tty_con && (security_compute_relabel(se_state.new_context, tty_con, if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
SECCLASS_CHR_FILE, &new_tty_con) < 0)) { SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
warning(N_("unable to get new tty context, not relabeling tty")); warning(_("unable to get new tty context, not relabeling tty"));
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
if (new_tty_con != NULL) { if (new_tty_con != NULL) {
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) { if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
warning(N_("unable to set new tty context")); warning(_("unable to set new tty context"));
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
@@ -193,7 +193,7 @@ relabel_tty(const char *ttyn, int ptyfd)
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */ /* Reopen pty that was relabeled, std{in,out,err} are reset later. */
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0); se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
if (se_state.ttyfd == -1) { if (se_state.ttyfd == -1) {
warning(N_("unable to open %s"), ttyn); warning(_("unable to open %s"), ttyn);
if (se_state.enforcing) if (se_state.enforcing)
goto bad; goto bad;
} }
@@ -206,7 +206,7 @@ relabel_tty(const char *ttyn, int ptyfd)
close(se_state.ttyfd); close(se_state.ttyfd);
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK); se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
if (se_state.ttyfd == -1) { if (se_state.ttyfd == -1) {
warning(N_("unable to open %s"), ttyn); warning(_("unable to open %s"), ttyn);
goto bad; goto bad;
} }
(void)fcntl(se_state.ttyfd, F_SETFL, (void)fcntl(se_state.ttyfd, F_SETFL,
@@ -249,13 +249,13 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
/* We must have a role, the type is optional (we can use the default). */ /* We must have a role, the type is optional (we can use the default). */
if (!role) { if (!role) {
warningx(N_("you must specify a role for type %s"), type); warningx(_("you must specify a role for type %s"), type);
errno = EINVAL; errno = EINVAL;
goto bad; goto bad;
} }
if (!type) { if (!type) {
if (get_default_type(role, &typebuf)) { if (get_default_type(role, &typebuf)) {
warningx(N_("unable to get default type for role %s"), role); warningx(_("unable to get default type for role %s"), role);
errno = EINVAL; errno = EINVAL;
goto bad; goto bad;
} }
@@ -273,11 +273,11 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
* type we will be running the command as. * type we will be running the command as.
*/ */
if (context_role_set(context, role)) { if (context_role_set(context, role)) {
warning(N_("failed to set new role %s"), role); warning(_("failed to set new role %s"), role);
goto bad; goto bad;
} }
if (context_type_set(context, type)) { if (context_type_set(context, type)) {
warning(N_("failed to set new type %s"), type); warning(_("failed to set new type %s"), type);
goto bad; goto bad;
} }
@@ -286,7 +286,7 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
*/ */
new_context = estrdup(context_str(context)); new_context = estrdup(context_str(context));
if (security_check_context(new_context) < 0) { if (security_check_context(new_context) < 0) {
warningx(N_("%s is not a valid context"), new_context); warningx(_("%s is not a valid context"), new_context);
errno = EINVAL; errno = EINVAL;
goto bad; goto bad;
} }
@@ -321,13 +321,13 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
/* Store the caller's SID in old_context. */ /* Store the caller's SID in old_context. */
if (getprevcon(&se_state.old_context)) { if (getprevcon(&se_state.old_context)) {
warning(N_("failed to get old_context")); warning(_("failed to get old_context"));
goto done; goto done;
} }
se_state.enforcing = security_getenforce(); se_state.enforcing = security_getenforce();
if (se_state.enforcing < 0) { if (se_state.enforcing < 0) {
warning(N_("unable to determine enforcing mode.")); warning(_("unable to determine enforcing mode."));
goto done; goto done;
} }
@@ -339,7 +339,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
goto done; goto done;
if (relabel_tty(ttyn, ptyfd) < 0) { if (relabel_tty(ttyn, ptyfd) < 0) {
warning(N_("unable to setup tty context for %s"), se_state.new_context); warning(_("unable to setup tty context for %s"), se_state.new_context);
goto done; goto done;
} }
@@ -370,14 +370,14 @@ selinux_execve(const char *path, char *const argv[], char *const envp[],
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
if (setexeccon(se_state.new_context)) { if (setexeccon(se_state.new_context)) {
warning(N_("unable to set exec context to %s"), se_state.new_context); warning(_("unable to set exec context to %s"), se_state.new_context);
if (se_state.enforcing) if (se_state.enforcing)
debug_return; debug_return;
} }
#ifdef HAVE_SETKEYCREATECON #ifdef HAVE_SETKEYCREATECON
if (setkeycreatecon(se_state.new_context)) { if (setkeycreatecon(se_state.new_context)) {
warning(N_("unable to set key creation context to %s"), se_state.new_context); warning(_("unable to set key creation context to %s"), se_state.new_context);
if (se_state.enforcing) if (se_state.enforcing)
debug_return; debug_return;
} }

2
src/sesh.c
View File

@@ -86,7 +86,7 @@ main(int argc, char *argv[], char *envp[])
*cp = '-'; *cp = '-';
} }
sudo_execve(cmnd, argv, envp, noexec); sudo_execve(cmnd, argv, envp, noexec);
warning(N_("unable to execute %s"), argv[0]); warning(_("unable to execute %s"), argv[0]);
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE); sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE);
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
} }

18
src/solaris.c
View File

@@ -83,38 +83,38 @@ set_project(struct passwd *pw)
case SETPROJ_ERR_TASK: case SETPROJ_ERR_TASK:
switch (errno) { switch (errno) {
case EAGAIN: case EAGAIN:
warningx(N_("resource control limit has been reached")); warningx(_("resource control limit has been reached"));
break; break;
case ESRCH: case ESRCH:
warningx(N_("user \"%s\" is not a member of project \"%s\""), warningx(_("user \"%s\" is not a member of project \"%s\""),
pw->pw_name, proj.pj_name); pw->pw_name, proj.pj_name);
break; break;
case EACCES: case EACCES:
warningx(N_("the invoking task is final")); warningx(_("the invoking task is final"));
break; break;
default: default:
warningx(N_("could not join project \"%s\""), proj.pj_name); warningx(_("could not join project \"%s\""), proj.pj_name);
} }
case SETPROJ_ERR_POOL: case SETPROJ_ERR_POOL:
switch (errno) { switch (errno) {
case EACCES: case EACCES:
warningx(N_("no resource pool accepting default bindings " warningx(_("no resource pool accepting default bindings "
"exists for project \"%s\""), proj.pj_name); "exists for project \"%s\""), proj.pj_name);
break; break;
case ESRCH: case ESRCH:
warningx(N_("specified resource pool does not exist for " warningx(_("specified resource pool does not exist for "
"project \"%s\""), proj.pj_name); "project \"%s\""), proj.pj_name);
break; break;
default: default:
warningx(N_("could not bind to default resource pool for " warningx(_("could not bind to default resource pool for "
"project \"%s\""), proj.pj_name); "project \"%s\""), proj.pj_name);
} }
break; break;
default: default:
if (errval <= 0) { if (errval <= 0) {
warningx(N_("setproject failed for project \"%s\""), proj.pj_name); warningx(_("setproject failed for project \"%s\""), proj.pj_name);
} else { } else {
warningx(N_("warning, resource control assignment failed for " warningx(_("warning, resource control assignment failed for "
"project \"%s\""), proj.pj_name); "project \"%s\""), proj.pj_name);
} }
} }

30
src/sudo.c
View File

@@ -883,7 +883,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
*/ */
lc = login_getclass((char *)details->login_class); lc = login_getclass((char *)details->login_class);
if (!lc) { if (!lc) {
warningx(N_("unknown login class %s"), details->login_class); warningx(_("unknown login class %s"), details->login_class);
errno = ENOENT; errno = ENOENT;
goto done; goto done;
} }
@@ -897,10 +897,10 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
} }
if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) { if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) {
if (details->pw->pw_uid != ROOT_UID) { if (details->pw->pw_uid != ROOT_UID) {
warning(N_("unable to set user context")); warning(_("unable to set user context"));
goto done; goto done;
} else } else
warning(N_("unable to set user context")); warning(_("unable to set user context"));
} }
} }
#endif /* HAVE_LOGIN_CAP_H */ #endif /* HAVE_LOGIN_CAP_H */
@@ -912,27 +912,27 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) { if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
if (details->ngroups >= 0) { if (details->ngroups >= 0) {
if (sudo_setgroups(details->ngroups, details->groups) < 0) { if (sudo_setgroups(details->ngroups, details->groups) < 0) {
warning(N_("unable to set supplementary group IDs")); warning(_("unable to set supplementary group IDs"));
goto done; goto done;
} }
} }
} }
#ifdef HAVE_SETEUID #ifdef HAVE_SETEUID
if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) { if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
warning(N_("unable to set effective gid to runas gid %u"), warning(_("unable to set effective gid to runas gid %u"),
(unsigned int)details->egid); (unsigned int)details->egid);
goto done; goto done;
} }
#endif #endif
if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) { if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
warning(N_("unable to set gid to runas gid %u"), warning(_("unable to set gid to runas gid %u"),
(unsigned int)details->gid); (unsigned int)details->gid);
goto done; goto done;
} }
if (ISSET(details->flags, CD_SET_PRIORITY)) { if (ISSET(details->flags, CD_SET_PRIORITY)) {
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) { if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
warning(N_("unable to set process priority")); warning(_("unable to set process priority"));
goto done; goto done;
} }
} }
@@ -940,26 +940,26 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
(void) umask(details->umask); (void) umask(details->umask);
if (details->chroot) { if (details->chroot) {
if (chroot(details->chroot) != 0 || chdir("/") != 0) { if (chroot(details->chroot) != 0 || chdir("/") != 0) {
warning(N_("unable to change root to %s"), details->chroot); warning(_("unable to change root to %s"), details->chroot);
goto done; goto done;
} }
} }
#ifdef HAVE_SETRESUID #ifdef HAVE_SETRESUID
if (setresuid(details->uid, details->euid, details->euid) != 0) { if (setresuid(details->uid, details->euid, details->euid) != 0) {
warning(N_("unable to change to runas uid (%u, %u)"), details->uid, warning(_("unable to change to runas uid (%u, %u)"), details->uid,
details->euid); details->euid);
goto done; goto done;
} }
#elif HAVE_SETREUID #elif HAVE_SETREUID
if (setreuid(details->uid, details->euid) != 0) { if (setreuid(details->uid, details->euid) != 0) {
warning(N_("unable to change to runas uid (%u, %u)"), warning(_("unable to change to runas uid (%u, %u)"),
(unsigned int)details->uid, (unsigned int)details->euid); (unsigned int)details->uid, (unsigned int)details->euid);
goto done; goto done;
} }
#else #else
if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) { if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) {
warning(N_("unable to change to runas uid (%u, %u)"), details->uid, warning(_("unable to change to runas uid (%u, %u)"), details->uid,
details->euid); details->euid);
goto done; goto done;
} }
@@ -973,7 +973,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) { if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) {
/* Note: cwd is relative to the new root, if any. */ /* Note: cwd is relative to the new root, if any. */
if (chdir(details->cwd) != 0) { if (chdir(details->cwd) != 0) {
warning(N_("unable to change directory to %s"), details->cwd); warning(_("unable to change directory to %s"), details->cwd);
goto done; goto done;
} }
} }
@@ -1057,7 +1057,7 @@ run_command(struct command_details *details)
exitcode = WTERMSIG(cstat.val) | 128; exitcode = WTERMSIG(cstat.val) | 128;
break; break;
default: default:
warningx(N_("unexpected child termination condition: %d"), cstat.type); warningx(_("unexpected child termination condition: %d"), cstat.type);
break; break;
} }
debug_return_int(exitcode); debug_return_int(exitcode);
@@ -1118,7 +1118,7 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[],
{ {
debug_decl(policy_list, SUDO_DEBUG_PCOMM) debug_decl(policy_list, SUDO_DEBUG_PCOMM)
if (plugin->u.policy->list == NULL) { if (plugin->u.policy->list == NULL) {
warningx(N_("policy plugin %s does not support listing privileges"), warningx(_("policy plugin %s does not support listing privileges"),
plugin->name); plugin->name);
debug_return_bool(false); debug_return_bool(false);
} }
@@ -1130,7 +1130,7 @@ policy_validate(struct plugin_container *plugin)
{ {
debug_decl(policy_validate, SUDO_DEBUG_PCOMM) debug_decl(policy_validate, SUDO_DEBUG_PCOMM)
if (plugin->u.policy->validate == NULL) { if (plugin->u.policy->validate == NULL) {
warningx(N_("policy plugin %s does not support the -v option"), warningx(_("policy plugin %s does not support the -v option"),
plugin->name); plugin->name);
debug_return_bool(false); debug_return_bool(false);
} }

28
src/sudo_edit.c
View File

@@ -108,7 +108,7 @@ sudo_edit(struct command_details *command_details)
* We will change the euid as needed below. * We will change the euid as needed below.
*/ */
if (setuid(ROOT_UID) != 0) { if (setuid(ROOT_UID) != 0) {
warning(N_("unable to change uid to root (%u)"), ROOT_UID); warning(_("unable to change uid to root (%u)"), ROOT_UID);
goto cleanup; goto cleanup;
} }
@@ -140,7 +140,7 @@ sudo_edit(struct command_details *command_details)
editor_argc++; editor_argc++;
} }
if (nfiles == 0) { if (nfiles == 0) {
warningx(N_("plugin error: missing file list for sudoedit")); warningx(_("plugin error: missing file list for sudoedit"));
goto cleanup; goto cleanup;
} }
@@ -168,7 +168,7 @@ sudo_edit(struct command_details *command_details)
if (rc) if (rc)
warning("%s", files[i]); warning("%s", files[i]);
else else
warningx(N_("%s: not a regular file"), files[i]); warningx(_("%s: not a regular file"), files[i]);
if (ofd != -1) if (ofd != -1)
close(ofd); close(ofd);
continue; continue;
@@ -202,7 +202,7 @@ sudo_edit(struct command_details *command_details)
if (nwritten == -1) if (nwritten == -1)
warning("%s", tf[j].tfile); warning("%s", tf[j].tfile);
else else
warningx(N_("%s: short write"), tf[j].tfile); warningx(_("%s: short write"), tf[j].tfile);
goto cleanup; goto cleanup;
} }
} }
@@ -268,8 +268,8 @@ sudo_edit(struct command_details *command_details)
if (rc) if (rc)
warning("%s", tf[i].tfile); warning("%s", tf[i].tfile);
else else
warningx(N_("%s: not a regular file"), tf[i].tfile); warningx(_("%s: not a regular file"), tf[i].tfile);
warningx(N_("%s left unmodified"), tf[i].ofile); warningx(_("%s left unmodified"), tf[i].ofile);
if (tfd != -1) if (tfd != -1)
close(tfd); close(tfd);
continue; continue;
@@ -282,7 +282,7 @@ sudo_edit(struct command_details *command_details)
*/ */
timevalsub(&tv1, &tv2); timevalsub(&tv1, &tv2);
if (timevalisset(&tv2)) { if (timevalisset(&tv2)) {
warningx(N_("%s unchanged"), tf[i].ofile); warningx(_("%s unchanged"), tf[i].ofile);
unlink(tf[i].tfile); unlink(tf[i].tfile);
close(tfd); close(tfd);
continue; continue;
@@ -294,8 +294,8 @@ sudo_edit(struct command_details *command_details)
switch_user(ROOT_UID, user_details.egid, switch_user(ROOT_UID, user_details.egid,
user_details.ngroups, user_details.groups); user_details.ngroups, user_details.groups);
if (ofd == -1) { if (ofd == -1) {
warning(N_("unable to write to %s"), tf[i].ofile); warning(_("unable to write to %s"), tf[i].ofile);
warningx(N_("contents of edit session left in %s"), tf[i].tfile); warningx(_("contents of edit session left in %s"), tf[i].tfile);
close(tfd); close(tfd);
continue; continue;
} }
@@ -304,7 +304,7 @@ sudo_edit(struct command_details *command_details)
if (nwritten == -1) if (nwritten == -1)
warning("%s", tf[i].ofile); warning("%s", tf[i].ofile);
else else
warningx(N_("%s: short write"), tf[i].ofile); warningx(_("%s: short write"), tf[i].ofile);
break; break;
} }
} }
@@ -312,11 +312,11 @@ sudo_edit(struct command_details *command_details)
/* success, got EOF */ /* success, got EOF */
unlink(tf[i].tfile); unlink(tf[i].tfile);
} else if (nread < 0) { } else if (nread < 0) {
warning(N_("unable to read temporary file")); warning(_("unable to read temporary file"));
warningx(N_("contents of edit session left in %s"), tf[i].tfile); warningx(_("contents of edit session left in %s"), tf[i].tfile);
} else { } else {
warning(N_("unable to write to %s"), tf[i].ofile); warning(_("unable to write to %s"), tf[i].ofile);
warningx(N_("contents of edit session left in %s"), tf[i].tfile); warningx(_("contents of edit session left in %s"), tf[i].tfile);
} }
close(ofd); close(ofd);
} }

8
src/tgetpass.c
View File

@@ -87,7 +87,7 @@ tgetpass(const char *prompt, int timeout, int flags)
if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) && if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
!tty_present()) { !tty_present()) {
if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) { if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) {
warningx(N_("no tty present and no askpass program specified")); warningx(_("no tty present and no askpass program specified"));
debug_return_str(NULL); debug_return_str(NULL);
} }
SET(flags, TGP_ASKPASS); SET(flags, TGP_ASKPASS);
@@ -228,16 +228,16 @@ sudo_askpass(const char *askpass, const char *prompt)
} }
(void) setuid(ROOT_UID); (void) setuid(ROOT_UID);
if (setgid(user_details.gid)) { if (setgid(user_details.gid)) {
warning(N_("unable to set gid to %u"), (unsigned int)user_details.gid); warning(_("unable to set gid to %u"), (unsigned int)user_details.gid);
_exit(255); _exit(255);
} }
if (setuid(user_details.uid)) { if (setuid(user_details.uid)) {
warning(N_("unable to set uid to %u"), (unsigned int)user_details.uid); warning(_("unable to set uid to %u"), (unsigned int)user_details.uid);
_exit(255); _exit(255);
} }
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
execl(askpass, askpass, prompt, (char *)NULL); execl(askpass, askpass, prompt, (char *)NULL);
warning(N_("unable to run %s"), askpass); warning(_("unable to run %s"), askpass);
_exit(255); _exit(255);
} }