Call gettext() on parameters for warning()/warningx() instead of
having warning() do it for us.
This commit is contained in:
Todd C. Miller
@@ -308,20 +308,20 @@ sudo_conf_read(void)
|
||||
case SUDO_PATH_MISSING:
|
||||
/* Root should always be able to read sudo.conf. */
|
||||
if (errno != ENOENT && geteuid() == ROOT_UID)
|
||||
warning(N_("unable to stat %s"), _PATH_SUDO_CONF);
|
||||
warning(_("unable to stat %s"), _PATH_SUDO_CONF);
|
||||
goto done;
|
||||
case SUDO_PATH_BAD_TYPE:
|
||||
warningx(N_("%s is not a regular file"), _PATH_SUDO_CONF);
|
||||
warningx(_("%s is not a regular file"), _PATH_SUDO_CONF);
|
||||
goto done;
|
||||
case SUDO_PATH_WRONG_OWNER:
|
||||
warningx(N_("%s is owned by uid %u, should be %u"),
|
||||
warningx(_("%s is owned by uid %u, should be %u"),
|
||||
_PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID);
|
||||
goto done;
|
||||
case SUDO_PATH_WORLD_WRITABLE:
|
||||
warningx(N_("%s is world writable"), _PATH_SUDO_CONF);
|
||||
warningx(_("%s is world writable"), _PATH_SUDO_CONF);
|
||||
goto done;
|
||||
case SUDO_PATH_GROUP_WRITABLE:
|
||||
warningx(N_("%s is group writable"), _PATH_SUDO_CONF);
|
||||
warningx(_("%s is group writable"), _PATH_SUDO_CONF);
|
||||
goto done;
|
||||
default:
|
||||
/* NOTREACHED */
|
||||
@@ -330,7 +330,7 @@ sudo_conf_read(void)
|
||||
|
||||
if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) {
|
||||
if (errno != ENOENT && geteuid() == ROOT_UID)
|
||||
warning(N_("unable to open %s"), _PATH_SUDO_CONF);
|
||||
warning(_("unable to open %s"), _PATH_SUDO_CONF);
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
||||
@@ -57,22 +57,22 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth)
|
||||
debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH)
|
||||
|
||||
if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
|
||||
warningx(N_("unable to read fwtk config"));
|
||||
warningx(_("unable to read fwtk config"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
if (auth_open(confp)) {
|
||||
warningx(N_("unable to connect to authentication server"));
|
||||
warningx(_("unable to connect to authentication server"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
/* Get welcome message from auth server */
|
||||
if (auth_recv(resp, sizeof(resp))) {
|
||||
warningx(N_("lost connection to authentication server"));
|
||||
warningx(_("lost connection to authentication server"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
if (strncmp(resp, "Authsrv ready", 13) != 0) {
|
||||
warningx(N_("authentication server error:\n%s"), resp);
|
||||
warningx(_("authentication server error:\n%s"), resp);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
@@ -92,7 +92,7 @@ sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
|
||||
(void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
|
||||
restart:
|
||||
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
||||
warningx(N_("lost connection to authentication server"));
|
||||
warningx(_("lost connection to authentication server"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ restart:
|
||||
/* Send the user's response to the server */
|
||||
(void) snprintf(buf, sizeof(buf), "response '%s'", pass);
|
||||
if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
|
||||
warningx(N_("lost connection to authentication server"));
|
||||
warningx(_("lost connection to authentication server"));
|
||||
error = AUTH_FATAL;
|
||||
goto done;
|
||||
}
|
||||
@@ -137,7 +137,7 @@ restart:
|
||||
|
||||
/* Main loop prints "Permission Denied" or insult. */
|
||||
if (strcmp(resp, "Permission Denied.") != 0)
|
||||
warningx(N"%s", resp);
|
||||
warningx("%s", resp);
|
||||
error = AUTH_FAILURE;
|
||||
done:
|
||||
zero_bytes(pass, strlen(pass));
|
||||
|
||||
@@ -101,7 +101,7 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
*/
|
||||
if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
|
||||
if (IS_ONEANDONLY(auth)) {
|
||||
warningx(N_("you do not exist in the %s database"), auth->name);
|
||||
warningx(_("you do not exist in the %s database"), auth->name);
|
||||
debug_return_int(AUTH_FATAL);
|
||||
} else {
|
||||
debug_return_int(AUTH_FAILURE);
|
||||
|
||||
@@ -78,7 +78,7 @@ sudo_securid_init(struct passwd *pw, sudo_auth *auth)
|
||||
if (AceInitialize() != SD_FALSE)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
|
||||
warningx(N_("failed to initialise the ACE API library"));
|
||||
warningx(_("failed to initialise the ACE API library"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
@@ -104,7 +104,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
|
||||
/* Re-initialize SecurID every time. */
|
||||
if (SD_Init(sd) != ACM_OK) {
|
||||
warningx(N_("unable to contact the SecurID server"));
|
||||
warningx(_("unable to contact the SecurID server"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
@@ -113,23 +113,23 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
|
||||
switch (retval) {
|
||||
case ACM_OK:
|
||||
warningx(N_("User ID locked for SecurID Authentication"));
|
||||
warningx(_("User ID locked for SecurID Authentication"));
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
|
||||
case ACE_UNDEFINED_USERNAME:
|
||||
warningx(N_("invalid username length for SecurID"));
|
||||
warningx(_("invalid username length for SecurID"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
|
||||
case ACE_ERR_INVALID_HANDLE:
|
||||
warningx(N_("invalid Authentication Handle for SecurID"));
|
||||
warningx(_("invalid Authentication Handle for SecurID"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
|
||||
case ACM_ACCESS_DENIED:
|
||||
warningx(N_("SecurID communication failed"));
|
||||
warningx(_("SecurID communication failed"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
|
||||
default:
|
||||
warningx(N_("unknown SecurID error"));
|
||||
warningx(_("unknown SecurID error"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
}
|
||||
@@ -163,17 +163,17 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth)
|
||||
break;
|
||||
|
||||
case ACE_UNDEFINED_PASSCODE:
|
||||
warningx(N_("invalid passcode length for SecurID"));
|
||||
warningx(_("invalid passcode length for SecurID"));
|
||||
rval = AUTH_FATAL;
|
||||
break;
|
||||
|
||||
case ACE_UNDEFINED_USERNAME:
|
||||
warningx(N_("invalid username length for SecurID"));
|
||||
warningx(_("invalid username length for SecurID"));
|
||||
rval = AUTH_FATAL;
|
||||
break;
|
||||
|
||||
case ACE_ERR_INVALID_HANDLE:
|
||||
warningx(N_("invalid Authentication Handle for SecurID"));
|
||||
warningx(_("invalid Authentication Handle for SecurID"));
|
||||
rval = AUTH_FATAL;
|
||||
break;
|
||||
|
||||
@@ -212,7 +212,7 @@ then enter the new token code.\n", \
|
||||
break;
|
||||
|
||||
default:
|
||||
warningx(N_("unknown SecurID error"));
|
||||
warningx(_("unknown SecurID error"));
|
||||
rval = AUTH_FATAL;
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -205,7 +205,7 @@ set_default(char *var, char *val, int op)
|
||||
break;
|
||||
}
|
||||
if (!cur->name) {
|
||||
warningx(N_("unknown defaults entry `%s'"), var);
|
||||
warningx(_("unknown defaults entry `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
|
||||
@@ -213,20 +213,20 @@ set_default(char *var, char *val, int op)
|
||||
case T_LOGFAC:
|
||||
if (!store_syslogfac(val, cur, op)) {
|
||||
if (val)
|
||||
warningx(N_("value `%s' is invalid for option `%s'"),
|
||||
warningx(_("value `%s' is invalid for option `%s'"),
|
||||
val, var);
|
||||
else
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
case T_LOGPRI:
|
||||
if (!store_syslogpri(val, cur, op)) {
|
||||
if (val)
|
||||
warningx(N_("value `%s' is invalid for option `%s'"),
|
||||
warningx(_("value `%s' is invalid for option `%s'"),
|
||||
val, var);
|
||||
else
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
@@ -234,16 +234,16 @@ set_default(char *var, char *val, int op)
|
||||
if (!val) {
|
||||
/* Check for bogus boolean usage or lack of a value. */
|
||||
if (!ISSET(cur->type, T_BOOL) || op != false) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
}
|
||||
if (ISSET(cur->type, T_PATH) && val && *val != '/') {
|
||||
warningx(N_("values for `%s' must start with a '/'"), var);
|
||||
warningx(_("values for `%s' must start with a '/'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
if (!store_str(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
@@ -251,12 +251,12 @@ set_default(char *var, char *val, int op)
|
||||
if (!val) {
|
||||
/* Check for bogus boolean usage or lack of a value. */
|
||||
if (!ISSET(cur->type, T_BOOL) || op != false) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
}
|
||||
if (!store_int(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
@@ -264,12 +264,12 @@ set_default(char *var, char *val, int op)
|
||||
if (!val) {
|
||||
/* Check for bogus boolean usage or lack of a value. */
|
||||
if (!ISSET(cur->type, T_BOOL) || op != false) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
}
|
||||
if (!store_uint(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
@@ -277,12 +277,12 @@ set_default(char *var, char *val, int op)
|
||||
if (!val) {
|
||||
/* Check for bogus boolean usage or lack of a value. */
|
||||
if (!ISSET(cur->type, T_BOOL) || op != false) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
}
|
||||
if (!store_float(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
@@ -290,18 +290,18 @@ set_default(char *var, char *val, int op)
|
||||
if (!val) {
|
||||
/* Check for bogus boolean usage or lack of a value. */
|
||||
if (!ISSET(cur->type, T_BOOL) || op != false) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
}
|
||||
if (!store_mode(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
case T_FLAG:
|
||||
if (val) {
|
||||
warningx(N_("option `%s' does not take a value"), var);
|
||||
warningx(_("option `%s' does not take a value"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
cur->sd_un.flag = op;
|
||||
@@ -310,22 +310,22 @@ set_default(char *var, char *val, int op)
|
||||
if (!val) {
|
||||
/* Check for bogus boolean usage or lack of a value. */
|
||||
if (!ISSET(cur->type, T_BOOL) || op != false) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
}
|
||||
if (!store_list(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
case T_TUPLE:
|
||||
if (!val && !ISSET(cur->type, T_BOOL)) {
|
||||
warningx(N_("no value specified for `%s'"), var);
|
||||
warningx(_("no value specified for `%s'"), var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
if (!store_tuple(val, cur, op)) {
|
||||
warningx(N_("value `%s' is invalid for option `%s'"), val, var);
|
||||
warningx(_("value `%s' is invalid for option `%s'"), val, var);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
break;
|
||||
@@ -580,7 +580,7 @@ check_defaults(int what, bool quiet)
|
||||
}
|
||||
if (cur->name == NULL) {
|
||||
if (!quiet)
|
||||
warningx(N_("unknown defaults entry `%s'"), def->var);
|
||||
warningx(_("unknown defaults entry `%s'"), def->var);
|
||||
rc = false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -100,28 +100,28 @@ group_plugin_load(char *plugin_info)
|
||||
goto done;
|
||||
}
|
||||
if (sb.st_uid != ROOT_UID) {
|
||||
warningx(N_("%s must be owned by uid %d"), path, ROOT_UID);
|
||||
warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
|
||||
goto done;
|
||||
}
|
||||
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
|
||||
warningx(N_("%s must only be writable by owner"), path);
|
||||
warningx(_("%s must only be writable by owner"), path);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Open plugin and map in symbol. */
|
||||
group_handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
|
||||
if (!group_handle) {
|
||||
warningx(N_("unable to dlopen %s: %s"), path, dlerror());
|
||||
warningx(_("unable to dlopen %s: %s"), path, dlerror());
|
||||
goto done;
|
||||
}
|
||||
group_plugin = dlsym(group_handle, "group_plugin");
|
||||
if (group_plugin == NULL) {
|
||||
warningx(N_("unable to find symbol \"group_plugin\" in %s"), path);
|
||||
warningx(_("unable to find symbol \"group_plugin\" in %s"), path);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) {
|
||||
warningx(N_("%s: incompatible group plugin major version %d, expected %d"),
|
||||
warningx(_("%s: incompatible group plugin major version %d, expected %d"),
|
||||
path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version),
|
||||
GROUP_API_VERSION_MAJOR);
|
||||
goto done;
|
||||
|
||||
@@ -437,7 +437,7 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list)
|
||||
nldaps++;
|
||||
host = uri + 8;
|
||||
} else {
|
||||
warningx(N_("unsupported LDAP uri type: %s"), uri);
|
||||
warningx(_("unsupported LDAP uri type: %s"), uri);
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -466,17 +466,17 @@ sudo_ldap_parse_uri(const struct ldap_config_list_str *uri_list)
|
||||
}
|
||||
}
|
||||
if (hostbuf[0] == '\0') {
|
||||
warningx(N_("invalid uri: %s"), uri_list->val);
|
||||
warningx(_("invalid uri: %s"), uri_list->val);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (nldaps != 0) {
|
||||
if (nldap != 0) {
|
||||
warningx(N_("unable to mix ldap and ldaps URIs"));
|
||||
warningx(_("unable to mix ldap and ldaps URIs"));
|
||||
goto done;
|
||||
}
|
||||
if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
|
||||
warningx(N_("unable to mix ldaps and starttls"));
|
||||
warningx(_("unable to mix ldaps and starttls"));
|
||||
goto done;
|
||||
}
|
||||
ldap_conf.ssl_mode = SUDO_LDAP_SSL;
|
||||
@@ -569,10 +569,10 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port)
|
||||
}
|
||||
}
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
warningx(N_("unable to initialize SSL cert and key db: %s"),
|
||||
warningx(_("unable to initialize SSL cert and key db: %s"),
|
||||
ldapssl_err2string(rc));
|
||||
if (ldap_conf.tls_certfile == NULL)
|
||||
warningx(N_("you must set TLS_CERT in %s to use SSL"),
|
||||
warningx(_("you must set TLS_CERT in %s to use SSL"),
|
||||
_PATH_LDAP_CONF);
|
||||
goto done;
|
||||
}
|
||||
@@ -995,13 +995,13 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize)
|
||||
/* Make sure we have a formatted timestamp for __now__. */
|
||||
time(&now);
|
||||
if ((tp = gmtime(&now)) == NULL) {
|
||||
warning(N_("unable to get GMT time"));
|
||||
warning(_("unable to get GMT time"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Format the timestamp according to the RFC. */
|
||||
if (strftime(timebuffer, sizeof(timebuffer), "%Y%m%d%H%M%S.0Z", tp) == 0) {
|
||||
warningx(N_("unable to format timestamp"));
|
||||
warningx(_("unable to format timestamp"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -1009,7 +1009,7 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize)
|
||||
bytes = snprintf(buffer, buffersize, "(&(|(!(sudoNotAfter=*))(sudoNotAfter>=%s))(|(!(sudoNotBefore=*))(sudoNotBefore<=%s)))",
|
||||
timebuffer, timebuffer);
|
||||
if (bytes < 0 || bytes >= buffersize) {
|
||||
warning(N_("unable to build time filter"));
|
||||
warning(_("unable to build time filter"));
|
||||
bytes = 0;
|
||||
}
|
||||
|
||||
@@ -2252,7 +2252,7 @@ sudo_ldap_open(struct sudo_nss *nss)
|
||||
rc = ldap_initialize(&ld, buf);
|
||||
efree(buf);
|
||||
if (rc != LDAP_SUCCESS)
|
||||
warningx(N_("unable to initialize LDAP: %s"), ldap_err2string(rc));
|
||||
warningx(_("unable to initialize LDAP: %s"), ldap_err2string(rc));
|
||||
} else
|
||||
#endif
|
||||
rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
|
||||
@@ -2286,7 +2286,7 @@ sudo_ldap_open(struct sudo_nss *nss)
|
||||
}
|
||||
DPRINTF(("ldap_start_tls_s_np() ok"), 1);
|
||||
#else
|
||||
warningx(N_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"));
|
||||
warningx(_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"));
|
||||
#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
|
||||
}
|
||||
|
||||
@@ -2522,7 +2522,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry)
|
||||
DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1);
|
||||
order = strtod((*bv)->bv_val, &ep);
|
||||
if (ep == (*bv)->bv_val || *ep != '\0') {
|
||||
warningx(N_("invalid sudoOrder attribute: %s"), (*bv)->bv_val);
|
||||
warningx(_("invalid sudoOrder attribute: %s"), (*bv)->bv_val);
|
||||
order = 0.0;
|
||||
}
|
||||
DPRINTF(("order attribute: %f", order), 1);
|
||||
|
||||
@@ -90,7 +90,7 @@ linux_audit_command(char *argv[], int result)
|
||||
/* Log command, ignoring ECONNREFUSED on error. */
|
||||
rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
|
||||
if (rc <= 0 && errno != ECONNREFUSED)
|
||||
warning(N_("unable to send audit message"));
|
||||
warning(_("unable to send audit message"));
|
||||
|
||||
efree(command);
|
||||
|
||||
|
||||
@@ -335,9 +335,9 @@ log_failure(int status, int flags)
|
||||
* their path to just contain a single dir.
|
||||
*/
|
||||
if (flags == NOT_FOUND)
|
||||
warningx(N_("%s: command not found"), user_cmnd);
|
||||
warningx(_("%s: command not found"), user_cmnd);
|
||||
else if (flags == NOT_FOUND_DOT)
|
||||
warningx(N_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
|
||||
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
|
||||
}
|
||||
|
||||
debug_return;
|
||||
|
||||
@@ -23,16 +23,10 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <setjmp.h>
|
||||
#ifdef HAVE_STDBOOL_H
|
||||
# include <stdbool.h>
|
||||
#else
|
||||
# include "compat/stdbool.h"
|
||||
#endif /* HAVE_STDBOOL_H */
|
||||
|
||||
#include "missing.h"
|
||||
#include "alloc.h"
|
||||
#include "error.h"
|
||||
#include "logging.h"
|
||||
#include "sudo_plugin.h"
|
||||
|
||||
#define DEFAULT_TEXT_DOMAIN "sudoers"
|
||||
@@ -131,10 +125,7 @@ vwarningx2(const char *fmt, va_list ap)
|
||||
static void
|
||||
_warning(int use_errno, const char *fmt, va_list ap)
|
||||
{
|
||||
int oldlocale, serrno = errno;
|
||||
|
||||
/* Warnings are displayed in the user's locale. */
|
||||
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
|
||||
int serrno = errno;
|
||||
|
||||
if (sudo_conv != NULL) {
|
||||
struct sudo_conv_message msg[6];
|
||||
@@ -176,6 +167,4 @@ _warning(int use_errno, const char *fmt, va_list ap)
|
||||
}
|
||||
putc('\n', stderr);
|
||||
}
|
||||
|
||||
sudoers_setlocale(oldlocale, NULL);
|
||||
}
|
||||
|
||||
@@ -495,7 +495,7 @@ sudoers_policy_close(int exit_status, int error_code)
|
||||
/* We do not currently log the exit status. */
|
||||
if (error_code) {
|
||||
errno = error_code;
|
||||
warning(N_("unable to execute %s"), safe_cmnd);
|
||||
warning(_("unable to execute %s"), safe_cmnd);
|
||||
}
|
||||
|
||||
/* Close the session we opened in sudoers_policy_init_session(). */
|
||||
@@ -603,7 +603,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose,
|
||||
if (list_user) {
|
||||
list_pw = sudo_getpwnam(list_user);
|
||||
if (list_pw == NULL) {
|
||||
warningx(N_("unknown user: %s"), list_user);
|
||||
warningx(_("unknown user: %s"), list_user);
|
||||
debug_return_bool(-1);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -248,14 +248,14 @@ static int sudo_sss_open(struct sudo_nss *nss)
|
||||
/* Load symbols */
|
||||
handle->ssslib = dlopen(path, RTLD_LAZY);
|
||||
if (handle->ssslib == NULL) {
|
||||
warningx(N_("Unable to dlopen %s: %s"), path, dlerror());
|
||||
warningx(N_("Unable to initialize SSS source. Is SSSD installed on your machine?"));
|
||||
warningx(_("Unable to dlopen %s: %s"), path, dlerror());
|
||||
warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?"));
|
||||
debug_return_int(EFAULT);
|
||||
}
|
||||
|
||||
handle->fn_send_recv = dlsym(handle->ssslib, "sss_sudo_send_recv");
|
||||
if (handle->fn_send_recv == NULL) {
|
||||
warningx(N_("unable to find symbol \"%s\" in %s"), path,
|
||||
warningx(_("unable to find symbol \"%s\" in %s"), path,
|
||||
"sss_sudo_send_recv");
|
||||
debug_return_int(EFAULT);
|
||||
}
|
||||
@@ -263,28 +263,28 @@ static int sudo_sss_open(struct sudo_nss *nss)
|
||||
handle->fn_send_recv_defaults =
|
||||
dlsym(handle->ssslib, "sss_sudo_send_recv_defaults");
|
||||
if (handle->fn_send_recv_defaults == NULL) {
|
||||
warningx(N_("unable to find symbol \"%s\" in %s"), path,
|
||||
warningx(_("unable to find symbol \"%s\" in %s"), path,
|
||||
"sss_sudo_send_recv_defaults");
|
||||
debug_return_int(EFAULT);
|
||||
}
|
||||
|
||||
handle->fn_free_result = dlsym(handle->ssslib, "sss_sudo_free_result");
|
||||
if (handle->fn_free_result == NULL) {
|
||||
warningx(N_("unable to find symbol \"%s\" in %s"), path,
|
||||
warningx(_("unable to find symbol \"%s\" in %s"), path,
|
||||
"sss_sudo_free_result");
|
||||
debug_return_int(EFAULT);
|
||||
}
|
||||
|
||||
handle->fn_get_values = dlsym(handle->ssslib, "sss_sudo_get_values");
|
||||
if (handle->fn_get_values == NULL) {
|
||||
warningx(N_("unable to find symbol \"%s\" in %s"), path,
|
||||
warningx(_("unable to find symbol \"%s\" in %s"), path,
|
||||
"sss_sudo_get_values");
|
||||
debug_return_int(EFAULT);
|
||||
}
|
||||
|
||||
handle->fn_free_values = dlsym(handle->ssslib, "sss_sudo_free_values");
|
||||
if (handle->fn_free_values == NULL) {
|
||||
warningx(N_("unable to find symbol \"%s\" in %s"), path,
|
||||
warningx(_("unable to find symbol \"%s\" in %s"), path,
|
||||
"sss_sudo_free_values");
|
||||
debug_return_int(EFAULT);
|
||||
}
|
||||
|
||||
@@ -162,7 +162,7 @@ sudoers_policy_init(void *info, char * const envp[])
|
||||
}
|
||||
}
|
||||
if (sources == 0) {
|
||||
warningx(N_("no valid sudoers sources found, quitting"));
|
||||
warningx(_("no valid sudoers sources found, quitting"));
|
||||
debug_return_bool(-1);
|
||||
}
|
||||
|
||||
@@ -239,14 +239,14 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
|
||||
/* Is root even allowed to run sudo? */
|
||||
if (user_uid == 0 && !def_root_sudo) {
|
||||
warningx(N_("sudoers specifies that root is not allowed to sudo"));
|
||||
warningx(_("sudoers specifies that root is not allowed to sudo"));
|
||||
goto bad;
|
||||
}
|
||||
|
||||
/* Check for -C overriding def_closefrom. */
|
||||
if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
|
||||
if (!def_closefrom_override) {
|
||||
warningx(N_("you are not permitted to use the -C option"));
|
||||
warningx(_("you are not permitted to use the -C option"));
|
||||
goto bad;
|
||||
}
|
||||
def_closefrom = user_closefrom;
|
||||
@@ -344,7 +344,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
|
||||
if (fd == -1) {
|
||||
audit_failure(NewArgv, N_("no tty"));
|
||||
warningx(N_("sorry, you must have a tty to run sudo"));
|
||||
warningx(_("sorry, you must have a tty to run sudo"));
|
||||
goto bad;
|
||||
} else
|
||||
(void) close(fd);
|
||||
@@ -395,18 +395,18 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
|
||||
/* Finally tell the user if the command did not exist. */
|
||||
if (cmnd_status == NOT_FOUND_DOT) {
|
||||
audit_failure(NewArgv, N_("command in current directory"));
|
||||
warningx(N_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
|
||||
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
|
||||
goto bad;
|
||||
} else if (cmnd_status == NOT_FOUND) {
|
||||
audit_failure(NewArgv, N_("%s: command not found"), user_cmnd);
|
||||
warningx(N_("%s: command not found"), user_cmnd);
|
||||
warningx(_("%s: command not found"), user_cmnd);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
/* If user specified env vars make sure sudoers allows it. */
|
||||
if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
|
||||
if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
|
||||
warningx(N_("sorry, you are not allowed to preserve the environment"));
|
||||
warningx(_("sorry, you are not allowed to preserve the environment"));
|
||||
goto bad;
|
||||
} else
|
||||
validate_env_vars(sudo_user.env_vars);
|
||||
@@ -1022,7 +1022,7 @@ find_editor(int nfiles, char **files, char ***argv_out)
|
||||
}
|
||||
if (!editor_path) {
|
||||
audit_failure(NewArgv, N_("%s: command not found"), editor);
|
||||
warningx(N_("%s: command not found"), editor);
|
||||
warningx(_("%s: command not found"), editor);
|
||||
}
|
||||
debug_return_str(editor_path);
|
||||
}
|
||||
|
||||
@@ -812,7 +812,7 @@ parse_logfile(char *logfile)
|
||||
|
||||
fp = fopen(logfile, "r");
|
||||
if (fp == NULL) {
|
||||
warning(N_("unable to open %s"), logfile);
|
||||
warning(_("unable to open %s"), logfile);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
|
||||
@@ -3561,19 +3561,19 @@ _push_include(char *path, bool isdir)
|
||||
debug_return_bool(false);
|
||||
case SUDO_PATH_WRONG_OWNER:
|
||||
if (sudoers_warnings) {
|
||||
warningx(N_("%s is owned by uid %u, should be %u"),
|
||||
warningx(_("%s is owned by uid %u, should be %u"),
|
||||
path, (unsigned int) sb.st_uid,
|
||||
(unsigned int) sudoers_uid);
|
||||
}
|
||||
debug_return_bool(false);
|
||||
case SUDO_PATH_WORLD_WRITABLE:
|
||||
if (sudoers_warnings) {
|
||||
warningx(N_("%s is world writable"), path);
|
||||
warningx(_("%s is world writable"), path);
|
||||
}
|
||||
debug_return_bool(false);
|
||||
case SUDO_PATH_GROUP_WRITABLE:
|
||||
if (sudoers_warnings) {
|
||||
warningx(N_("%s is owned by gid %u, should be %u"),
|
||||
warningx(_("%s is owned by gid %u, should be %u"),
|
||||
path, (unsigned int) sb.st_gid,
|
||||
(unsigned int) sudoers_gid);
|
||||
}
|
||||
|
||||
@@ -839,19 +839,19 @@ _push_include(char *path, bool isdir)
|
||||
debug_return_bool(false);
|
||||
case SUDO_PATH_WRONG_OWNER:
|
||||
if (sudoers_warnings) {
|
||||
warningx(N_("%s is owned by uid %u, should be %u"),
|
||||
warningx(_("%s is owned by uid %u, should be %u"),
|
||||
path, (unsigned int) sb.st_uid,
|
||||
(unsigned int) sudoers_uid);
|
||||
}
|
||||
debug_return_bool(false);
|
||||
case SUDO_PATH_WORLD_WRITABLE:
|
||||
if (sudoers_warnings) {
|
||||
warningx(N_("%s is world writable"), path);
|
||||
warningx(_("%s is world writable"), path);
|
||||
}
|
||||
debug_return_bool(false);
|
||||
case SUDO_PATH_GROUP_WRITABLE:
|
||||
if (sudoers_warnings) {
|
||||
warningx(N_("%s is owned by gid %u, should be %u"),
|
||||
warningx(_("%s is owned by gid %u, should be %u"),
|
||||
path, (unsigned int) sb.st_gid,
|
||||
(unsigned int) sudoers_gid);
|
||||
}
|
||||
|
||||
@@ -219,7 +219,7 @@ fill_args(const char *s, int len, int addspace)
|
||||
if (addspace)
|
||||
*p++ = ' ';
|
||||
if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != len) {
|
||||
warningx(N_("fill_args: buffer overflow")); /* paranoia */
|
||||
warningx(_("fill_args: buffer overflow")); /* paranoia */
|
||||
sudoerserror(NULL);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
|
||||
@@ -415,18 +415,18 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
|
||||
* Sanity checks.
|
||||
*/
|
||||
if (stat(sp->tpath, &sb) < 0) {
|
||||
warningx(N_("unable to stat temporary file (%s), %s unchanged"),
|
||||
warningx(_("unable to stat temporary file (%s), %s unchanged"),
|
||||
sp->tpath, sp->path);
|
||||
goto done;
|
||||
}
|
||||
if (sb.st_size == 0 && orig_size != 0) {
|
||||
warningx(N_("zero length temporary file (%s), %s unchanged"),
|
||||
warningx(_("zero length temporary file (%s), %s unchanged"),
|
||||
sp->tpath, sp->path);
|
||||
sp->modified = true;
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
warningx(N_("editor (%s) failed, %s unchanged"), editor, sp->path);
|
||||
warningx(_("editor (%s) failed, %s unchanged"), editor, sp->path);
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -449,7 +449,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno)
|
||||
if (modified)
|
||||
sp->modified = modified;
|
||||
else
|
||||
warningx(N_("%s unchanged"), sp->tpath);
|
||||
warningx(_("%s unchanged"), sp->tpath);
|
||||
|
||||
rval = true;
|
||||
done:
|
||||
@@ -488,7 +488,7 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet)
|
||||
/* Parse the sudoers temp file */
|
||||
sudoersrestart(fp);
|
||||
if (sudoersparse() && !parse_error) {
|
||||
warningx(N_("unabled to parse temporary file (%s), unknown error"),
|
||||
warningx(_("unabled to parse temporary file (%s), unknown error"),
|
||||
sp->tpath);
|
||||
parse_error = true;
|
||||
errorfile = sp->path;
|
||||
@@ -579,21 +579,21 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
|
||||
if (fstat(sp->fd, &sb) == -1)
|
||||
error(1, _("unable to stat %s"), sp->path);
|
||||
if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
|
||||
warning(N_("unable to set (uid, gid) of %s to (%u, %u)"),
|
||||
warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
|
||||
sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid);
|
||||
}
|
||||
if (chmod(sp->tpath, sb.st_mode & 0777) != 0) {
|
||||
warning(N_("unable to change mode of %s to 0%o"), sp->tpath,
|
||||
warning(_("unable to change mode of %s to 0%o"), sp->tpath,
|
||||
(unsigned int)(sb.st_mode & 0777));
|
||||
}
|
||||
} else {
|
||||
if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
|
||||
warning(N_("unable to set (uid, gid) of %s to (%u, %u)"),
|
||||
warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
|
||||
sp->tpath, SUDOERS_UID, SUDOERS_GID);
|
||||
goto done;
|
||||
}
|
||||
if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
|
||||
warning(N_("unable to change mode of %s to 0%o"), sp->tpath,
|
||||
warning(_("unable to change mode of %s to 0%o"), sp->tpath,
|
||||
SUDOERS_MODE);
|
||||
goto done;
|
||||
}
|
||||
@@ -610,7 +610,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
|
||||
} else {
|
||||
if (errno == EXDEV) {
|
||||
char *av[4];
|
||||
warningx(N_("%s and %s not on the same file system, using mv to rename"),
|
||||
warningx(_("%s and %s not on the same file system, using mv to rename"),
|
||||
sp->tpath, sp->path);
|
||||
|
||||
/* Build up argument vector for the command */
|
||||
@@ -624,7 +624,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
|
||||
|
||||
/* And run it... */
|
||||
if (run_command(_PATH_MV, av)) {
|
||||
warningx(N_("command failed: '%s %s %s', %s unchanged"),
|
||||
warningx(_("command failed: '%s %s %s', %s unchanged"),
|
||||
_PATH_MV, sp->tpath, sp->path, sp->path);
|
||||
(void) unlink(sp->tpath);
|
||||
efree(sp->tpath);
|
||||
@@ -634,7 +634,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
|
||||
efree(sp->tpath);
|
||||
sp->tpath = NULL;
|
||||
} else {
|
||||
warning(N_("error renaming %s, %s unchanged"), sp->tpath, sp->path);
|
||||
warning(_("error renaming %s, %s unchanged"), sp->tpath, sp->path);
|
||||
(void) unlink(sp->tpath);
|
||||
goto done;
|
||||
}
|
||||
@@ -758,7 +758,7 @@ run_command(char *path, char **argv)
|
||||
sudo_endgrent();
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
execv(path, argv);
|
||||
warning(N_("unable to run %s"), path);
|
||||
warning(_("unable to run %s"), path);
|
||||
_exit(127);
|
||||
break; /* NOTREACHED */
|
||||
}
|
||||
@@ -810,13 +810,13 @@ check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms)
|
||||
sudoers_path = "stdin";
|
||||
} else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) {
|
||||
if (!quiet)
|
||||
warning(N_("unable to open %s"), sudoers_path);
|
||||
warning(_("unable to open %s"), sudoers_path);
|
||||
goto done;
|
||||
}
|
||||
init_parser(sudoers_path, quiet);
|
||||
if (sudoersparse() && !parse_error) {
|
||||
if (!quiet)
|
||||
warningx(N_("failed to parse %s file, unknown error"), sudoers_path);
|
||||
warningx(_("failed to parse %s file, unknown error"), sudoers_path);
|
||||
parse_error = true;
|
||||
errorfile = sudoers_path;
|
||||
}
|
||||
|
||||
@@ -108,7 +108,7 @@ _warning(int use_errno, const char *fmt, va_list ap)
|
||||
fputs(getprogname(), stderr);
|
||||
if (fmt != NULL) {
|
||||
fputs(_(": "), stderr);
|
||||
vfprintf(stderr, _(fmt), ap);
|
||||
vfprintf(stderr, fmt, ap);
|
||||
}
|
||||
if (use_errno) {
|
||||
fputs(_(": "), stderr);
|
||||
|
||||
@@ -377,7 +377,7 @@ sudo_execute(struct command_details *details, struct command_status *cstat)
|
||||
/* One of the ttys must have gone away. */
|
||||
goto do_tty_io;
|
||||
}
|
||||
warning(N_("select failed"));
|
||||
warning(_("select failed"));
|
||||
sudo_debug_printf(SUDO_DEBUG_ERROR,
|
||||
"select failure, terminating child");
|
||||
schedule_signal(SIGKILL);
|
||||
@@ -479,7 +479,7 @@ do_tty_io:
|
||||
if (ISSET(details->flags, CD_RBAC_ENABLED)) {
|
||||
/* This is probably not needed in log_io mode. */
|
||||
if (selinux_restore_tty() != 0)
|
||||
warningx(N_("unable to restore tty label"));
|
||||
warningx(_("unable to restore tty label"));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@@ -67,7 +67,7 @@ disable_execute(char *const envp[])
|
||||
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
|
||||
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
|
||||
debug_return_ptr(envp);
|
||||
warning(N_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));
|
||||
warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));
|
||||
#endif /* HAVE_PRIV_SET */
|
||||
|
||||
#ifdef _PATH_SUDO_NOEXEC
|
||||
|
||||
@@ -1069,7 +1069,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
||||
error(1, _("unable to create pipe"));
|
||||
cmnd_pid = sudo_debug_fork();
|
||||
if (cmnd_pid == -1) {
|
||||
warning(N_("unable to fork"));
|
||||
warning(_("unable to fork"));
|
||||
goto bad;
|
||||
}
|
||||
if (cmnd_pid == 0) {
|
||||
@@ -1145,7 +1145,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
||||
if (n == -1) {
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
warning(N_("error reading from signal pipe"));
|
||||
warning(_("error reading from signal pipe"));
|
||||
goto done;
|
||||
}
|
||||
/*
|
||||
@@ -1166,7 +1166,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
||||
if (n == -1) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
warning(N_("error reading from pipe"));
|
||||
warning(_("error reading from pipe"));
|
||||
goto done;
|
||||
}
|
||||
/* Got errno or EOF, either way we are done with errpipe. */
|
||||
@@ -1182,11 +1182,11 @@ exec_monitor(struct command_details *details, int backchannel)
|
||||
if (n == -1) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
warning(N_("error reading from socketpair"));
|
||||
warning(_("error reading from socketpair"));
|
||||
goto done;
|
||||
}
|
||||
if (cstmp.type != CMD_SIGNO) {
|
||||
warningx(N_("unexpected reply type on backchannel: %d"),
|
||||
warningx(_("unexpected reply type on backchannel: %d"),
|
||||
cstmp.type);
|
||||
continue;
|
||||
}
|
||||
@@ -1274,7 +1274,7 @@ flush_output(void)
|
||||
break; /* all I/O flushed */
|
||||
if (errno == EINTR || errno == ENOMEM)
|
||||
continue;
|
||||
warning(N_("select failed"));
|
||||
warning(_("select failed"));
|
||||
}
|
||||
if (perform_io(fdsr, fdsw, NULL) != 0 || nready == -1)
|
||||
break;
|
||||
|
||||
@@ -71,13 +71,13 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
|
||||
|
||||
if (info->path[0] == '/') {
|
||||
if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) {
|
||||
warningx(N_("%s: %s"), info->path, strerror(ENAMETOOLONG));
|
||||
warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG));
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
|
||||
info->path) >= sizeof(path)) {
|
||||
warningx(N_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
|
||||
warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
|
||||
strerror(ENAMETOOLONG));
|
||||
goto done;
|
||||
}
|
||||
@@ -87,40 +87,40 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
|
||||
goto done;
|
||||
}
|
||||
if (sb.st_uid != ROOT_UID) {
|
||||
warningx(N_("%s must be owned by uid %d"), path, ROOT_UID);
|
||||
warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
|
||||
goto done;
|
||||
}
|
||||
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
|
||||
warningx(N_("%s must be only be writable by owner"), path);
|
||||
warningx(_("%s must be only be writable by owner"), path);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Open plugin and map in symbol */
|
||||
handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
|
||||
if (!handle) {
|
||||
warningx(N_("unable to dlopen %s: %s"), path, dlerror());
|
||||
warningx(_("unable to dlopen %s: %s"), path, dlerror());
|
||||
goto done;
|
||||
}
|
||||
plugin = dlsym(handle, info->symbol_name);
|
||||
if (!plugin) {
|
||||
warningx(N_("%s: unable to find symbol %s"), path,
|
||||
warningx(_("%s: unable to find symbol %s"), path,
|
||||
info->symbol_name);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) {
|
||||
warningx(N_("%s: unknown policy type %d"), path, plugin->type);
|
||||
warningx(_("%s: unknown policy type %d"), path, plugin->type);
|
||||
goto done;
|
||||
}
|
||||
if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) {
|
||||
warningx(N_("%s: incompatible policy major version %d, expected %d"),
|
||||
warningx(_("%s: incompatible policy major version %d, expected %d"),
|
||||
path, SUDO_API_VERSION_GET_MAJOR(plugin->version),
|
||||
SUDO_API_VERSION_MAJOR);
|
||||
goto done;
|
||||
}
|
||||
if (plugin->type == SUDO_POLICY_PLUGIN) {
|
||||
if (policy_plugin->handle) {
|
||||
warningx(N_("%s: only a single policy plugin may be loaded"),
|
||||
warningx(_("%s: only a single policy plugin may be loaded"),
|
||||
_PATH_SUDO_CONF);
|
||||
goto done;
|
||||
}
|
||||
@@ -197,7 +197,7 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
|
||||
}
|
||||
}
|
||||
if (policy_plugin->u.policy->check_policy == NULL) {
|
||||
warningx(N_("policy plugin %s does not include a check_policy method"),
|
||||
warningx(_("policy plugin %s does not include a check_policy method"),
|
||||
policy_plugin->name);
|
||||
rval = false;
|
||||
goto done;
|
||||
|
||||
@@ -154,7 +154,7 @@ get_net_ifs(char **addrinfo)
|
||||
"%s%s/", cp == *addrinfo ? "" : " ",
|
||||
inet_ntoa(sin->sin_addr));
|
||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||
warningx(N_("load_interfaces: overflow detected"));
|
||||
warningx(_("load_interfaces: overflow detected"));
|
||||
goto done;
|
||||
}
|
||||
cp += len;
|
||||
@@ -163,7 +163,7 @@ get_net_ifs(char **addrinfo)
|
||||
len = snprintf(cp, ailen - (*addrinfo - cp),
|
||||
"%s", inet_ntoa(sin->sin_addr));
|
||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||
warningx(N_("load_interfaces: overflow detected"));
|
||||
warningx(_("load_interfaces: overflow detected"));
|
||||
goto done;
|
||||
}
|
||||
cp += len;
|
||||
@@ -175,7 +175,7 @@ get_net_ifs(char **addrinfo)
|
||||
len = snprintf(cp, ailen - (*addrinfo - cp),
|
||||
"%s%s/", cp == *addrinfo ? "" : " ", addrbuf);
|
||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||
warningx(N_("load_interfaces: overflow detected"));
|
||||
warningx(_("load_interfaces: overflow detected"));
|
||||
goto done;
|
||||
}
|
||||
cp += len;
|
||||
@@ -184,7 +184,7 @@ get_net_ifs(char **addrinfo)
|
||||
inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
|
||||
len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf);
|
||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||
warningx(N_("load_interfaces: overflow detected"));
|
||||
warningx(_("load_interfaces: overflow detected"));
|
||||
goto done;
|
||||
}
|
||||
cp += len;
|
||||
@@ -295,7 +295,7 @@ get_net_ifs(char **addrinfo)
|
||||
"%s%s/", cp == *addrinfo ? "" : " ",
|
||||
inet_ntoa(sin->sin_addr));
|
||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||
warningx(N_("load_interfaces: overflow detected"));
|
||||
warningx(_("load_interfaces: overflow detected"));
|
||||
goto done;
|
||||
}
|
||||
cp += len;
|
||||
@@ -319,7 +319,7 @@ get_net_ifs(char **addrinfo)
|
||||
len = snprintf(cp, ailen - (*addrinfo - cp),
|
||||
"%s", inet_ntoa(sin->sin_addr));
|
||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||
warningx(N_("load_interfaces: overflow detected"));
|
||||
warningx(_("load_interfaces: overflow detected"));
|
||||
goto done;
|
||||
}
|
||||
cp += len;
|
||||
|
||||
@@ -184,7 +184,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
||||
break;
|
||||
case 'C':
|
||||
if (atoi(optarg) < 3) {
|
||||
warningx(N_("the argument to -C must be a number greater than or equal to 3"));
|
||||
warningx(_("the argument to -C must be a number greater than or equal to 3"));
|
||||
usage(1);
|
||||
}
|
||||
sudo_settings[ARG_CLOSEFROM].value = optarg;
|
||||
@@ -332,11 +332,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
||||
|
||||
if (ISSET(flags, MODE_LOGIN_SHELL)) {
|
||||
if (ISSET(flags, MODE_SHELL)) {
|
||||
warningx(N_("you may not specify both the `-i' and `-s' options"));
|
||||
warningx(_("you may not specify both the `-i' and `-s' options"));
|
||||
usage(1);
|
||||
}
|
||||
if (ISSET(flags, MODE_PRESERVE_ENV)) {
|
||||
warningx(N_("you may not specify both the `-i' and `-E' options"));
|
||||
warningx(_("you may not specify both the `-i' and `-E' options"));
|
||||
usage(1);
|
||||
}
|
||||
SET(flags, MODE_SHELL);
|
||||
@@ -346,9 +346,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
||||
if (mode == MODE_EDIT &&
|
||||
(ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) {
|
||||
if (ISSET(mode, MODE_PRESERVE_ENV))
|
||||
warningx(N_("the `-E' option is not valid in edit mode"));
|
||||
warningx(_("the `-E' option is not valid in edit mode"));
|
||||
if (env_add[0] != NULL)
|
||||
warningx(N_("you may not specify environment variables in edit mode"));
|
||||
warningx(_("you may not specify environment variables in edit mode"));
|
||||
usage(1);
|
||||
}
|
||||
if ((runas_user != NULL || runas_group != NULL) &&
|
||||
@@ -356,11 +356,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
||||
usage(1);
|
||||
}
|
||||
if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
|
||||
warningx(N_("the `-U' option may only be used with the `-l' option"));
|
||||
warningx(_("the `-U' option may only be used with the `-l' option"));
|
||||
usage(1);
|
||||
}
|
||||
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
|
||||
warningx(N_("the `-A' and `-S' options may not be used together"));
|
||||
warningx(_("the `-A' and `-S' options may not be used together"));
|
||||
usage(1);
|
||||
}
|
||||
if ((argc == 0 && mode == MODE_EDIT) ||
|
||||
@@ -513,7 +513,7 @@ usage_excl(int fatal)
|
||||
{
|
||||
debug_decl(usage_excl, SUDO_DEBUG_ARGS)
|
||||
|
||||
warningx(N_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"));
|
||||
warningx(_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"));
|
||||
usage(fatal);
|
||||
}
|
||||
|
||||
|
||||
@@ -82,7 +82,7 @@ audit_role_change(const security_context_t old_context,
|
||||
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
|
||||
message, NULL, NULL, ttyn, 1);
|
||||
if (rc <= 0)
|
||||
warning(N_("unable to send audit message"));
|
||||
warning(_("unable to send audit message"));
|
||||
efree(message);
|
||||
close(au_fd);
|
||||
}
|
||||
@@ -110,17 +110,17 @@ selinux_restore_tty(void)
|
||||
|
||||
/* Verify that the tty still has the context set by sudo. */
|
||||
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
|
||||
warning(N_("unable to fgetfilecon %s"), se_state.ttyn);
|
||||
warning(_("unable to fgetfilecon %s"), se_state.ttyn);
|
||||
goto skip_relabel;
|
||||
}
|
||||
|
||||
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
|
||||
warningx(N_("%s changed labels"), se_state.ttyn);
|
||||
warningx(_("%s changed labels"), se_state.ttyn);
|
||||
goto skip_relabel;
|
||||
}
|
||||
|
||||
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
|
||||
warning(N_("unable to restore context for %s"), se_state.ttyn);
|
||||
warning(_("unable to restore context for %s"), se_state.ttyn);
|
||||
|
||||
skip_relabel:
|
||||
if (se_state.ttyfd != -1) {
|
||||
@@ -160,7 +160,7 @@ relabel_tty(const char *ttyn, int ptyfd)
|
||||
if (ptyfd == -1) {
|
||||
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
|
||||
if (se_state.ttyfd == -1) {
|
||||
warning(N_("unable to open %s, not relabeling tty"), ttyn);
|
||||
warning(_("unable to open %s, not relabeling tty"), ttyn);
|
||||
if (se_state.enforcing)
|
||||
goto bad;
|
||||
}
|
||||
@@ -169,21 +169,21 @@ relabel_tty(const char *ttyn, int ptyfd)
|
||||
}
|
||||
|
||||
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
|
||||
warning(N_("unable to get current tty context, not relabeling tty"));
|
||||
warning(_("unable to get current tty context, not relabeling tty"));
|
||||
if (se_state.enforcing)
|
||||
goto bad;
|
||||
}
|
||||
|
||||
if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
|
||||
SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
|
||||
warning(N_("unable to get new tty context, not relabeling tty"));
|
||||
warning(_("unable to get new tty context, not relabeling tty"));
|
||||
if (se_state.enforcing)
|
||||
goto bad;
|
||||
}
|
||||
|
||||
if (new_tty_con != NULL) {
|
||||
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
|
||||
warning(N_("unable to set new tty context"));
|
||||
warning(_("unable to set new tty context"));
|
||||
if (se_state.enforcing)
|
||||
goto bad;
|
||||
}
|
||||
@@ -193,7 +193,7 @@ relabel_tty(const char *ttyn, int ptyfd)
|
||||
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */
|
||||
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
|
||||
if (se_state.ttyfd == -1) {
|
||||
warning(N_("unable to open %s"), ttyn);
|
||||
warning(_("unable to open %s"), ttyn);
|
||||
if (se_state.enforcing)
|
||||
goto bad;
|
||||
}
|
||||
@@ -206,7 +206,7 @@ relabel_tty(const char *ttyn, int ptyfd)
|
||||
close(se_state.ttyfd);
|
||||
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
|
||||
if (se_state.ttyfd == -1) {
|
||||
warning(N_("unable to open %s"), ttyn);
|
||||
warning(_("unable to open %s"), ttyn);
|
||||
goto bad;
|
||||
}
|
||||
(void)fcntl(se_state.ttyfd, F_SETFL,
|
||||
@@ -249,13 +249,13 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
|
||||
|
||||
/* We must have a role, the type is optional (we can use the default). */
|
||||
if (!role) {
|
||||
warningx(N_("you must specify a role for type %s"), type);
|
||||
warningx(_("you must specify a role for type %s"), type);
|
||||
errno = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
if (!type) {
|
||||
if (get_default_type(role, &typebuf)) {
|
||||
warningx(N_("unable to get default type for role %s"), role);
|
||||
warningx(_("unable to get default type for role %s"), role);
|
||||
errno = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@@ -273,11 +273,11 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
|
||||
* type we will be running the command as.
|
||||
*/
|
||||
if (context_role_set(context, role)) {
|
||||
warning(N_("failed to set new role %s"), role);
|
||||
warning(_("failed to set new role %s"), role);
|
||||
goto bad;
|
||||
}
|
||||
if (context_type_set(context, type)) {
|
||||
warning(N_("failed to set new type %s"), type);
|
||||
warning(_("failed to set new type %s"), type);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
@@ -286,7 +286,7 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
|
||||
*/
|
||||
new_context = estrdup(context_str(context));
|
||||
if (security_check_context(new_context) < 0) {
|
||||
warningx(N_("%s is not a valid context"), new_context);
|
||||
warningx(_("%s is not a valid context"), new_context);
|
||||
errno = EINVAL;
|
||||
goto bad;
|
||||
}
|
||||
@@ -321,13 +321,13 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
|
||||
|
||||
/* Store the caller's SID in old_context. */
|
||||
if (getprevcon(&se_state.old_context)) {
|
||||
warning(N_("failed to get old_context"));
|
||||
warning(_("failed to get old_context"));
|
||||
goto done;
|
||||
}
|
||||
|
||||
se_state.enforcing = security_getenforce();
|
||||
if (se_state.enforcing < 0) {
|
||||
warning(N_("unable to determine enforcing mode."));
|
||||
warning(_("unable to determine enforcing mode."));
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -339,7 +339,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
|
||||
goto done;
|
||||
|
||||
if (relabel_tty(ttyn, ptyfd) < 0) {
|
||||
warning(N_("unable to setup tty context for %s"), se_state.new_context);
|
||||
warning(_("unable to setup tty context for %s"), se_state.new_context);
|
||||
goto done;
|
||||
}
|
||||
|
||||
@@ -370,14 +370,14 @@ selinux_execve(const char *path, char *const argv[], char *const envp[],
|
||||
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
|
||||
|
||||
if (setexeccon(se_state.new_context)) {
|
||||
warning(N_("unable to set exec context to %s"), se_state.new_context);
|
||||
warning(_("unable to set exec context to %s"), se_state.new_context);
|
||||
if (se_state.enforcing)
|
||||
debug_return;
|
||||
}
|
||||
|
||||
#ifdef HAVE_SETKEYCREATECON
|
||||
if (setkeycreatecon(se_state.new_context)) {
|
||||
warning(N_("unable to set key creation context to %s"), se_state.new_context);
|
||||
warning(_("unable to set key creation context to %s"), se_state.new_context);
|
||||
if (se_state.enforcing)
|
||||
debug_return;
|
||||
}
|
||||
|
||||
@@ -86,7 +86,7 @@ main(int argc, char *argv[], char *envp[])
|
||||
*cp = '-';
|
||||
}
|
||||
sudo_execve(cmnd, argv, envp, noexec);
|
||||
warning(N_("unable to execute %s"), argv[0]);
|
||||
warning(_("unable to execute %s"), argv[0]);
|
||||
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, EXIT_FAILURE);
|
||||
_exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
@@ -83,38 +83,38 @@ set_project(struct passwd *pw)
|
||||
case SETPROJ_ERR_TASK:
|
||||
switch (errno) {
|
||||
case EAGAIN:
|
||||
warningx(N_("resource control limit has been reached"));
|
||||
warningx(_("resource control limit has been reached"));
|
||||
break;
|
||||
case ESRCH:
|
||||
warningx(N_("user \"%s\" is not a member of project \"%s\""),
|
||||
warningx(_("user \"%s\" is not a member of project \"%s\""),
|
||||
pw->pw_name, proj.pj_name);
|
||||
break;
|
||||
case EACCES:
|
||||
warningx(N_("the invoking task is final"));
|
||||
warningx(_("the invoking task is final"));
|
||||
break;
|
||||
default:
|
||||
warningx(N_("could not join project \"%s\""), proj.pj_name);
|
||||
warningx(_("could not join project \"%s\""), proj.pj_name);
|
||||
}
|
||||
case SETPROJ_ERR_POOL:
|
||||
switch (errno) {
|
||||
case EACCES:
|
||||
warningx(N_("no resource pool accepting default bindings "
|
||||
warningx(_("no resource pool accepting default bindings "
|
||||
"exists for project \"%s\""), proj.pj_name);
|
||||
break;
|
||||
case ESRCH:
|
||||
warningx(N_("specified resource pool does not exist for "
|
||||
warningx(_("specified resource pool does not exist for "
|
||||
"project \"%s\""), proj.pj_name);
|
||||
break;
|
||||
default:
|
||||
warningx(N_("could not bind to default resource pool for "
|
||||
warningx(_("could not bind to default resource pool for "
|
||||
"project \"%s\""), proj.pj_name);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
if (errval <= 0) {
|
||||
warningx(N_("setproject failed for project \"%s\""), proj.pj_name);
|
||||
warningx(_("setproject failed for project \"%s\""), proj.pj_name);
|
||||
} else {
|
||||
warningx(N_("warning, resource control assignment failed for "
|
||||
warningx(_("warning, resource control assignment failed for "
|
||||
"project \"%s\""), proj.pj_name);
|
||||
}
|
||||
}
|
||||
|
||||
30
src/sudo.c
30
src/sudo.c
@@ -883,7 +883,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
||||
*/
|
||||
lc = login_getclass((char *)details->login_class);
|
||||
if (!lc) {
|
||||
warningx(N_("unknown login class %s"), details->login_class);
|
||||
warningx(_("unknown login class %s"), details->login_class);
|
||||
errno = ENOENT;
|
||||
goto done;
|
||||
}
|
||||
@@ -897,10 +897,10 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
||||
}
|
||||
if (setusercontext(lc, details->pw, details->pw->pw_uid, flags)) {
|
||||
if (details->pw->pw_uid != ROOT_UID) {
|
||||
warning(N_("unable to set user context"));
|
||||
warning(_("unable to set user context"));
|
||||
goto done;
|
||||
} else
|
||||
warning(N_("unable to set user context"));
|
||||
warning(_("unable to set user context"));
|
||||
}
|
||||
}
|
||||
#endif /* HAVE_LOGIN_CAP_H */
|
||||
@@ -912,27 +912,27 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
||||
if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
|
||||
if (details->ngroups >= 0) {
|
||||
if (sudo_setgroups(details->ngroups, details->groups) < 0) {
|
||||
warning(N_("unable to set supplementary group IDs"));
|
||||
warning(_("unable to set supplementary group IDs"));
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifdef HAVE_SETEUID
|
||||
if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
|
||||
warning(N_("unable to set effective gid to runas gid %u"),
|
||||
warning(_("unable to set effective gid to runas gid %u"),
|
||||
(unsigned int)details->egid);
|
||||
goto done;
|
||||
}
|
||||
#endif
|
||||
if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
|
||||
warning(N_("unable to set gid to runas gid %u"),
|
||||
warning(_("unable to set gid to runas gid %u"),
|
||||
(unsigned int)details->gid);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (ISSET(details->flags, CD_SET_PRIORITY)) {
|
||||
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
|
||||
warning(N_("unable to set process priority"));
|
||||
warning(_("unable to set process priority"));
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
@@ -940,26 +940,26 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
||||
(void) umask(details->umask);
|
||||
if (details->chroot) {
|
||||
if (chroot(details->chroot) != 0 || chdir("/") != 0) {
|
||||
warning(N_("unable to change root to %s"), details->chroot);
|
||||
warning(_("unable to change root to %s"), details->chroot);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_SETRESUID
|
||||
if (setresuid(details->uid, details->euid, details->euid) != 0) {
|
||||
warning(N_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||
warning(_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||
details->euid);
|
||||
goto done;
|
||||
}
|
||||
#elif HAVE_SETREUID
|
||||
if (setreuid(details->uid, details->euid) != 0) {
|
||||
warning(N_("unable to change to runas uid (%u, %u)"),
|
||||
warning(_("unable to change to runas uid (%u, %u)"),
|
||||
(unsigned int)details->uid, (unsigned int)details->euid);
|
||||
goto done;
|
||||
}
|
||||
#else
|
||||
if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) {
|
||||
warning(N_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||
warning(_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||
details->euid);
|
||||
goto done;
|
||||
}
|
||||
@@ -973,7 +973,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
||||
if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) {
|
||||
/* Note: cwd is relative to the new root, if any. */
|
||||
if (chdir(details->cwd) != 0) {
|
||||
warning(N_("unable to change directory to %s"), details->cwd);
|
||||
warning(_("unable to change directory to %s"), details->cwd);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
@@ -1057,7 +1057,7 @@ run_command(struct command_details *details)
|
||||
exitcode = WTERMSIG(cstat.val) | 128;
|
||||
break;
|
||||
default:
|
||||
warningx(N_("unexpected child termination condition: %d"), cstat.type);
|
||||
warningx(_("unexpected child termination condition: %d"), cstat.type);
|
||||
break;
|
||||
}
|
||||
debug_return_int(exitcode);
|
||||
@@ -1118,7 +1118,7 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[],
|
||||
{
|
||||
debug_decl(policy_list, SUDO_DEBUG_PCOMM)
|
||||
if (plugin->u.policy->list == NULL) {
|
||||
warningx(N_("policy plugin %s does not support listing privileges"),
|
||||
warningx(_("policy plugin %s does not support listing privileges"),
|
||||
plugin->name);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
@@ -1130,7 +1130,7 @@ policy_validate(struct plugin_container *plugin)
|
||||
{
|
||||
debug_decl(policy_validate, SUDO_DEBUG_PCOMM)
|
||||
if (plugin->u.policy->validate == NULL) {
|
||||
warningx(N_("policy plugin %s does not support the -v option"),
|
||||
warningx(_("policy plugin %s does not support the -v option"),
|
||||
plugin->name);
|
||||
debug_return_bool(false);
|
||||
}
|
||||
|
||||
@@ -108,7 +108,7 @@ sudo_edit(struct command_details *command_details)
|
||||
* We will change the euid as needed below.
|
||||
*/
|
||||
if (setuid(ROOT_UID) != 0) {
|
||||
warning(N_("unable to change uid to root (%u)"), ROOT_UID);
|
||||
warning(_("unable to change uid to root (%u)"), ROOT_UID);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ sudo_edit(struct command_details *command_details)
|
||||
editor_argc++;
|
||||
}
|
||||
if (nfiles == 0) {
|
||||
warningx(N_("plugin error: missing file list for sudoedit"));
|
||||
warningx(_("plugin error: missing file list for sudoedit"));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -168,7 +168,7 @@ sudo_edit(struct command_details *command_details)
|
||||
if (rc)
|
||||
warning("%s", files[i]);
|
||||
else
|
||||
warningx(N_("%s: not a regular file"), files[i]);
|
||||
warningx(_("%s: not a regular file"), files[i]);
|
||||
if (ofd != -1)
|
||||
close(ofd);
|
||||
continue;
|
||||
@@ -202,7 +202,7 @@ sudo_edit(struct command_details *command_details)
|
||||
if (nwritten == -1)
|
||||
warning("%s", tf[j].tfile);
|
||||
else
|
||||
warningx(N_("%s: short write"), tf[j].tfile);
|
||||
warningx(_("%s: short write"), tf[j].tfile);
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
@@ -268,8 +268,8 @@ sudo_edit(struct command_details *command_details)
|
||||
if (rc)
|
||||
warning("%s", tf[i].tfile);
|
||||
else
|
||||
warningx(N_("%s: not a regular file"), tf[i].tfile);
|
||||
warningx(N_("%s left unmodified"), tf[i].ofile);
|
||||
warningx(_("%s: not a regular file"), tf[i].tfile);
|
||||
warningx(_("%s left unmodified"), tf[i].ofile);
|
||||
if (tfd != -1)
|
||||
close(tfd);
|
||||
continue;
|
||||
@@ -282,7 +282,7 @@ sudo_edit(struct command_details *command_details)
|
||||
*/
|
||||
timevalsub(&tv1, &tv2);
|
||||
if (timevalisset(&tv2)) {
|
||||
warningx(N_("%s unchanged"), tf[i].ofile);
|
||||
warningx(_("%s unchanged"), tf[i].ofile);
|
||||
unlink(tf[i].tfile);
|
||||
close(tfd);
|
||||
continue;
|
||||
@@ -294,8 +294,8 @@ sudo_edit(struct command_details *command_details)
|
||||
switch_user(ROOT_UID, user_details.egid,
|
||||
user_details.ngroups, user_details.groups);
|
||||
if (ofd == -1) {
|
||||
warning(N_("unable to write to %s"), tf[i].ofile);
|
||||
warningx(N_("contents of edit session left in %s"), tf[i].tfile);
|
||||
warning(_("unable to write to %s"), tf[i].ofile);
|
||||
warningx(_("contents of edit session left in %s"), tf[i].tfile);
|
||||
close(tfd);
|
||||
continue;
|
||||
}
|
||||
@@ -304,7 +304,7 @@ sudo_edit(struct command_details *command_details)
|
||||
if (nwritten == -1)
|
||||
warning("%s", tf[i].ofile);
|
||||
else
|
||||
warningx(N_("%s: short write"), tf[i].ofile);
|
||||
warningx(_("%s: short write"), tf[i].ofile);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -312,11 +312,11 @@ sudo_edit(struct command_details *command_details)
|
||||
/* success, got EOF */
|
||||
unlink(tf[i].tfile);
|
||||
} else if (nread < 0) {
|
||||
warning(N_("unable to read temporary file"));
|
||||
warningx(N_("contents of edit session left in %s"), tf[i].tfile);
|
||||
warning(_("unable to read temporary file"));
|
||||
warningx(_("contents of edit session left in %s"), tf[i].tfile);
|
||||
} else {
|
||||
warning(N_("unable to write to %s"), tf[i].ofile);
|
||||
warningx(N_("contents of edit session left in %s"), tf[i].tfile);
|
||||
warning(_("unable to write to %s"), tf[i].ofile);
|
||||
warningx(_("contents of edit session left in %s"), tf[i].tfile);
|
||||
}
|
||||
close(ofd);
|
||||
}
|
||||
|
||||
@@ -87,7 +87,7 @@ tgetpass(const char *prompt, int timeout, int flags)
|
||||
if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
|
||||
!tty_present()) {
|
||||
if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) {
|
||||
warningx(N_("no tty present and no askpass program specified"));
|
||||
warningx(_("no tty present and no askpass program specified"));
|
||||
debug_return_str(NULL);
|
||||
}
|
||||
SET(flags, TGP_ASKPASS);
|
||||
@@ -228,16 +228,16 @@ sudo_askpass(const char *askpass, const char *prompt)
|
||||
}
|
||||
(void) setuid(ROOT_UID);
|
||||
if (setgid(user_details.gid)) {
|
||||
warning(N_("unable to set gid to %u"), (unsigned int)user_details.gid);
|
||||
warning(_("unable to set gid to %u"), (unsigned int)user_details.gid);
|
||||
_exit(255);
|
||||
}
|
||||
if (setuid(user_details.uid)) {
|
||||
warning(N_("unable to set uid to %u"), (unsigned int)user_details.uid);
|
||||
warning(_("unable to set uid to %u"), (unsigned int)user_details.uid);
|
||||
_exit(255);
|
||||
}
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
execl(askpass, askpass, prompt, (char *)NULL);
|
||||
warning(N_("unable to run %s"), askpass);
|
||||
warning(_("unable to run %s"), askpass);
|
||||
_exit(255);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user