Prepare sudo front end messages for translation.
This commit is contained in:
Todd C. Miller
@@ -138,10 +138,10 @@ aix_setauthdb(char *user)
|
|||||||
|
|
||||||
if (user != NULL) {
|
if (user != NULL) {
|
||||||
if (setuserdb(S_READ) != 0)
|
if (setuserdb(S_READ) != 0)
|
||||||
error(1, "unable to open userdb");
|
error(1, _("unable to open userdb"));
|
||||||
if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
|
if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
|
||||||
if (setauthdb(registry, NULL) != 0)
|
if (setauthdb(registry, NULL) != 0)
|
||||||
error(1, "unable to switch to registry \"%s\" for %s",
|
error(1, _("unable to switch to registry \"%s\" for %s"),
|
||||||
registry, user);
|
registry, user);
|
||||||
}
|
}
|
||||||
enduserdb();
|
enduserdb();
|
||||||
@@ -155,7 +155,7 @@ void
|
|||||||
aix_restoreauthdb(void)
|
aix_restoreauthdb(void)
|
||||||
{
|
{
|
||||||
if (setauthdb(NULL, NULL) != 0)
|
if (setauthdb(NULL, NULL) != 0)
|
||||||
error(1, "unable to restore registry");
|
error(1, _("unable to restore registry"));
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@@ -76,10 +76,10 @@ emalloc(size_t size)
|
|||||||
void *ptr;
|
void *ptr;
|
||||||
|
|
||||||
if (size == 0)
|
if (size == 0)
|
||||||
errorx(1, "internal error, tried to emalloc(0)");
|
errorx(1, _("internal error, tried to emalloc(0)"));
|
||||||
|
|
||||||
if ((ptr = malloc(size)) == NULL)
|
if ((ptr = malloc(size)) == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
return ptr;
|
return ptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -93,13 +93,13 @@ emalloc2(size_t nmemb, size_t size)
|
|||||||
void *ptr;
|
void *ptr;
|
||||||
|
|
||||||
if (nmemb == 0 || size == 0)
|
if (nmemb == 0 || size == 0)
|
||||||
errorx(1, "internal error, tried to emalloc2(0)");
|
errorx(1, _("internal error, tried to emalloc2(0)"));
|
||||||
if (nmemb > SIZE_MAX / size)
|
if (nmemb > SIZE_MAX / size)
|
||||||
errorx(1, "internal error, emalloc2() overflow");
|
errorx(1, _("internal error, emalloc2() overflow"));
|
||||||
|
|
||||||
size *= nmemb;
|
size *= nmemb;
|
||||||
if ((ptr = malloc(size)) == NULL)
|
if ((ptr = malloc(size)) == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
return ptr;
|
return ptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -113,11 +113,11 @@ erealloc(void *ptr, size_t size)
|
|||||||
{
|
{
|
||||||
|
|
||||||
if (size == 0)
|
if (size == 0)
|
||||||
errorx(1, "internal error, tried to erealloc(0)");
|
errorx(1, _("internal error, tried to erealloc(0)"));
|
||||||
|
|
||||||
ptr = ptr ? realloc(ptr, size) : malloc(size);
|
ptr = ptr ? realloc(ptr, size) : malloc(size);
|
||||||
if (ptr == NULL)
|
if (ptr == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
return ptr;
|
return ptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -132,14 +132,14 @@ erealloc3(void *ptr, size_t nmemb, size_t size)
|
|||||||
{
|
{
|
||||||
|
|
||||||
if (nmemb == 0 || size == 0)
|
if (nmemb == 0 || size == 0)
|
||||||
errorx(1, "internal error, tried to erealloc3(0)");
|
errorx(1, _("internal error, tried to erealloc3(0)"));
|
||||||
if (nmemb > SIZE_MAX / size)
|
if (nmemb > SIZE_MAX / size)
|
||||||
errorx(1, "internal error, erealloc3() overflow");
|
errorx(1, _("internal error, erealloc3() overflow"));
|
||||||
|
|
||||||
size *= nmemb;
|
size *= nmemb;
|
||||||
ptr = ptr ? realloc(ptr, size) : malloc(size);
|
ptr = ptr ? realloc(ptr, size) : malloc(size);
|
||||||
if (ptr == NULL)
|
if (ptr == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
return ptr;
|
return ptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -197,7 +197,7 @@ easprintf(char **ret, const char *fmt, ...)
|
|||||||
va_end(ap);
|
va_end(ap);
|
||||||
|
|
||||||
if (len == -1)
|
if (len == -1)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -211,7 +211,7 @@ evasprintf(char **ret, const char *format, va_list args)
|
|||||||
int len;
|
int len;
|
||||||
|
|
||||||
if ((len = vasprintf(ret, format, args)) == -1)
|
if ((len = vasprintf(ret, format, args)) == -1)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
return len;
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -41,5 +41,5 @@ strsignal(int signo)
|
|||||||
{
|
{
|
||||||
if (signo > 0 && signo < NSIG)
|
if (signo > 0 && signo < NSIG)
|
||||||
return (char *)my_sys_siglist[signo];
|
return (char *)my_sys_siglist[signo];
|
||||||
return "Unknown signal";
|
return _("Unknown signal");
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -76,11 +76,11 @@ _warning(int use_errno, const char *fmt, va_list ap)
|
|||||||
|
|
||||||
fputs(getprogname(), stderr);
|
fputs(getprogname(), stderr);
|
||||||
if (fmt != NULL) {
|
if (fmt != NULL) {
|
||||||
fputs(": ", stderr);
|
fputs(_(": "), stderr);
|
||||||
vfprintf(stderr, fmt, ap);
|
vfprintf(stderr, fmt, ap);
|
||||||
}
|
}
|
||||||
if (use_errno) {
|
if (use_errno) {
|
||||||
fputs(": ", stderr);
|
fputs(_(": "), stderr);
|
||||||
fputs(strerror(serrno), stderr);
|
fputs(strerror(serrno), stderr);
|
||||||
}
|
}
|
||||||
putc('\n', stderr);
|
putc('\n', stderr);
|
||||||
|
|||||||
18
src/exec.c
18
src/exec.c
@@ -234,7 +234,7 @@ sudo_execve(struct command_details *details, struct command_status *cstat)
|
|||||||
if (!ISSET(details->flags, CD_BACKGROUND)) {
|
if (!ISSET(details->flags, CD_BACKGROUND)) {
|
||||||
if (ISSET(details->flags, CD_SET_UTMP))
|
if (ISSET(details->flags, CD_SET_UTMP))
|
||||||
utmp_user = details->utmp_user ? details->utmp_user : user_details.username;
|
utmp_user = details->utmp_user ? details->utmp_user : user_details.username;
|
||||||
sudo_debug(8, "allocate pty for I/O logging");
|
sudo_debug(8, _("allocate pty for I/O logging"));
|
||||||
pty_setup(details->euid, user_details.tty, utmp_user);
|
pty_setup(details->euid, user_details.tty, utmp_user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -244,14 +244,14 @@ sudo_execve(struct command_details *details, struct command_status *cstat)
|
|||||||
* Parent sends signal info to child and child sends back wait status.
|
* Parent sends signal info to child and child sends back wait status.
|
||||||
*/
|
*/
|
||||||
if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) == -1)
|
if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) == -1)
|
||||||
error(1, "cannot create sockets");
|
error(1, _("cannot create sockets"));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We use a pipe to atomically handle signal notification within
|
* We use a pipe to atomically handle signal notification within
|
||||||
* the select() loop.
|
* the select() loop.
|
||||||
*/
|
*/
|
||||||
if (pipe_nonblock(signal_pipe) != 0)
|
if (pipe_nonblock(signal_pipe) != 0)
|
||||||
error(1, "cannot create pipe");
|
error(1, _("cannot create pipe"));
|
||||||
|
|
||||||
zero_bytes(&sa, sizeof(sa));
|
zero_bytes(&sa, sizeof(sa));
|
||||||
sigemptyset(&sa.sa_mask);
|
sigemptyset(&sa.sa_mask);
|
||||||
@@ -317,7 +317,7 @@ sudo_execve(struct command_details *details, struct command_status *cstat)
|
|||||||
if (nready == -1) {
|
if (nready == -1) {
|
||||||
if (errno == EINTR)
|
if (errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
error(1, "select failed");
|
error(1, _("select failed"));
|
||||||
}
|
}
|
||||||
if (FD_ISSET(sv[0], fdsw)) {
|
if (FD_ISSET(sv[0], fdsw)) {
|
||||||
forward_signals(sv[0]);
|
forward_signals(sv[0]);
|
||||||
@@ -354,7 +354,7 @@ sudo_execve(struct command_details *details, struct command_status *cstat)
|
|||||||
if (cstat->type == CMD_WSTATUS) {
|
if (cstat->type == CMD_WSTATUS) {
|
||||||
if (WIFSTOPPED(cstat->val)) {
|
if (WIFSTOPPED(cstat->val)) {
|
||||||
/* Suspend parent and tell child how to resume on return. */
|
/* Suspend parent and tell child how to resume on return. */
|
||||||
sudo_debug(8, "child stopped, suspending parent");
|
sudo_debug(8, _("child stopped, suspending parent"));
|
||||||
n = suspend_parent(WSTOPSIG(cstat->val));
|
n = suspend_parent(WSTOPSIG(cstat->val));
|
||||||
schedule_signal(n);
|
schedule_signal(n);
|
||||||
continue;
|
continue;
|
||||||
@@ -385,7 +385,7 @@ sudo_execve(struct command_details *details, struct command_status *cstat)
|
|||||||
if (ISSET(details->flags, CD_RBAC_ENABLED)) {
|
if (ISSET(details->flags, CD_RBAC_ENABLED)) {
|
||||||
/* This is probably not needed in log_io mode. */
|
/* This is probably not needed in log_io mode. */
|
||||||
if (selinux_restore_tty() != 0)
|
if (selinux_restore_tty() != 0)
|
||||||
warningx("unable to restore tty label");
|
warningx(_("unable to restore tty label"));
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -426,12 +426,12 @@ handle_signals(int fd, pid_t child, int log_io, struct command_status *cstat)
|
|||||||
/* If pipe is empty, we are done. */
|
/* If pipe is empty, we are done. */
|
||||||
if (errno == EAGAIN)
|
if (errno == EAGAIN)
|
||||||
break;
|
break;
|
||||||
sudo_debug(9, "error reading signal pipe %s", strerror(errno));
|
sudo_debug(9, _("error reading signal pipe %s"), strerror(errno));
|
||||||
cstat->type = CMD_ERRNO;
|
cstat->type = CMD_ERRNO;
|
||||||
cstat->val = errno;
|
cstat->val = errno;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
sudo_debug(9, "received signal %d", signo);
|
sudo_debug(9, _("received signal %d"), signo);
|
||||||
if (signo == SIGCHLD) {
|
if (signo == SIGCHLD) {
|
||||||
/*
|
/*
|
||||||
* If logging I/O, child is the intermediate process,
|
* If logging I/O, child is the intermediate process,
|
||||||
@@ -496,7 +496,7 @@ forward_signals(int sock)
|
|||||||
|
|
||||||
while (!tq_empty(&sigfwd_list)) {
|
while (!tq_empty(&sigfwd_list)) {
|
||||||
sigfwd = tq_first(&sigfwd_list);
|
sigfwd = tq_first(&sigfwd_list);
|
||||||
sudo_debug(9, "sending signal %d to child over backchannel",
|
sudo_debug(9, _("sending signal %d to child over backchannel"),
|
||||||
sigfwd->signo);
|
sigfwd->signo);
|
||||||
cstat.type = CMD_SIGNO;
|
cstat.type = CMD_SIGNO;
|
||||||
cstat.val = sigfwd->signo;
|
cstat.val = sigfwd->signo;
|
||||||
|
|||||||
@@ -133,7 +133,7 @@ pty_setup(uid_t uid, const char *tty, const char *utmp_user)
|
|||||||
if (io_fds[SFD_USERTTY] != -1) {
|
if (io_fds[SFD_USERTTY] != -1) {
|
||||||
if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
|
if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
|
||||||
slavename, sizeof(slavename), uid))
|
slavename, sizeof(slavename), uid))
|
||||||
error(1, "Can't get pty");
|
error(1, _("can't allocate pty"));
|
||||||
/* Add entry to utmp/utmpx? */
|
/* Add entry to utmp/utmpx? */
|
||||||
if (utmp_user != NULL)
|
if (utmp_user != NULL)
|
||||||
utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user);
|
utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user);
|
||||||
@@ -321,7 +321,7 @@ suspend_parent(int signo)
|
|||||||
/* Suspend self and continue child when we resume. */
|
/* Suspend self and continue child when we resume. */
|
||||||
sa.sa_handler = SIG_DFL;
|
sa.sa_handler = SIG_DFL;
|
||||||
sigaction(signo, &sa, &osa);
|
sigaction(signo, &sa, &osa);
|
||||||
sudo_debug(8, "kill parent %d", signo);
|
sudo_debug(8, _("kill parent %d"), signo);
|
||||||
if (killpg(ppgrp, signo) != 0)
|
if (killpg(ppgrp, signo) != 0)
|
||||||
warning("killpg(%d, %d)", ppgrp, signo);
|
warning("killpg(%d, %d)", ppgrp, signo);
|
||||||
|
|
||||||
@@ -332,8 +332,9 @@ suspend_parent(int signo)
|
|||||||
* Only modify term if we are foreground process and either
|
* Only modify term if we are foreground process and either
|
||||||
* the old tty mode was not cooked or child got SIGTT{IN,OU}
|
* the old tty mode was not cooked or child got SIGTT{IN,OU}
|
||||||
*/
|
*/
|
||||||
sudo_debug(8, "parent is in %sground, ttymode %d -> %d",
|
sudo_debug(8,
|
||||||
foreground ? "fore" : "back", oldmode, ttymode);
|
foreground ? _("parent is in foreground, ttymode %d -> %d") :
|
||||||
|
_("parent is in background, ttymode %d -> %d"), oldmode, ttymode);
|
||||||
|
|
||||||
if (ttymode != TERM_COOKED) {
|
if (ttymode != TERM_COOKED) {
|
||||||
if (foreground) {
|
if (foreground) {
|
||||||
@@ -519,7 +520,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd)
|
|||||||
if (io_fds[SFD_STDIN] == -1 || !isatty(STDIN_FILENO)) {
|
if (io_fds[SFD_STDIN] == -1 || !isatty(STDIN_FILENO)) {
|
||||||
pipeline = TRUE;
|
pipeline = TRUE;
|
||||||
if (pipe(io_pipe[STDIN_FILENO]) != 0)
|
if (pipe(io_pipe[STDIN_FILENO]) != 0)
|
||||||
error(1, "unable to create pipe");
|
error(1, _("unable to create pipe"));
|
||||||
iobufs = io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1],
|
iobufs = io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1],
|
||||||
log_stdin, iobufs);
|
log_stdin, iobufs);
|
||||||
io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0];
|
io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0];
|
||||||
@@ -527,14 +528,14 @@ fork_pty(struct command_details *details, int sv[], int *maxfd)
|
|||||||
if (io_fds[SFD_STDOUT] == -1 || !isatty(STDOUT_FILENO)) {
|
if (io_fds[SFD_STDOUT] == -1 || !isatty(STDOUT_FILENO)) {
|
||||||
pipeline = TRUE;
|
pipeline = TRUE;
|
||||||
if (pipe(io_pipe[STDOUT_FILENO]) != 0)
|
if (pipe(io_pipe[STDOUT_FILENO]) != 0)
|
||||||
error(1, "unable to create pipe");
|
error(1, _("unable to create pipe"));
|
||||||
iobufs = io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO,
|
iobufs = io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO,
|
||||||
log_stdout, iobufs);
|
log_stdout, iobufs);
|
||||||
io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1];
|
io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1];
|
||||||
}
|
}
|
||||||
if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) {
|
if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) {
|
||||||
if (pipe(io_pipe[STDERR_FILENO]) != 0)
|
if (pipe(io_pipe[STDERR_FILENO]) != 0)
|
||||||
error(1, "unable to create pipe");
|
error(1, _("unable to create pipe"));
|
||||||
iobufs = io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO,
|
iobufs = io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO,
|
||||||
log_stderr, iobufs);
|
log_stderr, iobufs);
|
||||||
io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1];
|
io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1];
|
||||||
@@ -559,7 +560,7 @@ fork_pty(struct command_details *details, int sv[], int *maxfd)
|
|||||||
n = term_raw(io_fds[SFD_USERTTY], 0);
|
n = term_raw(io_fds[SFD_USERTTY], 0);
|
||||||
} while (!n && errno == EINTR);
|
} while (!n && errno == EINTR);
|
||||||
if (!n)
|
if (!n)
|
||||||
error(1, "Can't set terminal to raw mode");
|
error(1, _("Can't set terminal to raw mode"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -698,7 +699,7 @@ deliver_signal(pid_t pid, int signo)
|
|||||||
int status;
|
int status;
|
||||||
|
|
||||||
/* Handle signal from parent. */
|
/* Handle signal from parent. */
|
||||||
sudo_debug(8, "signal %d from parent", signo);
|
sudo_debug(8, _("signal %d from parent"), signo);
|
||||||
switch (signo) {
|
switch (signo) {
|
||||||
case SIGALRM:
|
case SIGALRM:
|
||||||
terminate_child(pid, TRUE);
|
terminate_child(pid, TRUE);
|
||||||
@@ -741,9 +742,10 @@ send_status(int fd, struct command_status *cstat)
|
|||||||
n = send(fd, cstat, sizeof(*cstat), 0);
|
n = send(fd, cstat, sizeof(*cstat), 0);
|
||||||
} while (n == -1 && errno == EINTR);
|
} while (n == -1 && errno == EINTR);
|
||||||
if (n != sizeof(*cstat)) {
|
if (n != sizeof(*cstat)) {
|
||||||
sudo_debug(8, "unable to send status to parent: %s", strerror(errno));
|
sudo_debug(8, _("unable to send status to parent: %s"),
|
||||||
|
strerror(errno));
|
||||||
} else {
|
} else {
|
||||||
sudo_debug(8, "sent status to parent");
|
sudo_debug(8, _("sent status to parent"));
|
||||||
}
|
}
|
||||||
cstat->type = CMD_INVALID; /* prevent re-sending */
|
cstat->type = CMD_INVALID; /* prevent re-sending */
|
||||||
}
|
}
|
||||||
@@ -771,7 +773,7 @@ handle_sigchld(int backchannel, struct command_status *cstat)
|
|||||||
cstat->type = CMD_WSTATUS;
|
cstat->type = CMD_WSTATUS;
|
||||||
cstat->val = status;
|
cstat->val = status;
|
||||||
if (WIFSTOPPED(status)) {
|
if (WIFSTOPPED(status)) {
|
||||||
sudo_debug(8, "command stopped, signal %d",
|
sudo_debug(8, _("command stopped, signal %d"),
|
||||||
WSTOPSIG(status));
|
WSTOPSIG(status));
|
||||||
do {
|
do {
|
||||||
child_pgrp = tcgetpgrp(io_fds[SFD_SLAVE]);
|
child_pgrp = tcgetpgrp(io_fds[SFD_SLAVE]);
|
||||||
@@ -779,10 +781,10 @@ handle_sigchld(int backchannel, struct command_status *cstat)
|
|||||||
if (send_status(backchannel, cstat) == -1)
|
if (send_status(backchannel, cstat) == -1)
|
||||||
return alive; /* XXX */
|
return alive; /* XXX */
|
||||||
} else if (WIFSIGNALED(status)) {
|
} else if (WIFSIGNALED(status)) {
|
||||||
sudo_debug(8, "command killed, signal %d",
|
sudo_debug(8, _("command killed, signal %d"),
|
||||||
WTERMSIG(status));
|
WTERMSIG(status));
|
||||||
} else {
|
} else {
|
||||||
sudo_debug(8, "command exited: %d",
|
sudo_debug(8, _("command exited: %d"),
|
||||||
WEXITSTATUS(status));
|
WEXITSTATUS(status));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -821,7 +823,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
* the select() loop.
|
* the select() loop.
|
||||||
*/
|
*/
|
||||||
if (pipe_nonblock(signal_pipe) != 0)
|
if (pipe_nonblock(signal_pipe) != 0)
|
||||||
error(1, "cannot create pipe");
|
error(1, _("cannot create pipe"));
|
||||||
|
|
||||||
/* Reset SIGWINCH and SIGALRM. */
|
/* Reset SIGWINCH and SIGALRM. */
|
||||||
zero_bytes(&sa, sizeof(sa));
|
zero_bytes(&sa, sizeof(sa));
|
||||||
@@ -853,7 +855,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
if (io_fds[SFD_SLAVE] != -1) {
|
if (io_fds[SFD_SLAVE] != -1) {
|
||||||
#ifdef TIOCSCTTY
|
#ifdef TIOCSCTTY
|
||||||
if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0)
|
if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0)
|
||||||
error(1, "unable to set controlling tty");
|
error(1, _("unable to set controlling tty"));
|
||||||
#else
|
#else
|
||||||
/* Set controlling tty by reopening slave. */
|
/* Set controlling tty by reopening slave. */
|
||||||
if ((n = open(slavename, O_RDWR)) >= 0)
|
if ((n = open(slavename, O_RDWR)) >= 0)
|
||||||
@@ -872,10 +874,10 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
|
|
||||||
/* Start command and wait for it to stop or exit */
|
/* Start command and wait for it to stop or exit */
|
||||||
if (pipe(errpipe) == -1)
|
if (pipe(errpipe) == -1)
|
||||||
error(1, "unable to create pipe");
|
error(1, _("unable to create pipe"));
|
||||||
child = fork();
|
child = fork();
|
||||||
if (child == -1) {
|
if (child == -1) {
|
||||||
warning("Can't fork");
|
warning("fork");
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
if (child == 0) {
|
if (child == 0) {
|
||||||
@@ -939,7 +941,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
goto done;
|
goto done;
|
||||||
if (errno == EINTR)
|
if (errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
error(1, "select failed");
|
error(1, _("select failed"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (FD_ISSET(signal_pipe[0], fdsr)) {
|
if (FD_ISSET(signal_pipe[0], fdsr)) {
|
||||||
@@ -947,7 +949,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
if (n == -1) {
|
if (n == -1) {
|
||||||
if (errno == EINTR || errno == EAGAIN)
|
if (errno == EINTR || errno == EAGAIN)
|
||||||
continue;
|
continue;
|
||||||
warning("error reading from signal pipe");
|
warning(_("error reading from signal pipe"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
@@ -966,7 +968,7 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
if (n == -1) {
|
if (n == -1) {
|
||||||
if (errno == EINTR)
|
if (errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
warning("error reading from pipe");
|
warning(_("error reading from pipe"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
/* Got errno or EOF, either way we are done with errpipe. */
|
/* Got errno or EOF, either way we are done with errpipe. */
|
||||||
@@ -982,11 +984,12 @@ exec_monitor(struct command_details *details, int backchannel)
|
|||||||
if (n == -1) {
|
if (n == -1) {
|
||||||
if (errno == EINTR)
|
if (errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
warning("error reading from socketpair");
|
warning(_("error reading from socketpair"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (cstmp.type != CMD_SIGNO) {
|
if (cstmp.type != CMD_SIGNO) {
|
||||||
warningx("unexpected reply type on backchannel: %d", cstmp.type);
|
warningx(_("unexpected reply type on backchannel: %d"),
|
||||||
|
cstmp.type);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
deliver_signal(child, cstmp.val);
|
deliver_signal(child, cstmp.val);
|
||||||
@@ -1071,7 +1074,7 @@ flush_output(void)
|
|||||||
break; /* all I/O flushed */
|
break; /* all I/O flushed */
|
||||||
if (errno == EINTR)
|
if (errno == EINTR)
|
||||||
continue;
|
continue;
|
||||||
error(1, "select failed");
|
error(1, _("select failed"));
|
||||||
}
|
}
|
||||||
if (perform_io(fdsr, fdsw, NULL) != 0)
|
if (perform_io(fdsr, fdsw, NULL) != 0)
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -151,13 +151,13 @@ sudo_load_plugins(const char *conf_file,
|
|||||||
tq_foreach_fwd(plugin_list, info) {
|
tq_foreach_fwd(plugin_list, info) {
|
||||||
if (info->path[0] == '/') {
|
if (info->path[0] == '/') {
|
||||||
if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) {
|
if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) {
|
||||||
warningx("%s: %s", info->path, strerror(ENAMETOOLONG));
|
warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
|
if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
|
||||||
info->path) >= sizeof(path)) {
|
info->path) >= sizeof(path)) {
|
||||||
warningx("%s%s: %s", _PATH_SUDO_PLUGIN_DIR, info->path,
|
warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
|
||||||
strerror(ENAMETOOLONG));
|
strerror(ENAMETOOLONG));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@@ -167,39 +167,40 @@ sudo_load_plugins(const char *conf_file,
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (sb.st_uid != ROOT_UID) {
|
if (sb.st_uid != ROOT_UID) {
|
||||||
warningx("%s must be owned by uid %d", path, ROOT_UID);
|
warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
|
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
|
||||||
warningx("%s must be only be writable by owner", path);
|
warningx(_("%s must be only be writable by owner"), path);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Open plugin and map in symbol */
|
/* Open plugin and map in symbol */
|
||||||
handle = dlopen(path, RTLD_LAZY|RTLD_LOCAL);
|
handle = dlopen(path, RTLD_LAZY|RTLD_LOCAL);
|
||||||
if (!handle) {
|
if (!handle) {
|
||||||
warningx("unable to dlopen %s: %s", path, dlerror());
|
warningx(_("unable to dlopen %s: %s"), path, dlerror());
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
plugin = dlsym(handle, info->symbol_name);
|
plugin = dlsym(handle, info->symbol_name);
|
||||||
if (!plugin) {
|
if (!plugin) {
|
||||||
warningx("unable to find symbol %s in %s", info->symbol_name, path);
|
warningx(_("unable to find symbol %s in %s"), info->symbol_name,
|
||||||
|
path);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) {
|
if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) {
|
||||||
warningx("%s: unknown policy type %d", path, plugin->type);
|
warningx(_("%s: unknown policy type %d"), path, plugin->type);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) {
|
if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) {
|
||||||
warningx("%s: incompatible policy major version %d, expected %d",
|
warningx(_("%s: incompatible policy major version %d, expected %d"),
|
||||||
path, SUDO_API_VERSION_GET_MAJOR(plugin->version),
|
path, SUDO_API_VERSION_GET_MAJOR(plugin->version),
|
||||||
SUDO_API_VERSION_MAJOR);
|
SUDO_API_VERSION_MAJOR);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (plugin->type == SUDO_POLICY_PLUGIN) {
|
if (plugin->type == SUDO_POLICY_PLUGIN) {
|
||||||
if (policy_plugin->handle) {
|
if (policy_plugin->handle) {
|
||||||
warningx("only a single policy plugin may be loaded");
|
warningx(_("only a single policy plugin may be loaded"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
policy_plugin->handle = handle;
|
policy_plugin->handle = handle;
|
||||||
@@ -216,11 +217,12 @@ sudo_load_plugins(const char *conf_file,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (policy_plugin->handle == NULL) {
|
if (policy_plugin->handle == NULL) {
|
||||||
warningx("%s: at least one policy plugin must be specified", conf_file);
|
warningx(_("%s: at least one policy plugin must be specified"),
|
||||||
|
conf_file);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (policy_plugin->u.policy->check_policy == NULL) {
|
if (policy_plugin->u.policy->check_policy == NULL) {
|
||||||
warningx("policy plugin %s does not include a check_policy method",
|
warningx(_("policy plugin %s does not include a check_policy method"),
|
||||||
policy_plugin->name);
|
policy_plugin->name);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -149,7 +149,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
"%s%s/", cp == *addrinfo ? "" : " ",
|
"%s%s/", cp == *addrinfo ? "" : " ",
|
||||||
inet_ntoa(sin->sin_addr));
|
inet_ntoa(sin->sin_addr));
|
||||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||||
warningx("load_interfaces: overflow detected");
|
warningx(_("load_interfaces: overflow detected"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
cp += len;
|
cp += len;
|
||||||
@@ -158,7 +158,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
len = snprintf(cp, ailen - (*addrinfo - cp),
|
len = snprintf(cp, ailen - (*addrinfo - cp),
|
||||||
"%s", inet_ntoa(sin->sin_addr));
|
"%s", inet_ntoa(sin->sin_addr));
|
||||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||||
warningx("load_interfaces: overflow detected");
|
warningx(_("load_interfaces: overflow detected"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
cp += len;
|
cp += len;
|
||||||
@@ -170,7 +170,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
len = snprintf(cp, ailen - (*addrinfo - cp),
|
len = snprintf(cp, ailen - (*addrinfo - cp),
|
||||||
"%s%s/", cp == *addrinfo ? "" : " ", addrbuf);
|
"%s%s/", cp == *addrinfo ? "" : " ", addrbuf);
|
||||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||||
warningx("load_interfaces: overflow detected");
|
warningx(_("load_interfaces: overflow detected"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
cp += len;
|
cp += len;
|
||||||
@@ -179,7 +179,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
|
inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
|
||||||
len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf);
|
len = snprintf(cp, ailen - (*addrinfo - cp), "%s", addrbuf);
|
||||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||||
warningx("load_interfaces: overflow detected");
|
warningx(_("load_interfaces: overflow detected"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
cp += len;
|
cp += len;
|
||||||
@@ -218,7 +218,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
|
|
||||||
sock = socket(AF_INET, SOCK_DGRAM, 0);
|
sock = socket(AF_INET, SOCK_DGRAM, 0);
|
||||||
if (sock < 0)
|
if (sock < 0)
|
||||||
error(1, "cannot open socket");
|
error(1, _("cannot open socket"));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get interface configuration or return.
|
* Get interface configuration or return.
|
||||||
@@ -289,7 +289,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
"%s%s/", cp == *addrinfo ? "" : " ",
|
"%s%s/", cp == *addrinfo ? "" : " ",
|
||||||
inet_ntoa(sin->sin_addr));
|
inet_ntoa(sin->sin_addr));
|
||||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||||
warningx("load_interfaces: overflow detected");
|
warningx(_("load_interfaces: overflow detected"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
cp += len;
|
cp += len;
|
||||||
@@ -313,7 +313,7 @@ get_net_ifs(char **addrinfo)
|
|||||||
len = snprintf(cp, ailen - (*addrinfo - cp),
|
len = snprintf(cp, ailen - (*addrinfo - cp),
|
||||||
"%s", inet_ntoa(sin->sin_addr));
|
"%s", inet_ntoa(sin->sin_addr));
|
||||||
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
if (len <= 0 || len >= ailen - (*addrinfo - cp)) {
|
||||||
warningx("load_interfaces: overflow detected");
|
warningx(_("load_interfaces: overflow detected"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
cp += len;
|
cp += len;
|
||||||
|
|||||||
@@ -177,7 +177,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
break;
|
break;
|
||||||
case 'C':
|
case 'C':
|
||||||
if (atoi(optarg) < 3) {
|
if (atoi(optarg) < 3) {
|
||||||
warningx("the argument to -C must be a number greater than or equal to 3");
|
warningx(_("the argument to -C must be a number greater than or equal to 3"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
sudo_settings[ARG_CLOSEFROM].value = optarg;
|
sudo_settings[ARG_CLOSEFROM].value = optarg;
|
||||||
@@ -189,7 +189,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
#endif
|
#endif
|
||||||
case 'D':
|
case 'D':
|
||||||
if ((debug_level = atoi(optarg)) < 1 || debug_level > 9) {
|
if ((debug_level = atoi(optarg)) < 1 || debug_level > 9) {
|
||||||
warningx("the argument to -D must be between 1 and 9 inclusive");
|
warningx(_("the argument to -D must be between 1 and 9 inclusive"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
sudo_settings[ARG_DEBUG_LEVEL].value = optarg;
|
sudo_settings[ARG_DEBUG_LEVEL].value = optarg;
|
||||||
@@ -270,7 +270,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
break;
|
break;
|
||||||
case 'U':
|
case 'U':
|
||||||
if ((getpwnam(optarg)) == NULL)
|
if ((getpwnam(optarg)) == NULL)
|
||||||
errorx(1, "unknown user: %s", optarg);
|
errorx(1, _("unknown user: %s"), optarg);
|
||||||
list_user = optarg;
|
list_user = optarg;
|
||||||
break;
|
break;
|
||||||
case 'u':
|
case 'u':
|
||||||
@@ -329,11 +329,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
|
|
||||||
if (ISSET(flags, MODE_LOGIN_SHELL)) {
|
if (ISSET(flags, MODE_LOGIN_SHELL)) {
|
||||||
if (ISSET(flags, MODE_SHELL)) {
|
if (ISSET(flags, MODE_SHELL)) {
|
||||||
warningx("you may not specify both the `-i' and `-s' options");
|
warningx(_("you may not specify both the `-i' and `-s' options"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
if (ISSET(flags, MODE_PRESERVE_ENV)) {
|
if (ISSET(flags, MODE_PRESERVE_ENV)) {
|
||||||
warningx("you may not specify both the `-i' and `-E' options");
|
warningx(_("you may not specify both the `-i' and `-E' options"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
SET(flags, MODE_SHELL);
|
SET(flags, MODE_SHELL);
|
||||||
@@ -343,9 +343,9 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
if (mode == MODE_EDIT &&
|
if (mode == MODE_EDIT &&
|
||||||
(ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) {
|
(ISSET(flags, MODE_PRESERVE_ENV) || env_add[0] != NULL)) {
|
||||||
if (ISSET(mode, MODE_PRESERVE_ENV))
|
if (ISSET(mode, MODE_PRESERVE_ENV))
|
||||||
warningx("the `-E' option is not valid in edit mode");
|
warningx(_("the `-E' option is not valid in edit mode"));
|
||||||
if (env_add[0] != NULL)
|
if (env_add[0] != NULL)
|
||||||
warningx("you may not specify environment variables in edit mode");
|
warningx(_("you may not specify environment variables in edit mode"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
if ((runas_user != NULL || runas_group != NULL) &&
|
if ((runas_user != NULL || runas_group != NULL) &&
|
||||||
@@ -353,11 +353,11 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
|
if (list_user != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
|
||||||
warningx("the `-U' option may only be used with the `-l' option");
|
warningx(_("the `-U' option may only be used with the `-l' option"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
|
if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
|
||||||
warningx("the `-A' and `-S' options may not be used together");
|
warningx(_("the `-A' and `-S' options may not be used together"));
|
||||||
usage(1);
|
usage(1);
|
||||||
}
|
}
|
||||||
if ((argc == 0 && mode == MODE_EDIT) ||
|
if ((argc == 0 && mode == MODE_EDIT) ||
|
||||||
@@ -415,7 +415,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
settings[j] = fmt_string(sudo_settings[i].name,
|
settings[j] = fmt_string(sudo_settings[i].name,
|
||||||
sudo_settings[i].value);
|
sudo_settings[i].value);
|
||||||
if (settings[j] == NULL)
|
if (settings[j] == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
j++;
|
j++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -428,7 +428,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, char ***settingsp,
|
|||||||
argv--;
|
argv--;
|
||||||
argv[0] = "sudoedit";
|
argv[0] = "sudoedit";
|
||||||
#else
|
#else
|
||||||
errorx(1, "sudoedit is not supported on this platform");
|
errorx(1, _("sudoedit is not supported on this platform"));
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -499,7 +499,7 @@ usage(int fatal)
|
|||||||
static void
|
static void
|
||||||
usage_excl(int fatal)
|
usage_excl(int fatal)
|
||||||
{
|
{
|
||||||
warningx("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified");
|
warningx(_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"));
|
||||||
usage(fatal);
|
usage(fatal);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -72,7 +72,7 @@ audit_role_change(const security_context_t old_context,
|
|||||||
/* Kernel may not have audit support. */
|
/* Kernel may not have audit support. */
|
||||||
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
|
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
|
||||||
)
|
)
|
||||||
error(1, "unable to open audit system");
|
error(1, _("unable to open audit system"));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -82,7 +82,7 @@ audit_role_change(const security_context_t old_context,
|
|||||||
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
|
rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
|
||||||
message, NULL, NULL, ttyn, 1);
|
message, NULL, NULL, ttyn, 1);
|
||||||
if (rc <= 0)
|
if (rc <= 0)
|
||||||
warning("unable to send audit message");
|
warning(_("unable to send audit message"));
|
||||||
|
|
||||||
efree(message);
|
efree(message);
|
||||||
close(au_fd);
|
close(au_fd);
|
||||||
@@ -109,17 +109,17 @@ selinux_restore_tty(void)
|
|||||||
|
|
||||||
/* Verify that the tty still has the context set by sudo. */
|
/* Verify that the tty still has the context set by sudo. */
|
||||||
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
|
if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
|
||||||
warning("unable to fgetfilecon %s", se_state.ttyn);
|
warning(_("unable to fgetfilecon %s"), se_state.ttyn);
|
||||||
goto skip_relabel;
|
goto skip_relabel;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
|
if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
|
||||||
warningx("%s changed labels.", se_state.ttyn);
|
warningx(_("%s changed labels"), se_state.ttyn);
|
||||||
goto skip_relabel;
|
goto skip_relabel;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
|
if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
|
||||||
warning("unable to restore context for %s", se_state.ttyn);
|
warning(_("unable to restore context for %s"), se_state.ttyn);
|
||||||
|
|
||||||
skip_relabel:
|
skip_relabel:
|
||||||
if (se_state.ttyfd != -1) {
|
if (se_state.ttyfd != -1) {
|
||||||
@@ -158,7 +158,7 @@ relabel_tty(const char *ttyn, int ptyfd)
|
|||||||
if (ptyfd == -1) {
|
if (ptyfd == -1) {
|
||||||
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
|
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
|
||||||
if (se_state.ttyfd == -1) {
|
if (se_state.ttyfd == -1) {
|
||||||
warning("unable to open %s, not relabeling tty", ttyn);
|
warning(_("unable to open %s, not relabeling tty"), ttyn);
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -167,21 +167,21 @@ relabel_tty(const char *ttyn, int ptyfd)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
|
if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
|
||||||
warning("unable to get current tty context, not relabeling tty");
|
warning(_("unable to get current tty context, not relabeling tty"));
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
|
if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
|
||||||
SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
|
SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
|
||||||
warning("unable to get new tty context, not relabeling tty");
|
warning(_("unable to get new tty context, not relabeling tty"));
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (new_tty_con != NULL) {
|
if (new_tty_con != NULL) {
|
||||||
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
|
if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
|
||||||
warning("unable to set new tty context");
|
warning(_("unable to set new tty context"));
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -191,7 +191,7 @@ relabel_tty(const char *ttyn, int ptyfd)
|
|||||||
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */
|
/* Reopen pty that was relabeled, std{in,out,err} are reset later. */
|
||||||
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
|
se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
|
||||||
if (se_state.ttyfd == -1) {
|
if (se_state.ttyfd == -1) {
|
||||||
warning("cannot open %s", ttyn);
|
warning(_("cannot open %s"), ttyn);
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -204,7 +204,7 @@ relabel_tty(const char *ttyn, int ptyfd)
|
|||||||
close(se_state.ttyfd);
|
close(se_state.ttyfd);
|
||||||
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
|
se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
|
||||||
if (se_state.ttyfd == -1) {
|
if (se_state.ttyfd == -1) {
|
||||||
warning("unable to open %s", ttyn);
|
warning(_("unable to open %s"), ttyn);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
(void)fcntl(se_state.ttyfd, F_SETFL,
|
(void)fcntl(se_state.ttyfd, F_SETFL,
|
||||||
@@ -246,13 +246,13 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
|
|||||||
|
|
||||||
/* We must have a role, the type is optional (we can use the default). */
|
/* We must have a role, the type is optional (we can use the default). */
|
||||||
if (!role) {
|
if (!role) {
|
||||||
warningx("you must specify a role for type %s", type);
|
warningx(_("you must specify a role for type %s"), type);
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (!type) {
|
if (!type) {
|
||||||
if (get_default_type(role, &typebuf)) {
|
if (get_default_type(role, &typebuf)) {
|
||||||
warningx("unable to get default type for role %s", role);
|
warningx(_("unable to get default type for role %s"), role);
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -270,11 +270,11 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
|
|||||||
* type we will be running the command as.
|
* type we will be running the command as.
|
||||||
*/
|
*/
|
||||||
if (context_role_set(context, role)) {
|
if (context_role_set(context, role)) {
|
||||||
warning("failed to set new role %s", role);
|
warning(_("failed to set new role %s"), role);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
if (context_type_set(context, type)) {
|
if (context_type_set(context, type)) {
|
||||||
warning("failed to set new type %s", type);
|
warning(_("failed to set new type %s"), type);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -283,7 +283,7 @@ get_exec_context(security_context_t old_context, const char *role, const char *t
|
|||||||
*/
|
*/
|
||||||
new_context = estrdup(context_str(context));
|
new_context = estrdup(context_str(context));
|
||||||
if (security_check_context(new_context) < 0) {
|
if (security_check_context(new_context) < 0) {
|
||||||
warningx("%s is not a valid context", new_context);
|
warningx(_("%s is not a valid context"), new_context);
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
@@ -317,13 +317,13 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
|
|||||||
|
|
||||||
/* Store the caller's SID in old_context. */
|
/* Store the caller's SID in old_context. */
|
||||||
if (getprevcon(&se_state.old_context)) {
|
if (getprevcon(&se_state.old_context)) {
|
||||||
warning("failed to get old_context");
|
warning(_("failed to get old_context"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
se_state.enforcing = security_getenforce();
|
se_state.enforcing = security_getenforce();
|
||||||
if (se_state.enforcing < 0) {
|
if (se_state.enforcing < 0) {
|
||||||
warning("unable to determine enforcing mode.");
|
warning(_("unable to determine enforcing mode."));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -335,7 +335,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn,
|
|||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
if (relabel_tty(ttyn, ptyfd) < 0) {
|
if (relabel_tty(ttyn, ptyfd) < 0) {
|
||||||
warning("unable to setup tty context for %s", se_state.new_context);
|
warning(_("unable to setup tty context for %s"), se_state.new_context);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -364,14 +364,14 @@ selinux_execve(const char *path, char *argv[], char *envp[])
|
|||||||
int argc, serrno;
|
int argc, serrno;
|
||||||
|
|
||||||
if (setexeccon(se_state.new_context)) {
|
if (setexeccon(se_state.new_context)) {
|
||||||
warning("unable to set exec context to %s", se_state.new_context);
|
warning(_("unable to set exec context to %s"), se_state.new_context);
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_SETKEYCREATECON
|
#ifdef HAVE_SETKEYCREATECON
|
||||||
if (setkeycreatecon(se_state.new_context)) {
|
if (setkeycreatecon(se_state.new_context)) {
|
||||||
warning("unable to set key creation context to %s", se_state.new_context);
|
warning(_("unable to set key creation context to %s"), se_state.new_context);
|
||||||
if (se_state.enforcing)
|
if (se_state.enforcing)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ main (int argc, char *argv[])
|
|||||||
char *cp, *cmnd;
|
char *cp, *cmnd;
|
||||||
|
|
||||||
if (argc < 2)
|
if (argc < 2)
|
||||||
errx(EXIT_FAILURE, "requires at least one argument");
|
errx(EXIT_FAILURE, _("requires at least one argument"));
|
||||||
|
|
||||||
/* Shift argv and make a copy of the command to execute. */
|
/* Shift argv and make a copy of the command to execute. */
|
||||||
argv++;
|
argv++;
|
||||||
@@ -51,6 +51,6 @@ main (int argc, char *argv[])
|
|||||||
*cp = '-';
|
*cp = '-';
|
||||||
}
|
}
|
||||||
execv(cmnd, argv);
|
execv(cmnd, argv);
|
||||||
warn("unable to execute %s", argv[0]);
|
warn(_("unable to execute %s"), argv[0]);
|
||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|||||||
93
src/sudo.c
93
src/sudo.c
@@ -187,7 +187,7 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
|
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
|
||||||
|
|
||||||
if (geteuid() != 0)
|
if (geteuid() != 0)
|
||||||
errorx(1, "must be setuid root");
|
errorx(1, _("must be setuid root"));
|
||||||
|
|
||||||
/* Reset signal mask, disable core dumps and make sure fds 0-2 are open. */
|
/* Reset signal mask, disable core dumps and make sure fds 0-2 are open. */
|
||||||
(void) sigemptyset(&mask);
|
(void) sigemptyset(&mask);
|
||||||
@@ -205,14 +205,14 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
|
|
||||||
/* Print sudo version early, in case of plugin init failure. */
|
/* Print sudo version early, in case of plugin init failure. */
|
||||||
if (ISSET(sudo_mode, MODE_VERSION)) {
|
if (ISSET(sudo_mode, MODE_VERSION)) {
|
||||||
printf("Sudo version %s\n", PACKAGE_VERSION);
|
printf(_("Sudo version %s\n"), PACKAGE_VERSION);
|
||||||
if (user_details.uid == ROOT_UID)
|
if (user_details.uid == ROOT_UID)
|
||||||
(void) printf("Configure args: %s\n", CONFIGURE_ARGS);
|
(void) printf(_("Configure args: %s\n"), CONFIGURE_ARGS);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Read sudo.conf and load plugins. */
|
/* Read sudo.conf and load plugins. */
|
||||||
if (!sudo_load_plugins(_PATH_SUDO_CONF, &policy_plugin, &io_plugins))
|
if (!sudo_load_plugins(_PATH_SUDO_CONF, &policy_plugin, &io_plugins))
|
||||||
errorx(1, "fatal error, unable to load plugins");
|
errorx(1, _("fatal error, unable to load plugins"));
|
||||||
|
|
||||||
/* Open policy plugin. */
|
/* Open policy plugin. */
|
||||||
ok = policy_open(&policy_plugin, settings, user_info, envp);
|
ok = policy_open(&policy_plugin, settings, user_info, envp);
|
||||||
@@ -220,7 +220,7 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
if (ok == -2)
|
if (ok == -2)
|
||||||
usage(1);
|
usage(1);
|
||||||
else
|
else
|
||||||
errorx(1, "unable to initialize policy plugin");
|
errorx(1, _("unable to initialize policy plugin"));
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (sudo_mode & MODE_MASK) {
|
switch (sudo_mode & MODE_MASK) {
|
||||||
@@ -275,7 +275,8 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
usage(1);
|
usage(1);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
errorx(1, "error initializing I/O plugin %s", plugin->name);
|
errorx(1, _("error initializing I/O plugin %s"),
|
||||||
|
plugin->name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
command_info_to_details(command_info, &command_details);
|
command_info_to_details(command_info, &command_details);
|
||||||
@@ -301,7 +302,7 @@ main(int argc, char *argv[], char *envp[])
|
|||||||
/* The close method was called by sudo_edit/run_command. */
|
/* The close method was called by sudo_edit/run_command. */
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
errorx(1, "unexpected sudo mode 0x%x", sudo_mode);
|
errorx(1, _("unexpected sudo mode 0x%x"), sudo_mode);
|
||||||
}
|
}
|
||||||
exit(exitcode);
|
exit(exitcode);
|
||||||
}
|
}
|
||||||
@@ -324,7 +325,7 @@ fix_fds(void)
|
|||||||
miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
|
miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
|
||||||
if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
|
if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
|
||||||
if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1)
|
if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1)
|
||||||
error(1, "unable to open %s", _PATH_DEVNULL);
|
error(1, _("unable to open %s"), _PATH_DEVNULL);
|
||||||
if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
|
if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
|
||||||
error(1, "dup2");
|
error(1, "dup2");
|
||||||
if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
|
if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
|
||||||
@@ -350,7 +351,7 @@ get_user_groups(struct user_details *ud)
|
|||||||
|
|
||||||
ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
|
ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
|
||||||
if (getgroups(ud->ngroups, ud->groups) < 0)
|
if (getgroups(ud->ngroups, ud->groups) < 0)
|
||||||
error(1, "can't get group vector");
|
error(1, _("can't get group vector"));
|
||||||
glsize = sizeof("groups=") - 1 + (ud->ngroups * (MAX_UID_T_LEN + 1));
|
glsize = sizeof("groups=") - 1 + (ud->ngroups * (MAX_UID_T_LEN + 1));
|
||||||
gid_list = emalloc(glsize);
|
gid_list = emalloc(glsize);
|
||||||
memcpy(gid_list, "groups=", sizeof("groups=") - 1);
|
memcpy(gid_list, "groups=", sizeof("groups=") - 1);
|
||||||
@@ -388,11 +389,11 @@ get_user_info(struct user_details *ud)
|
|||||||
|
|
||||||
pw = getpwuid(ud->uid);
|
pw = getpwuid(ud->uid);
|
||||||
if (pw == NULL)
|
if (pw == NULL)
|
||||||
errorx(1, "unknown uid %u: who are you?", (unsigned int)ud->uid);
|
errorx(1, _("unknown uid %u: who are you?"), (unsigned int)ud->uid);
|
||||||
|
|
||||||
user_info[i] = fmt_string("user", pw->pw_name);
|
user_info[i] = fmt_string("user", pw->pw_name);
|
||||||
if (user_info[i] == NULL)
|
if (user_info[i] == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
ud->username = user_info[i] + sizeof("user=") - 1;
|
ud->username = user_info[i] + sizeof("user=") - 1;
|
||||||
|
|
||||||
/* Stash user's shell for use with the -s flag; don't pass to plugin. */
|
/* Stash user's shell for use with the -s flag; don't pass to plugin. */
|
||||||
@@ -412,7 +413,7 @@ get_user_info(struct user_details *ud)
|
|||||||
if (getcwd(cwd, sizeof(cwd)) != NULL) {
|
if (getcwd(cwd, sizeof(cwd)) != NULL) {
|
||||||
user_info[++i] = fmt_string("cwd", cwd);
|
user_info[++i] = fmt_string("cwd", cwd);
|
||||||
if (user_info[i] == NULL)
|
if (user_info[i] == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
ud->cwd = user_info[i] + sizeof("cwd=") - 1;
|
ud->cwd = user_info[i] + sizeof("cwd=") - 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -420,7 +421,7 @@ get_user_info(struct user_details *ud)
|
|||||||
(cp = ttyname(STDERR_FILENO))) {
|
(cp = ttyname(STDERR_FILENO))) {
|
||||||
user_info[++i] = fmt_string("tty", cp);
|
user_info[++i] = fmt_string("tty", cp);
|
||||||
if (user_info[i] == NULL)
|
if (user_info[i] == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
ud->tty = user_info[i] + sizeof("tty=") - 1;
|
ud->tty = user_info[i] + sizeof("tty=") - 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -430,7 +431,7 @@ get_user_info(struct user_details *ud)
|
|||||||
strlcpy(host, "localhost", sizeof(host));
|
strlcpy(host, "localhost", sizeof(host));
|
||||||
user_info[++i] = fmt_string("host", host);
|
user_info[++i] = fmt_string("host", host);
|
||||||
if (user_info[i] == NULL)
|
if (user_info[i] == NULL)
|
||||||
errorx(1, "unable to allocate memory");
|
errorx(1, _("unable to allocate memory"));
|
||||||
ud->host = user_info[i] + sizeof("host=") - 1;
|
ud->host = user_info[i] + sizeof("host=") - 1;
|
||||||
|
|
||||||
get_ttysize(&ud->ts_lines, &ud->ts_cols);
|
get_ttysize(&ud->ts_lines, &ud->ts_cols);
|
||||||
@@ -728,39 +729,39 @@ set_project(struct passwd *pw)
|
|||||||
case SETPROJ_ERR_TASK:
|
case SETPROJ_ERR_TASK:
|
||||||
switch (errno) {
|
switch (errno) {
|
||||||
case EAGAIN:
|
case EAGAIN:
|
||||||
warningx("resource control limit has been reached");
|
warningx(_("resource control limit has been reached"));
|
||||||
break;
|
break;
|
||||||
case ESRCH:
|
case ESRCH:
|
||||||
warningx("user \"%s\" is not a member of project \"%s\"",
|
warningx(_("user \"%s\" is not a member of project \"%s\""),
|
||||||
pw->pw_name, proj.pj_name);
|
pw->pw_name, proj.pj_name);
|
||||||
break;
|
break;
|
||||||
case EACCES:
|
case EACCES:
|
||||||
warningx("the invoking task is final");
|
warningx(_("the invoking task is final"));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
warningx("could not join project \"%s\"", proj.pj_name);
|
warningx(_("could not join project \"%s\""), proj.pj_name);
|
||||||
}
|
}
|
||||||
case SETPROJ_ERR_POOL:
|
case SETPROJ_ERR_POOL:
|
||||||
switch (errno) {
|
switch (errno) {
|
||||||
case EACCES:
|
case EACCES:
|
||||||
warningx("no resource pool accepting default bindings "
|
warningx(_("no resource pool accepting default bindings "
|
||||||
"exists for project \"%s\"", proj.pj_name);
|
"exists for project \"%s\""), proj.pj_name);
|
||||||
break;
|
break;
|
||||||
case ESRCH:
|
case ESRCH:
|
||||||
warningx("specified resource pool does not exist for "
|
warningx(_("specified resource pool does not exist for "
|
||||||
"project \"%s\"", proj.pj_name);
|
"project \"%s\""), proj.pj_name);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
warningx("could not bind to default resource pool for "
|
warningx(_("could not bind to default resource pool for "
|
||||||
"project \"%s\"", proj.pj_name);
|
"project \"%s\""), proj.pj_name);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (errval <= 0) {
|
if (errval <= 0) {
|
||||||
warningx("setproject failed for project \"%s\"", proj.pj_name);
|
warningx(_("setproject failed for project \"%s\""), proj.pj_name);
|
||||||
} else {
|
} else {
|
||||||
warningx("warning, resource control assignment failed for "
|
warningx(_("warning, resource control assignment failed for "
|
||||||
"project \"%s\"", proj.pj_name);
|
"project \"%s\""), proj.pj_name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@@ -785,7 +786,7 @@ disable_execute(struct command_details *details)
|
|||||||
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
|
/* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */
|
||||||
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
|
if (priv_set(PRIV_OFF, PRIV_LIMIT, "PRIV_PROC_EXEC", NULL) == 0)
|
||||||
return;
|
return;
|
||||||
warning("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT");
|
warning(_("unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"));
|
||||||
#endif /* HAVE_PRIV_SET */
|
#endif /* HAVE_PRIV_SET */
|
||||||
|
|
||||||
nenvp = emalloc2(env_size, sizeof(char *));
|
nenvp = emalloc2(env_size, sizeof(char *));
|
||||||
@@ -889,17 +890,17 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
*/
|
*/
|
||||||
lc = login_getclass((char *)details->login_class);
|
lc = login_getclass((char *)details->login_class);
|
||||||
if (!lc) {
|
if (!lc) {
|
||||||
warningx("unknown login class %s", details->login_class);
|
warningx(_("unknown login class %s"), details->login_class);
|
||||||
errno = ENOENT;
|
errno = ENOENT;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
|
flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
|
||||||
if (setusercontext(lc, pw, pw->pw_uid, flags)) {
|
if (setusercontext(lc, pw, pw->pw_uid, flags)) {
|
||||||
if (pw->pw_uid != ROOT_UID) {
|
if (pw->pw_uid != ROOT_UID) {
|
||||||
warning("unable to set user context");
|
warning(_("unable to set user context"));
|
||||||
goto done;
|
goto done;
|
||||||
} else
|
} else
|
||||||
warning("unable to set user context");
|
warning(_("unable to set user context"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* HAVE_LOGIN_CAP_H */
|
#endif /* HAVE_LOGIN_CAP_H */
|
||||||
@@ -910,12 +911,12 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
*/
|
*/
|
||||||
#ifdef HAVE_SETEUID
|
#ifdef HAVE_SETEUID
|
||||||
if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
|
if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
|
||||||
warning("unable to set egid to runas gid %u", details->egid);
|
warning(_("unable to set egid to runas gid %u"), details->egid);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
|
if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
|
||||||
warning("unable to set gid to runas gid %u", details->gid);
|
warning(_("unable to set gid to runas gid %u"), details->gid);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -923,13 +924,13 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
#ifdef HAVE_GETGROUPS
|
#ifdef HAVE_GETGROUPS
|
||||||
if (details->ngroups >= 0) {
|
if (details->ngroups >= 0) {
|
||||||
if (setgroups(details->ngroups, details->groups) < 0) {
|
if (setgroups(details->ngroups, details->groups) < 0) {
|
||||||
warning("unable to set supplementary group IDs");
|
warning(_("unable to set supplementary group IDs"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
if (pw && initgroups(pw->pw_name, pw->pw_gid) < 0) {
|
if (pw && initgroups(pw->pw_name, pw->pw_gid) < 0) {
|
||||||
warning("unable to set supplementary group IDs");
|
warning(_("unable to set supplementary group IDs"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -937,7 +938,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
|
|
||||||
if (ISSET(details->flags, CD_SET_PRIORITY)) {
|
if (ISSET(details->flags, CD_SET_PRIORITY)) {
|
||||||
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
|
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
|
||||||
warning("unable to set process priority");
|
warning(_("unable to set process priority"));
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -945,7 +946,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
(void) umask(details->umask);
|
(void) umask(details->umask);
|
||||||
if (details->chroot) {
|
if (details->chroot) {
|
||||||
if (chroot(details->chroot) != 0 || chdir("/") != 0) {
|
if (chroot(details->chroot) != 0 || chdir("/") != 0) {
|
||||||
warning("unable to change root to %s", details->chroot);
|
warning(_("unable to change root to %s"), details->chroot);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -955,19 +956,19 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
|
|
||||||
#ifdef HAVE_SETRESUID
|
#ifdef HAVE_SETRESUID
|
||||||
if (setresuid(details->uid, details->euid, details->euid) != 0) {
|
if (setresuid(details->uid, details->euid, details->euid) != 0) {
|
||||||
warning("unable to change to runas uid (%u, %u)", details->uid,
|
warning(_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||||
details->euid);
|
details->euid);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
#elif HAVE_SETREUID
|
#elif HAVE_SETREUID
|
||||||
if (setreuid(details->uid, details->euid) != 0) {
|
if (setreuid(details->uid, details->euid) != 0) {
|
||||||
warning("unable to change to runas uid (%u, %u)", details->uid,
|
warning(_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||||
details->euid);
|
details->euid);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) {
|
if (seteuid(details->euid) != 0 || setuid(details->euid) != 0) {
|
||||||
warning("unable to change to runas uid (%u, %u)", details->uid,
|
warning(_("unable to change to runas uid (%u, %u)"), details->uid,
|
||||||
details->euid);
|
details->euid);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@@ -981,7 +982,7 @@ exec_setup(struct command_details *details, const char *ptyname, int ptyfd)
|
|||||||
if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) {
|
if (details->chroot || strcmp(details->cwd, user_details.cwd) != 0) {
|
||||||
/* Note: cwd is relative to the new root, if any. */
|
/* Note: cwd is relative to the new root, if any. */
|
||||||
if (chdir(details->cwd) != 0) {
|
if (chdir(details->cwd) != 0) {
|
||||||
warning("unable to change directory to %s", details->cwd);
|
warning(_("unable to change directory to %s"), details->cwd);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1072,7 +1073,7 @@ run_command(struct command_details *details)
|
|||||||
exitcode = WTERMSIG(cstat.val) | 128;
|
exitcode = WTERMSIG(cstat.val) | 128;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
warningx("unexpected child termination condition: %d", cstat.type);
|
warningx(_("unexpected child termination condition: %d"), cstat.type);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return exitcode;
|
return exitcode;
|
||||||
@@ -1112,7 +1113,7 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[],
|
|||||||
int verbose, const char *list_user)
|
int verbose, const char *list_user)
|
||||||
{
|
{
|
||||||
if (plugin->u.policy->list == NULL) {
|
if (plugin->u.policy->list == NULL) {
|
||||||
warningx("policy plugin %s does not support listing privileges",
|
warningx(_("policy plugin %s does not support listing privileges"),
|
||||||
plugin->name);
|
plugin->name);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
@@ -1123,7 +1124,7 @@ static int
|
|||||||
policy_validate(struct plugin_container *plugin)
|
policy_validate(struct plugin_container *plugin)
|
||||||
{
|
{
|
||||||
if (plugin->u.policy->validate == NULL) {
|
if (plugin->u.policy->validate == NULL) {
|
||||||
warningx("policy plugin %s does not support the -v flag",
|
warningx(_("policy plugin %s does not support the -v flag"),
|
||||||
plugin->name);
|
plugin->name);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
@@ -1134,7 +1135,7 @@ static void
|
|||||||
policy_invalidate(struct plugin_container *plugin, int remove)
|
policy_invalidate(struct plugin_container *plugin, int remove)
|
||||||
{
|
{
|
||||||
if (plugin->u.policy->invalidate == NULL) {
|
if (plugin->u.policy->invalidate == NULL) {
|
||||||
errorx(1, "policy plugin %s does not support the -k/-K flags",
|
errorx(1, _("policy plugin %s does not support the -k/-K flags"),
|
||||||
plugin->name);
|
plugin->name);
|
||||||
}
|
}
|
||||||
plugin->u.policy->invalidate(remove);
|
plugin->u.policy->invalidate(remove);
|
||||||
@@ -1197,7 +1198,7 @@ sudo_debug(int level, const char *fmt, ...)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
/* Backet fmt with program name and a newline to make it a single write */
|
/* Backet fmt with program name and a newline to make it a single write */
|
||||||
easprintf(&fmt2, "%s: %s\n", getprogname(), fmt);
|
easprintf(&fmt2, _("%s: %s\n"), getprogname(), fmt);
|
||||||
va_start(ap, fmt);
|
va_start(ap, fmt);
|
||||||
vfprintf(stderr, fmt2, ap);
|
vfprintf(stderr, fmt2, ap);
|
||||||
va_end(ap);
|
va_end(ap);
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ sudo_edit(struct command_details *command_details)
|
|||||||
* We will change the euid as needed below.
|
* We will change the euid as needed below.
|
||||||
*/
|
*/
|
||||||
if (setuid(ROOT_UID) != 0) {
|
if (setuid(ROOT_UID) != 0) {
|
||||||
warning("unable to change to uid to root (%u)", ROOT_UID);
|
warning(_("unable to change to uid to root (%u)"), ROOT_UID);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -137,7 +137,7 @@ sudo_edit(struct command_details *command_details)
|
|||||||
editor_argc++;
|
editor_argc++;
|
||||||
}
|
}
|
||||||
if (nfiles == 0) {
|
if (nfiles == 0) {
|
||||||
warningx("plugin error: missing file list for sudoedit");
|
warningx(_("plugin error: missing file list for sudoedit"));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -169,7 +169,7 @@ sudo_edit(struct command_details *command_details)
|
|||||||
if (rc)
|
if (rc)
|
||||||
warning("%s", files[i]);
|
warning("%s", files[i]);
|
||||||
else
|
else
|
||||||
warningx("%s: not a regular file", files[i]);
|
warningx(_("%s: not a regular file"), files[i]);
|
||||||
if (ofd != -1)
|
if (ofd != -1)
|
||||||
close(ofd);
|
close(ofd);
|
||||||
continue;
|
continue;
|
||||||
@@ -203,7 +203,7 @@ sudo_edit(struct command_details *command_details)
|
|||||||
if (nwritten == -1)
|
if (nwritten == -1)
|
||||||
warning("%s", tf[j].tfile);
|
warning("%s", tf[j].tfile);
|
||||||
else
|
else
|
||||||
warningx("%s: short write", tf[j].tfile);
|
warningx(_("%s: short write"), tf[j].tfile);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -277,8 +277,8 @@ sudo_edit(struct command_details *command_details)
|
|||||||
if (rc)
|
if (rc)
|
||||||
warning("%s", tf[i].tfile);
|
warning("%s", tf[i].tfile);
|
||||||
else
|
else
|
||||||
warningx("%s: not a regular file", tf[i].tfile);
|
warningx(_("%s: not a regular file"), tf[i].tfile);
|
||||||
warningx("%s left unmodified", tf[i].ofile);
|
warningx(_("%s left unmodified"), tf[i].ofile);
|
||||||
if (tfd != -1)
|
if (tfd != -1)
|
||||||
close(tfd);
|
close(tfd);
|
||||||
continue;
|
continue;
|
||||||
@@ -291,7 +291,7 @@ sudo_edit(struct command_details *command_details)
|
|||||||
*/
|
*/
|
||||||
timevalsub(&tv1, &tv2);
|
timevalsub(&tv1, &tv2);
|
||||||
if (timevalisset(&tv2)) {
|
if (timevalisset(&tv2)) {
|
||||||
warningx("%s unchanged", tf[i].ofile);
|
warningx(_("%s unchanged"), tf[i].ofile);
|
||||||
unlink(tf[i].tfile);
|
unlink(tf[i].tfile);
|
||||||
close(tfd);
|
close(tfd);
|
||||||
continue;
|
continue;
|
||||||
@@ -303,8 +303,8 @@ sudo_edit(struct command_details *command_details)
|
|||||||
switch_user(ROOT_UID, user_details.egid,
|
switch_user(ROOT_UID, user_details.egid,
|
||||||
user_details.ngroups, user_details.groups);
|
user_details.ngroups, user_details.groups);
|
||||||
if (ofd == -1) {
|
if (ofd == -1) {
|
||||||
warning("unable to write to %s", tf[i].ofile);
|
warning(_("unable to write to %s"), tf[i].ofile);
|
||||||
warningx("contents of edit session left in %s", tf[i].tfile);
|
warningx(_("contents of edit session left in %s"), tf[i].tfile);
|
||||||
close(tfd);
|
close(tfd);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -313,7 +313,7 @@ sudo_edit(struct command_details *command_details)
|
|||||||
if (nwritten == -1)
|
if (nwritten == -1)
|
||||||
warning("%s", tf[i].ofile);
|
warning("%s", tf[i].ofile);
|
||||||
else
|
else
|
||||||
warningx("%s: short write", tf[i].ofile);
|
warningx(_("%s: short write"), tf[i].ofile);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -321,11 +321,11 @@ sudo_edit(struct command_details *command_details)
|
|||||||
/* success, got EOF */
|
/* success, got EOF */
|
||||||
unlink(tf[i].tfile);
|
unlink(tf[i].tfile);
|
||||||
} else if (nread < 0) {
|
} else if (nread < 0) {
|
||||||
warning("unable to read temporary file");
|
warning(_("unable to read temporary file"));
|
||||||
warningx("contents of edit session left in %s", tf[i].tfile);
|
warningx(_("contents of edit session left in %s"), tf[i].tfile);
|
||||||
} else {
|
} else {
|
||||||
warning("unable to write to %s", tf[i].ofile);
|
warning(_("unable to write to %s"), tf[i].ofile);
|
||||||
warningx("contents of edit session left in %s", tf[i].tfile);
|
warningx(_("contents of edit session left in %s"), tf[i].tfile);
|
||||||
}
|
}
|
||||||
close(ofd);
|
close(ofd);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ tgetpass(const char *prompt, int timeout, int flags)
|
|||||||
if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
|
if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
|
||||||
!tty_present()) {
|
!tty_present()) {
|
||||||
if (askpass == NULL || getenv("DISPLAY") == NULL) {
|
if (askpass == NULL || getenv("DISPLAY") == NULL) {
|
||||||
warningx("no tty present and no askpass program specified");
|
warningx(_("no tty present and no askpass program specified"));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
SET(flags, TGP_ASKPASS);
|
SET(flags, TGP_ASKPASS);
|
||||||
@@ -101,7 +101,7 @@ tgetpass(const char *prompt, int timeout, int flags)
|
|||||||
/* If using a helper program to get the password, run it instead. */
|
/* If using a helper program to get the password, run it instead. */
|
||||||
if (ISSET(flags, TGP_ASKPASS)) {
|
if (ISSET(flags, TGP_ASKPASS)) {
|
||||||
if (askpass == NULL || *askpass == '\0')
|
if (askpass == NULL || *askpass == '\0')
|
||||||
errorx(1, "no askpass program specified, try setting SUDO_ASKPASS");
|
errorx(1, _("no askpass program specified, try setting SUDO_ASKPASS"));
|
||||||
return sudo_askpass(askpass, prompt);
|
return sudo_askpass(askpass, prompt);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -218,10 +218,10 @@ sudo_askpass(const char *askpass, const char *prompt)
|
|||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
||||||
if (pipe(pfd) == -1)
|
if (pipe(pfd) == -1)
|
||||||
error(1, "unable to create pipe");
|
error(1, _("unable to create pipe"));
|
||||||
|
|
||||||
if ((pid = fork()) == -1)
|
if ((pid = fork()) == -1)
|
||||||
error(1, "unable to fork");
|
error(1, _("unable to fork"));
|
||||||
|
|
||||||
if (pid == 0) {
|
if (pid == 0) {
|
||||||
/* child, point stdout to output side of the pipe and exec askpass */
|
/* child, point stdout to output side of the pipe and exec askpass */
|
||||||
@@ -231,16 +231,16 @@ sudo_askpass(const char *askpass, const char *prompt)
|
|||||||
}
|
}
|
||||||
(void) setuid(ROOT_UID);
|
(void) setuid(ROOT_UID);
|
||||||
if (setgid(user_details.gid)) {
|
if (setgid(user_details.gid)) {
|
||||||
warning("unable to set gid to %u", (unsigned int)user_details.gid);
|
warning(_("unable to set gid to %u"), (unsigned int)user_details.gid);
|
||||||
_exit(255);
|
_exit(255);
|
||||||
}
|
}
|
||||||
if (setuid(user_details.uid)) {
|
if (setuid(user_details.uid)) {
|
||||||
warning("unable to set uid to %u", (unsigned int)user_details.uid);
|
warning(_("unable to set uid to %u"), (unsigned int)user_details.uid);
|
||||||
_exit(255);
|
_exit(255);
|
||||||
}
|
}
|
||||||
closefrom(STDERR_FILENO + 1);
|
closefrom(STDERR_FILENO + 1);
|
||||||
execl(askpass, askpass, prompt, (char *)NULL);
|
execl(askpass, askpass, prompt, (char *)NULL);
|
||||||
warning("unable to run %s", askpass);
|
warning(_("unable to run %s"), askpass);
|
||||||
_exit(255);
|
_exit(255);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -260,12 +260,12 @@ utmp_slot(const char *line, int ttyfd)
|
|||||||
* doesn't take an argument.
|
* doesn't take an argument.
|
||||||
*/
|
*/
|
||||||
if ((sfd = dup(STDIN_FILENO)) == -1)
|
if ((sfd = dup(STDIN_FILENO)) == -1)
|
||||||
error(1, "Can't save stdin");
|
error(1, _("can't save stdin"));
|
||||||
if (dup2(ttyfd, STDIN_FILENO) == -1)
|
if (dup2(ttyfd, STDIN_FILENO) == -1)
|
||||||
error(1, "Can't dup2 stdin");
|
error(1, _("can't dup2 stdin"));
|
||||||
slot = ttyslot();
|
slot = ttyslot();
|
||||||
if (dup2(sfd, STDIN_FILENO) == -1)
|
if (dup2(sfd, STDIN_FILENO) == -1)
|
||||||
error(1, "Can't restore stdin");
|
error(1, _("can't restore stdin"));
|
||||||
close(sfd);
|
close(sfd);
|
||||||
|
|
||||||
return slot;
|
return slot;
|
||||||
|
|||||||
Reference in New Issue
Block a user