the command. If we get SIGINT or SIGQUIT, call the plugin close()
functions as if the command was interrupted. If we get SIGTSTP,
uninstall the handler and deliver SIGTSTP to ourselves.
option to match. When set, commands are started in the background
and automatically foregrounded as needed. There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
Add sudo_printf function pointer that is initialized to _sudo_printf()
instead of requiring a sudo_conv function pointer everywhere. The
plugin will reset sudo_printf to point to the version passed in via
the plugin open function. Now plugin_error.c can just call sudo_printf
in all cases. The sudoers binaries no longer need their own version
of sudo_printf.
plugin_error.c instead of the error.c from the front-end. This
means sudoers_setlocale() needs to be independent of the sudo_user
struct and the defaults table. The sudoers locale is now updated
via a callback.
present but empty) and the -u option was not specified, set runas_pw
to user_pw instead of using runas_default. This is intended to be
used in conjunction with the Solaris Privilege Set support for rules
that grant privileges without changing the user.
Move authentication failure logging to log_auth_failure().
Both of these call audit_failure() for us.
This subtly changes logging for commands that are denied by sudoers
but where the user failed to enter the correct password. Previously,
these would be logged as "N incorrect password attempts" but now
are logged as "command not allowed". Fixes bug #563
or hidden, if available. If not available, use an ELF version
script if it is supported. If all else fails, fall back to using
libtool's -export-symbols.
not, open the file as uid 0, not uid 1. This fixes a problem when
sudoers has a more restrictive mode than what sudo expects to find.
In older versions, sudo would silently chmod the file to add the
group-readable bit.
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time. We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
hooks for getenv, putenv, setenv and unsetenv. This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
Bump the minor number accordingly and update the documentation. A
plugin must check the sudo front end's version before using the
plugin_args parameter since it is only supported for API version
1.2 and higher.
