hooks for getenv, putenv, setenv and unsetenv. This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
Bump the minor number accordingly and update the documentation. A
plugin must check the sudo front end's version before using the
plugin_args parameter since it is only supported for API version
1.2 and higher.
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
dies created a race condition between the monitor exiting and the
status being read. All we really want to do is make sure that
select() notifies us that there is a status change when the monitor
dies unexpectedly so shutdown the socketpair connected to the monitor
for writing when it dies. That way we can still read the status
that is pending on the socket and select() on Linux will tell us
that the fd is ready.
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command. Adapted from a diff by Arno Schuring.
LOGIN_SETENV instead of rolling our own login.conf setenv support
since FreeBSD's login.conf has more than just setenv capabilities.
This requires us to swap the plugin-provided envp for the global
environ before calling setusercontext() and then stash the resulting
environ pointer back into the command details, which is kind of a
hack.
before calling the plugin. Otherwise, spaces in the command args
are not treated properly. The sudoers plugin will unescape non-spaces
to make matching easier.
The sudo front-end will now use getgrouplist() to get the user's
list of groups if getgroups() fails or returns zero groups so we
always have a list of the user's groups. For systems with
mbr_check_membership() which support more that NGROUPS_MAX groups
(Mac OS X), skip the call to getgroups() and use getgrouplist() so
we get all the groups.
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups. We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
