This should not be possible in practice and we can safely return
the new (potentially duplicate) item as it will be freed by the
caller. Make sudo_set_grlist() return an error on failure instead
of calling fatalx().
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
increase the total length, free the old buffer and allocate a new
one. This is less error prone and saves us from having to adjust
all the pointers in the buffer. This code path is only taken when
there are groups longer than the length of the user field in struct
utmp or utmpx, which should be quite rare.
The sudo front-end will now use getgrouplist() to get the user's
list of groups if getgroups() fails or returns zero groups so we
always have a list of the user's groups. For systems with
mbr_check_membership() which support more that NGROUPS_MAX groups
(Mac OS X), skip the call to getgroups() and use getgrouplist() so
we get all the groups.
group_info and use it to store both, along with a count for each.
Cache group info on a per-user basis using getgrouplist() to get
the groups. We no longer need special to special case the user or
list user for user_in_group() and thus no longer need to reset the
groups list when listing another user.
result of getgroups()) to names and store both the group names and
ids in the sudo_user struct. When matching groups in the sudoers
file, match based on the names in the groups list first and
only do a gid-based match when we absolutely have to. By matching
on the group name (as it is listed in sudoers) instead of id
(which we would have to resolve) we save a lot of group lookups
for sudoers files with a lot of groups in them.
one reference itself and another is added by sudo_getgr{gid,nam}
and sudo_getpw{uid,nam}. The final ref on the runas and user passwd
and group structs are persistent for now.
tree, store a struct cache_item which includes both the key and
datum. This allows us to user the actual name that was looked up
as the key instead of the contents of struct passwd or struct group.
This matters because the name in the database may not match what
we looked up, due either to case folding or truncation (historically
at 8 characters). Also mark the disabled calls to sudo_freepwcache()
and sudo_freegrcache() as broken since we use cached data for things
like set_perms() and the logging functions. Fixing this would
require making a copy of the structs for user and runas or adding
a reference count (better).
Set adminstrative domain for the process when looking up user's
password or group info and when preparing for execve().
Include strings.h even if string.h exists since they may define
different things. Fixes warnings on AIX and others.
