that holds flags to be passed in to tgetpass(). Change echo_off
param to tgetpass() into a flags field. There are currently 2
possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In tgetpass(),
abstract the echo set/clear via macros and if (flags & TGP_ECHO)
but echo is not set on the terminal, but sure to set it.
o Implement mailer_flags
o Store syslog stuff both in int and string form. Setting the string
form magically updates the int version.
o Add boolean attribute to strings where it makes sense to say !foo
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line. There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.
Add a "-L" flag to list the name of options with their descriptions. This
may only be temporary.
Move some prototypes to parse.h
Be much less restrictive on what is allowed for a username.
gain us anything to run as the user since an attacker can just have
an setuid(0) in their egg. Running as root solves potential problems
wrt signalling.
add a flag to specify an auth method is running alone (the only
one). Pass auth methods their sudo_auth pointer, not the data
pointer. This allows us to get at the flags and tell if we are the
only auth method. That, in turn, allows the method to be able to
decide what should/should not be a fatal error. Currently only
rfc1938 uses it this way, which allows us to kill the OTP_ONLY
define and te hackery that went with it. With access to the
sudo_auth struct, methods can also get at a string holding their
cannonical name (useful in error messages).
since -ldb includes a bogus snprintf().
o Add forward refs for struct mbuf and struct rtentry for Digital UNIX.
o Reorder some functions in snprintf.c to fix -Wall
o Add missing includes to fix more -Wall
where an alias may be used before it is defined. Only turned on for visudo
and testsudoers.
o Add --disable-authentication option that makes sudo not require
authentication by default. The PASSWD tag can be used to require
authentication for an entry. We no longer overload --without-passwd.
the main loop. This allows auth routines to differentiate between
initialization that happens once vs. setup that needs to run each time
through the loop.
