The hook can be used to log parser errors (sudoers module) or keep
track of which files have an error (visudo).
Previously, we only kept track of a single parse error.
This causes "intercept" to be set to true in command_info[] which
the sudo front-end will use to determine whether or not to intercept
attempts to run further commands, such as from a shell. Also add
"log_children" which will use the same mechanism but only log (audit)
further commands.
The parser will use that when reporting on an ERROR state. This
prevents the lexer from reporting errors about tokens that are not
actually consumed by the parser and we don't have to worry about
both the lexer and the parser reporting errors. It also means we
only get one error per sudoers line.
This is used to provided the column number along with the line
number in error messages. For aliases we store the column of the
alias name, not the value since that is what visudo generally needs.
The ERROR token is now only used for errors detected by the lexer
and for which we've already printed an error. This lets us remove
the hack in sudoerserror() and just check last_token to determine
whether or not to display the error.
These are less confusing than #include and #includedir when the
hash character is also the comment character.
This commit also adds real parsing of include directives as opposed
to the pure lexer approach used previously. As a result, it is now
possible to include files with spaces by either using a double-quoted
string or escaping the space characters with a backslash.
SHA224Update in libc and libmd. Solaris uses "void *" where we use
"unsigned char *" so we need a check for that too. Solaris sha2.h
defines SHA224, SHA256, SHA384, and SHA512 so rename those tokens.
Adapted from changes from Vladimir Marek in bug #641.
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
checksum support for ldap sudoers
command to be run as the invoking user. This can be used in
conjunction with the Solaris Privilege Set support to grant privileges
without changing the user.
