resemble GNU usage wrt long options. Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
pid). We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
pid). We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length. This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
just save RLIMIT_NPROC in exec_setup() before the final setuid()
and restore it immediately after. We don't need to modify RLIMIT_NPROC
for simple euid changes, just for changing the real (and saved)
uids before we exec. This also means we no longer need to worry
about _SC_CHILD_MAX returning -1. Bug #565
0, it is not possible for the gssapi libs to find the user's krb5
credential cache file. To work around this, we make a temporary
copy of the user's credential cache specified by KRB5CCNAME (opened
with the user's effective uid) and point gssapi to it. To set the
credential cache file name, we dynamically look up gss_krb5_ccache_name()
and use it if available, otherwise fall back to setting KRB5CCNAME.
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another. If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
