if available.
Added stay_setuid option for systems that have libraries that perform
extra paranoia checks in system libraries for setuid programs (ie:
anything with issetugid(2)).
authentication methods (like PAM) may do their own logging via
syslog. Since we don't use syslog much (usually just once per
session) this doesn't really incur a performance penalty.
It also Fixes a SEGV with pam_kafs.
This means that visudo will now parse the sudoers file *before* it is
edited so a bogus sudoers file will cause a warning to go to stderr.
Also, visudo checks the variables once--it does not check them after
each editor run since that could be confusing.
until after the sudoers file has been parsed but since there are now
other options that operate that way this one can too. Based on a patch
from bguillory@email.com.
the union member since that only works with an ANSI compiler. We set
the value of the union by hand in init_defaults() anyway. This allows
sudo to compile on a K&R compiler again.
be set before sudoers is parsed.
o Fix the "set_home" sudoers option (only worked at compile time).
o Fix "fqdn" sudoers option. We now set host/shost via set_fqdn which
gets called when the "fqdn" option is set in sudoers.
o Move the openlog() to store_syslogfac() so this gets overridden
correctly from the sudoers file.
o Implement mailer_flags
o Store syslog stuff both in int and string form. Setting the string
form magically updates the int version.
o Add boolean attribute to strings where it makes sense to say !foo
changable at runtime (and on a global, per-host and per-user basis).
Both the names and the internal representation are still subject to change.
It was necessary to make sudo_user.runas but a char ** instead of a
char * since this value can be changed by a Defaults line. There is a
similar (but more complicated) issue with sudo_user.prompt but it
is handled differently at the moment.
Add a "-L" flag to list the name of options with their descriptions. This
may only be temporary.
Move some prototypes to parse.h
Be much less restrictive on what is allowed for a username.
