with a different effective group. If the -g option is specified
without -u the command will be run as the current user (only the
group will change). the -g and -u options may be used together.
TODO: implement runas group for ldap
improve runas group documentation
add testsudoers support
the first non-UNSPEC hit we get for the command. This means that
instead of cycling through the all the parsed sudoers entries we
start at the end and work backwards and quit after the first positive
or negative match.
convert to tail queues in the process. This will allow us to
reverse foreach loops more easily and it makes it clearer which
functions expect a list as opposed to a single member.
Add macros for manipulating lists. Some of these should become functions.
When freeing up a list, just pop off the last item in the queue instead
of going from head to tail. This is simpler since we don't have to
stash a pointer to the next member, we always just use the last one
in the queue until the queue is empty.
Rename match functions that take a list to have list in the name.
Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
runas_matches(), host_matches() and cmnd_matches() only really need to pass in
a list of members. user_matches() still needs to pass in a passwd struct
because of "sudo -l"
indicate to the caller that the fd should not be closed when it
is done with it. To be used by visudo to keep locked fds from
being closed prematurely (and thus losing the lock).
the passwd file, set runas_user to the name, not the uid.
When comparing usernames in sudoers, if a name is really a uid (starts
with '#') compare it numerically to pw_uid.
o stay_setuid - sudo will remain setuid if system has saved uids or setreuid(2)
o env_reset - reset the environment to a sane default
o env_keep - preserve environment variables that would otherwise be cleared
No longer use getenv/putenv/setenv functions--do environment munging by hand.
Potentially dangerous environment variables can be cleared only if they
contain '/' pr '%' characters to protect buggy programs.
Moved environment routines into env.c (new file)
There's really no need for a separate token for fully-qualified vs.
unqualified anymore so FQHOST is now history and hostname_matches
now decides which hostname (short or long) to check based on whether
or not the pattern contains a '.'.
