resemble GNU usage wrt long options. Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
pid). We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
pid). We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length. This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
0, it is not possible for the gssapi libs to find the user's krb5
credential cache file. To work around this, we make a temporary
copy of the user's credential cache specified by KRB5CCNAME (opened
with the user's effective uid) and point gssapi to it. To set the
credential cache file name, we dynamically look up gss_krb5_ccache_name()
and use it if available, otherwise fall back to setting KRB5CCNAME.
stacked PAM auth modules a failure from one module may override
PAM_SUCCESS from another. If the first module in the stack fails,
the others may be run (and succeed) but an error will be returned.
This can cause a spurious warning on systems with non-local users
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
on devpts in Linux has been changed to conform to POSIX. As a
result we can no longer assume that the ctime will stay unchanged
throughout the life of the session. We store the session ID in the
time stamp file so there is a much smaller chance of the time stamp
file being reused by a new login. While here, store the uid/gid
in the timestamp file too for good measure.
SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
debug file with the ldap subsystem.
The sudoers_debug setting in ldap.conf is still honored for now but
will be removed in a future release.
