+2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Fix typo; bug 605
+ [41f7b46a6e51]
+
+2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
+ src/po/tr.mo:
+ Regen .mo files that were out of date.
+ [9e25a254f9db]
+
+2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS, configure, configure.in:
+ On Solaris 11 and higher, tag binaries for ASLR if supported by the
+ linker.
+ [a2a6cafa3e60]
+
+ * mkpkg:
+ No longer need to disable PIE on Solaris.
+ [cf90019ae67e]
+
+2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
+ Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
+ OpenBSD also supports PIE but enables it by default so we don't need
+ to do anything. This fixes problems on systems with a version of
+ GNU ld that accepts -pie but where the run-time linker doesn't
+ actually support PIE. Also verify that a trivial PIE binary works
+ unless PIE is explicitly enabled.
+ [3c5f125efeb1]
+
+2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * aclocal.m4, configure, configure.in:
+ Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
+ where we can end up crashing due to malloc() failures. Sems OK when
+ Using Sun as and ld.
+ [b8ba412102ab]
+
+ * NEWS:
+ Update with final changes.
+ [78ff6d2ed47a]
+
+2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Add -fPIE to PIE_LDFLAGS as per gcc manual.
+ [fe900cbb0780]
+
+2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/Makefile.in, compat/Makefile.in:
+ Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
+ [f84bc7482b78]
+
+ * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
+ plugins/sudoers/parse.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/visudo/test4.out.ok,
+ plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
+ Replace sequence number-based cycle detection in visudo with a
+ "used" flag in struct alias. The caller is required to call
+ alias_put() when it is done with the alias. Inspired by a patch
+ from Daniel Kopecek.
+ [0bdbac1b3b39]
+
+2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Eliminate a few relocations related to sudoers_io.
+ [18e9e2cc3367]
+
+ * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
+ Sync with translationproject.org
+ [f38cc128a2ad]
+
+2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Clarify a comment.
+ [7a045ee06e95]
+
+2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Handle d_type == DT_UNKNOWN when resolving the device to a name and
+ sprinkle some more debugging.
+ [8774133747d9]
+
+2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Add message about disabling PIE if sudo gets SIGSEGV.
+ [c786af2a6751]
+
+ * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
+ No longer store the ctime of a devpts tty. The handling of ctime on
+ devpts in Linux has been changed to conform to POSIX. As a result
+ we can no longer assume that the ctime will stay unchanged
+ throughout the life of the session. We store the session ID in the
+ time stamp file so there is a much smaller chance of the time stamp
+ file being reused by a new login. While here, store the uid/gid in
+ the timestamp file too for good measure.
+ [7028b21f7a9b]
+
+ * configure, configure.in:
+ PIE is broken on FreeBSD/arm
+ [f232c60d6229]
+
+ * mkpkg:
+ Add explicit sendmail path for Linux since we may not have sendmail
+ installed in the build chroot.
+ [1ba2f84f4ff0]
+
+2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
+ Quiet a few -Wunused-result compiler warnings.
+ [ef12afb61423]
+
+2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention what SHA-2 formats are supported.
+ [bf298d0fdf8a]
+
+ * doc/CONTRIBUTORS:
+ List code and translations separately.
+ [826547bc1295]
+
+2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
+ Sync with translationproject.org
+ [9499a6f438b8]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [cce449e284a6]
+
+ * Makefile.in:
+ Fix c-format for fatal/fatalx
+ [4ad81d3faaeb]
+
+2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
+ Change some error/errorx -> fatal/fatalx in comments and xgettext
+ flags.
+ [9d9b64fa2ec9]
+
+ * NEWS:
+ There is now a Turkish translation of sudoers.
+ [701c5af6aa76]
+
+ * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
+ plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
+ Updated translations from translationproject.org including new
+ Turkish translation.
+ [9cedbb50d90f]
+
+2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document that sudoers will re-use existing I/O log paths unless they
+ are mktemp-style with trailing X's.
+ [4f43bd13d9e7]
+
+ * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
+ Allow ldap_conf and ldap_secret to be specified as plugin arguments
+ in sudo.conf
+ [37c6c425b565]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ sudoers_debug is now deprecated in favor of the sudo debugging
+ framework.
+ [1195be1ec254]
+
+ * plugins/sudoers/ldap.c:
+ Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
+ SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
+ debug file with the ldap subsystem. The sudoers_debug setting in
+ ldap.conf is still honored for now but will be removed in a future
+ release.
+ [cfa42b4b913e]
+
+2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers2ldif:
+ Add support for converting sudoers files with SHA-2 command digests.
+ [dc0d03485946]
+
+ * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
+ plugins/sudoers/sudoers2ldif:
+ Add copyright notice to scripts
+ [5e8bd4e6083f]
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
+ plugins/sudoers/regress/sudoers/test14.out.ok,
+ plugins/sudoers/regress/sudoers/test14.toke.ok:
+ Add regress for SHA-2 digests.
+ [0b258c2a2a95]
+
+ * compat/getgrouplist.c:
+ Solaris maps negative gids to GID_NOBODY.
+ [57050e5c750f]
+
+ * plugins/sudoers/visudo.c:
+ Clear up an llvm checker warning which appears to be a false
+ positive and fix an old XXX while I'm at it.
+ [9ee13133e596]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
+ doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Correct last change date
+ [3bc1fa5b0f76]
+
+ * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
+ No need to translate this error message.
+ [4d9941970a26]
+
+ * doc/UPGRADE:
+ Mention .sl vs. .so extension handling on HP-UX Mention group
+ membership changes Fix typos
+ [40ac0efbdb2b]
+
+ * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
+ common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
+ common/setgroups.c, common/term.c, common/ttysize.c,
+ compat/Makefile.in, compat/dlopen.c, compat/endian.h,
+ compat/getline.c, compat/getprogname.c, compat/isblank.c,
+ compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
+ include/Makefile.in, include/alloc.h, include/fileops.h,
+ include/gettext.h, include/lbuf.h, include/missing.h,
+ include/sudo_plugin.h, pathnames.h.in,
+ plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
+ plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
+ plugins/sudoers/alias.c, plugins/sudoers/audit.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
+ plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
+ plugins/sudoers/defaults.h, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
+ plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
+ plugins/sudoers/redblack.h,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
+ plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.h, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
+ plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
+ plugins/system_group/system_group.c, src/Makefile.in,
+ src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
+ src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
+ src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
+ src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
+ src/utmp.c:
+ Update copyright years.
+ [5c6d72661bad]
+
+ * plugins/sudoers/mon_systrace.h:
+ Systrace support was removed long ago.
+ [10a038a2da77]
+
+2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
+ plugins/sudoers/regress/sudoers/test9.toke.out.ok:
+ Remove some files that were mistakenly added.
+ [833502da26de]
+
+ * common/sudo_debug.c, config.h.in, configure, configure.in,
+ plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
+ Use time(&now) instead of now = time(NULL) when storing the current
+ time in a time_t (better compiler error checking). Better parsing
+ and printing of 64-bit time_t on 32-bit platforms.
+ [c227dc72c04e]
+
+2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ Don't check the tty of the parent process. Now that we get the
+ controlling tty device number from the kernel there is no need. If
+ the process has really disassociated from the tty then reporting
+ "unknown" is appropriate.
+ [62fb66e565db]
+
+2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/error.c:
+ Use EXIT_FAILURE instead of 1 as the fatal() exit value.
+ [ed94c2c5e88a]
+
+ * src/sesh.c:
+ Change remaining errorx -> fatalx
+ [3f6d70e19303]
+
+2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
+ error if the entry already exists in the cache.
+ [94d45970400a]
+
+ * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
+ Change "foo: failed" to just "foo" since we print the string form of
+ errno. Gets rids of some useless translations.
+ [476f37349dbc]
+
+2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/match.c:
+ Fix pasto in debug_decl
+ [08650186a239]
+
+ * plugins/sudoers/Makefile.in:
+ regen
+ [acf4c34fba2c]
+
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Rename log_error() -> log_warning() for consistency with
+ warning()/fatal()
+ [474ed5a0e335]
+
+ * plugins/sudoers/auth/API:
+ The NO_EXIT flag was removed a while ago.
+ [e0a4be270226]
+
+ * common/aix.c, common/alloc.c, common/error.c, include/error.h,
+ plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
+ plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
+ src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
+ src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
+ src/utmp.c:
+ Rename error/errorx -> fatal/fatalx and remove the exit value as it
+ was always 1.
+ [ea66f58c4da5]
+
+ * NEWS:
+ digests are supported in sudoers ldap too
+ [77d6c25f7653]
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c:
+ Print test failures to stdout like the final count so the outputis
+ not displayed out of order.
+ [f541b78ecb93]
+
+ * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
+ plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
+ plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
+ src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
+ src/po/it.po, src/po/tr.po:
+ Sync with translationproject.org
+ [cbd70678b99f]
+
+ * Makefile.in:
+ Check for any uncommitted changes in dist target and add force-dist
+ target that omit check-dist.
+ [78dc3f41e37e]
+
+2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/regress/ttyname/check_ttyname.c:
+ Fix logic bug when checking tty via ttyname().
+ [279aee076194]
+
+ * compat/endian.h:
+ Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
+ __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
+ [fe35e0b04502]
+
+ * plugins/sudoers/po/sudoers.pot:
+ regen
+ [0ddebccd3045]
+
+ * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
+ doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document digest support.
+ [d794c7b9a7bc]
+
+ * MANIFEST, plugins/sudoers/Makefile.in,
+ plugins/sudoers/regress/parser/check_base64.c:
+ Simple bas64 decode unit test.
+ [344b0df0fe50]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h:
+ Move base64_decode into its own source file.
+ [30497e7f88bc]
+
+ * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
+ Only check year against 2038 if time_t is 32-bit.
+ [9c1f2e3fc3ba]
+
+2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
+ plugins/sudoers/sssd.c:
+ Add digest support for sudoers in ldap and sss.
+ [314937b5e59e]
+
+ * INSTALL, configure, configure.in:
+ Error out in configure if the compiler doesn't support "long long".
+ [d3645c1d50d1]
+
+ * plugins/sudoers/match.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l:
+ Include stdint.h or inttypes.h before sha2.h
+ [20ad1c20313d]
+
+ * common/lbuf.c:
+ Simplify lbuf append functions by moving the realloc code into
+ lbuf_expand(). We now expand as needed each time bytes need to be
+ written to the lbuf. Also handle a NULL pointer being passed in for
+ paranoia's sake.
+ [6283ee562ef4]
+
+ * plugins/sudoers/iolog.c:
+ Zero out struct iolog_details early to avoid a potential (though
+ unlikely) dereference of stack garbage if we hit a fatal error
+ before iolog_deserialize_info() is called.
+ [2eeca8be05fb]
+
+2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * sudo.pp:
+ Update copyright year.
+ [b843c6a43238]
+
+ * plugins/sudoers/sudoers_version.h:
+ Bump SUDOERS_GRAMMAR_VERSION for new digest support.
+ [188556fb8156]
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
+ plugins/sudoers/gram.y, plugins/sudoers/match.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Sanity check digest in parser so visudo can catch errors. Add base64
+ support
+ [b8586d5cc7ed]
+
+ * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
+ For big endian architectures just use memcpy() instead of BE macros
+ in a loop.
+ [c71a0f4a8a8e]
+
+2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, config.h.in, configure, configure.in,
+ plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/gram.y,
+ plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/match.c, plugins/sudoers/parse.h,
+ plugins/sudoers/regress/parser/check_digest.c,
+ plugins/sudoers/regress/parser/check_digest.out.ok,
+ plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c:
+ Initial implementation of checksum support in sudoers. Currently
+ supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
+ validation in parser and base64 support. checksum support for
+ ldap sudoers
+ [b8f196346eca]
+
+2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
+ SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
+ domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
+ respectively.
+ [7511d07c0a83]
+
2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS, configure, configure.in:
- Update for sudo 1.8.6p8
- [1d2d78415eed]
+ * NEWS:
+ Add sudo 1.8.6p8
+ [0666fd0321ae]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
+ Add missing "not" in error message when mixing standalone and non-
+ standalone authentication methods.
+ [7eba4439db73]
+
+ * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
+ Check for crypt() returning NULL. Traditionally, crypt() never
+ returned NULL but newer versions of eglibc have a crypt() that does.
+ Bug #598
+ [887b9df243df]
+
+ * plugins/sudoers/auth/pam.c:
+ Better PAM error messages
+ [fd7eda53cdd7]
+
+ * plugins/sudoers/auth/kerb5.c:
+ Better error messages
+ [98142874a2f4]
+
+ * plugins/sudoers/bsm_audit.c:
+ Use same error message for getauid() failure.
+ [07f0d88cb1df]
+
+ * plugins/sudoers/sssd.c:
+ Start warning with a lower case letter for consistency and to match
+ existing translated strings.
+ [b719ac52c9e3]
+
+2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * mkpkg:
+ Disable PIE on Solaris where it is not really supported.
+ [c36c84cdcc7a]
+
+ * src/ttyname.c:
+ AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
+ before we try to match it against st_rdev.
+ [5dab449fb962]
+
+ * src/ttyname.c:
+ Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
+ a problem finding the tty name when it is not in /dev/pts.
+ [6c205d087fa0]
+
+ * compat/snprintf.c:
+ Support %lld and %llu
+ [feabfa06c954]
+
+ * .hgignore, MANIFEST, src/Makefile.in,
+ src/regress/ttyname/check_ttyname.c:
+ Add ttyname test.
+ [e987038f8c07]
+
+2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
+ plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
+ plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
+ plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
+ src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
+ src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
+ src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
+ src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
+ Sync with translationproject.org
+ [4d7b73b22079]
+
+ * plugins/sudoers/timestamp.c:
+ Log timestampfile to debug file.
+ [e997281146c0]
+
+ * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
+ Don't add the "Password: " string we look up in the PAM text domain
+ to the sudoers.pot file.
+ [771b52244abf]
+
+2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/sudoers.pot:
+ Synce with regcomp() error message change.
+ [fc6d3dfb8eb8]
+
+ * plugins/sudoers/sudoreplay.c:
+ Be consistent with error message when regcomp() fails.
+ [de6c69ba04e4]
+
+2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/testsudoers/test5.out.ok,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Use group -1 instead of 1 as the invalid group since the running
+ user might have group 1 as their default group.
+ [71404a9fa75d]
+
+ * plugins/sudoers/Makefile.in:
+ PWD may be a shell builtin, use CWD instead.
+ [c443105c5091]
+
+2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ Split up check_user().
+ [ce7cc0767589]
+
+2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Cosmetic fixes in the comments.
+ [640abee43c14]
+
+2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
+ message for visibility checks when the test fails.
+ [99665477ee55]
+
+ * config.h.in:
+ regen
+ [00c22606719a]
+
+ * configure, configure.in:
+ We no longer use mbr_check_membership() and setrlimit64() is AIX-
+ specific.
+ [43caf685a1f1]
+
+ * Makefile.in:
+ The first (all) target must be by itself or some makes will choose
+ the run the entire target list.
+ [16cf3def49f5]
+
+ * configure, configure.in:
+ Do exec_prefix expansion when enable_shared even if noexec is not
+ enabled.
+ [7ed28cb32d8d]
+
+ * compat/getgrouplist.c:
+ Use free() not efree() since we don't include alloc.h here
+ [1a008737be24]
+
+ * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ regen
+ [b939f941346f]
+
+ * plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Pass in expected gid to testsudoers in addition to the uid that
+ matches the test sudoers files.
+ [6a1710e8cac1]
+
+2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Tru64 5.x does declare innetgr() and getdomainname().
+ [c75598e69c7e]
+
+ * plugins/sudoers/match.c:
+ Fix compilation when getdomainame() is not present.
+ [e831b017a962]
+
+ * config.h.in, configure.in, include/missing.h:
+ Move SET/CLR/ISSET from config.h.in to missing.h
+ [3a3dd29fd7f0]
+
+ * configure, configure.in:
+ Fix getgrouplist() check.
+ [12a2adf60e98]
+
+ * MANIFEST:
+ No more timestamp.h
+ [5677e26afc0f]
+
+ * plugins/sudoers/check.c:
+ Neded sys/time.h for struct timeval in struct sudo_tty_info.
+ [aceaadd8c400]
+
+ * plugins/sudoers/Makefile.in:
+ regen depends
+ [21675a8b67e5]
+
+ * NEWS:
+ Mention libibmldap on HP-UX
+ [75b4e4b22950]
+
+ * NEWS, plugins/sudoers/match.c:
+ Instead of checking the domain name explicitly for "(none)", just
+ check for illegal characters.
+ [ce35dda811db]
+
+ * plugins/sudoers/visudo.c:
+ Only warn once when we are unable to open the sudoers file.
+ [9e27e3aa5b10]
+
+ * plugins/sudoers/sudoers.c:
+ Fall back to opening /dev/tty to determine whether there is a tty if
+ the system doesn't have kernel support for determing the tty.
+ [2775bcf9a9b5]
+
+ * compat/getprogname.c:
+ Update guard to take __progname into account
+ [60eae3f20232]
+
+ * compat/snprintf.c:
+ Some older systems have inttypes.h but not stdint.h
+ [ed1ef160015f]
+
+ * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
+ compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
+ compat/getline.c, compat/getprogname.c, compat/glob.c,
+ compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
+ compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
+ compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
+ compat/strsignal.c, compat/utimes.c:
+ Add guards in compat source files. Not really needed since we only
+ include them in the Makefile if they are needed but should not hurt
+ either.
+ [8cbd3b4595b9]
+
+2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Don't include gram.h in gram.y, its contents are already included.
+ Move sudoerserror to the end of gram.y so COMMENT is declared when
+ we need to use it.
+ [7d72ebdd7222]
+
+2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure.in:
+ Remove some pre-ANSI cruft.
+ [6a95704b2116]
+
+ * plugins/sudoers/match.c:
+ Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
+ when it is set.
+ [da40c550ffed]
+
+ * NEWS, plugins/sudoers/iolog_path.c:
+ We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
+ just leave it as-is.
+ [9a22de140d28]
+
+2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Add missing semicolon in rule.
+ [817d3f1b2a21]
+
+ * plugins/sudoers/sudoers.c:
+ Now that we can determine the terminal even when file descriptors
+ are redirected we can check user_ttypath rather than opening
+ /dev/tty when enforcing requiretty.
+ [56a28bc09041]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Stash umask in struct sudo_user so we don't need to look it up
+ later.
+ [9f85749199dc]
+
+ * plugins/sudoers/sudoers.c:
+ Minor cosmetic change
+ [c373e106ed49]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ No longer need to declare interfaces
+ [d7ff7e579557]
+
+ * plugins/sudoers/logging.c:
+ Fix compilation in SUDOERS_NO_SEQ case
+ [9a6db9247534]
+
+ * plugins/sudoers/regress/parser/check_addr.c:
+ No longer need to define sudo_printf
+ [578ad13c3546]
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/timestamp.c:
+ Pass auth_pw to the timestamp functions.
+ [f603649177d6]
+
+ * plugins/sudoers/iolog_path.c:
+ Fix SUDOERS_NO_SEQ
+ [17881f9bcd68]
+
+ * plugins/sudoers/locale.c:
+ Don't need all of sudoers.h in here
+ [c518150c6483]
+
+ * plugins/sudoers/sudoers.c:
+ Don't need to include sudoers_version.h here.
+ [8abb31102119]
+
+2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/check.c:
+ DEFAULT_LECTURE is no longer used.
+ [f565c00a68c1]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
+ Move sudo_conv into policy.c
+ [f699aee7136b]
+
+ * plugins/sudoers/pwutil.c:
+ cosmetic fixes
+ [930e60389ca8]
+
+ * plugins/sudoers/match.c:
+ RHEL (and perhaps other Linux distros) use the string "(none)"
+ instead of an empty string when there is no actual NIS-style domain
+ name. Bug #596
+ [11aec11489ac]
+
+ * plugins/sudoers/match.c:
+ Fix return values when NAME_MATCH is defined.
+ [ce030be9ccef]
+
+2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
+ Update copyright year.
+ [7e4b8d49addd]
+
+ * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
+ plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
+ Add sudo_set_grlist(), currently unused by the back end.
+ [b37ac1d0e8fc]
+
+ * plugins/sudoers/pwutil.c:
+ Remove unused macros, fix a debug_decl
+ [6136fb4a0d3b]
+
+ * include/missing.h:
+ Tru64 Unix doesn't prototype innetgr() or getdomainname().
+ [585ac1874dfe]
+
+ * include/missing.h:
+ Whitespace fixes
+ [0bb28cd91d97]
+
+ * common/error.c:
+ Don't need to include setjmp.h here, error.h already includes it.
+ [fd05ab00e186]
+
+2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in, plugins/sudoers/Makefile.in:
+ regen depends
+ [57991f5e16b4]
+
+ * plugins/sudoers/check.h:
+ Rename guard define.
+ [ccf4dba241d6]
+
+ * plugins/sudoers/check.c, plugins/sudoers/check.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Move contents of timestamp.h into check.h.
+ [c139757a9283]
+
+ * plugins/sudoers/sudoers.h:
+ expand_prompt() is now in prompt.c sudo_printf extern is now in
+ error.h
+ [219bd74ca62b]
+
+ * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
+ plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
+ plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
+ plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
+ plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
+ plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
+ plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
+ plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
+ plugins/sudoers/toke.h:
+ Change multiple inclusion guards to be _SUDOERS_FOO_H
+ [faace6d55e78]
+
+2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
+ src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
+ New Dutch translation for sudo and sudoers New Turkish translation
+ for sudo From translationproject.org
+ [bc918b7b23a4]
+
+2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * config.h.in, configure, configure.in:
+ Fix a typo in a comment and make sure we don't mistakenly include
+ _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
+ [694d12ac70ec]
+
+2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in:
+ Don't build check_symbols if we are linking sudoers in statically.
+ [f6602723bab7]
+
+ * configure, configure.in:
+ Use $host_os not $host when we only care about the os name and
+ version.
+ [05e4f4fcba06]
+
+ * aclocal.m4, configure, configure.in:
+ Suppress duplicate -L and -I flags.
+ [228f2f581aed]
+
+ * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
+ Fix regress tests on non-OpenBSD platforms.
+ [9d91bc859c50]
+
+ * configure, configure.in:
+ If we find sasl/sasl.h there's no need to check for sasl.h too
+ [889efaa86012]
+
+ * aclocal.m4, configure, configure.in:
+ Add -R flags at the very end after configure link tests are done
+ since we can only count on libtool to accept -R, the compiler front
+ end may not. Also unify the libldap and libibmldap tests using
+ AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
+ libibmldap (but is not an explicit dependency).
+ [ab1451894351]
+
+2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Back out changes that broke detection of skey, opie and ldap
+ libraries.
+ [ffa82b8f8641]
+
+ * plugins/sudoers/regress/testsudoers/test1.sh,
+ plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test4.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh,
+ plugins/sudoers/regress/visudo/test1.sh,
+ plugins/sudoers/regress/visudo/test2.sh,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Add explicit "exit 0" to prevent the check target from ending
+ prematurely.
+ [cca411b492bd]
+
+ * plugins/sudoers/Makefile.in:
+ Fix exit values in check target so we don't have to ignore errors.
+ [cbc429c409e9]
+
+ * plugins/sudoers/Makefile.in:
+ Fail a test if there is unexpected stderr output.
+ [4fc24d536bec]
+
+ * MANIFEST:
+ Fix path to sudo.conf manuals; remove non-existant test2.err.ok
+ [6b8bcd60dd85]
+
+ * src/load_plugins.c:
+ Fix compilation in dynamic mode.
+ [679856fa0774]
+
+ * configure, configure.in:
+ On HP-UX, libibmldap has a hidden dependency on libCsup
+ [22994709d77c]
+
+ * compat/dlopen.c:
+ Pass BIND_VERBOSE to shl_load()
+ [0060b9cfa9ab]
+
+ * configure, configure.in:
+ Only create static helper libs when --disable-shared is specified.
+ [1fcdb1a437e0]
+
+ * src/load_plugins.c:
+ Ubreak static build.
+ [4ac9f96be285]
+
+ * INSTALL, aclocal.m4, configure, configure.in:
+ Replace --with-rpath and --with-blibpath with --disable-rpath. Now
+ that we use libtool for linking we can just use the -R flag and have
+ libtool translate it to the proper linker flag.
+ [09798fad6888]
+
+2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Bump I/O buffer size 32K
+ [4ef793225309]
+
+2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in:
+ Document sesh Path setting.
+ [34b0b903b4f8]
+
+ * src/exec.c, src/exec_common.c:
+ Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
+ [06aa1956f38d]
+
+ * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
+ src/selinux.c:
+ Make sesh path configurable in sudo.conf
+ [91d331f273b7]
+
+ * configure, configure.in:
+ Use -fno-pie and -nopie if supported when --disable-pie is
+ specified.
+ [777138c04dcc]
+
+2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document direct execution of the command if the policy plugin has no
+ close function.
+ [6a14145c6e80]
+
+2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/auth/pam.c:
+ Only delete creds if we actually established them. Print an error if
+ pam_setcred() fails and we actually authenticated.
+ [1e015314903b]
+
+ * common/Makefile.in, plugins/group_file/Makefile.in:
+ regen
+ [dd8cee2a5e1b]
+
+ * common/alloc.c, include/alloc.h:
+ Convert efree() to a macro that just casts to void * and does
+ free(). If the system free() can't handle free(NULL) this may crash
+ but C89 was a long time ago.
+ [efd0ff9270fb]
+
+ * configure, configure.in:
+ Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
+ Fixes a problem with errno sometimes not being set on error on HP-
+ UX.
+ [54b419d58320]
+
+ * common/sudo_debug.c:
+ Fix debug logging from the plugin when there is no error number.
+ This was broken in the big debugging reorg for 1.8.7.
+ [2ea7e145e928]
+
+2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in, plugins/group_file/Makefile.in,
+ plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
+ plugins/system_group/Makefile.in, src/load_plugins.c:
+ Always install plugins with a .so extension regardless of what
+ extension the system uses for shared libraries. That way the
+ group_plugin sudoers setting can be shared between heterogenous
+ systems.
+ [a7e6ecff6fdf]
+
+ * plugins/sudoers/match.c:
+ Mac OS X has netgroup functions in netdb.h.
+ [243881a974aa]
+
+ * plugins/sudoers/parse.h:
+ Tags in struct cmndtag can be set to IMPLIED as well.
+ [cb6926988cc8]
+
+ * plugins/sudoers/parse.c:
+ Quiet a compiler warning.
+ [14e608c2001d]
+
+ * plugins/sudoers/testsudoers.c:
+ Quiet an llvm checker warning.
+ [2eeb9f3d08f3]
+
+ * plugins/sudoers/parse.c:
+ Quiet gcc -Wuninitialized false positive
+ [643ad987503d]
+
+2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Document group_file and system_group plugins.
+ [b56511e79230]
+
+ * NEWS:
+ Sudo 1.8.7
+ [e95183b8fa27]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Try to clarify that sudoedit in sudoers should not include a leading
+ pathname.
+ [7b2beac92a9c]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Make sure groupname_len is at least 32 just to be on the safe side.
+ It is better to allocate a little extra and not need it than to have
+ to reallocate and start over.
+ [6d3e1ba47de9]
+
+ * include/alloc.h, include/missing.h:
+ Add __malloc_like macro to apply __malloc__ attribute to emalloc,
+ ecalloc and estrdup. It cannot be applied to realloc since that may
+ return the same pointer.
+ [8d70cb81d1f1]
+
+ * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
+ Fix potential double free in an error path.
+ [657573feb6a4]
+
+ * src/exec_pty.c:
+ When running the command in a pty, defer the call to exec_setup()
+ until just before we exec the command. This is consistent with the
+ non-pty path. As a side effect, the monitor process runs as root
+ and not the runas user.
+ [e2a7f8c7ee4c]
+
+2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/closefrom.c:
+ Update copyright year.
+ [9b652af4dfc0]
+
+2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/closefrom.c:
+ Use pst_highestfd from pstat_getproc() on HP-UX.
+ [09f3fea46a3d]
+
+2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, common/Makefile.in, doc/Makefile.in,
+ plugins/sudoers/Makefile.in:
+ Clean up generated test files and other minor housekeeping.
+ [f5f4fdd908e1]
+
+ * plugins/sudoers/iolog.c:
+ Add back gettimeofday() call inadvertantly removed in e1abb9810a83
+ [675cce8401ae]
+
+ * config.h.in, configure, configure.in, src/ttyname.c:
+ Use pstat() on HP-UX to determine the tty device.
+ [2884af22a9df]
+
+ * plugins/sudoers/auth/pam.c:
+ Fix PAM compilation: def_pam_session, not just pam_session.
+ [5417d7acc6ea]
+
+ * doc/fixmdoc.sh:
+ Don't remove the -S option description when trimming out selinux.
+ Bug #592
+ [8a94f2cfa0a0]
+
+2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Update for Sudo 1.8.6p7
+ [0858a73e9c40]
+
+2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Document when sudo may exec the command directly instead of forking.
+ [da41951edc28]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document that close and version be NULL for plugin API >= 1.3 and
+ that sudo may execute the command directly if there is no close, or
+ pty or timeout needed.
+ [e5f929ddeaf8]
+
+ * plugins/sudoers/auth/sudo_auth.c:
+ Fix debug_decl for sudo_auth_begin_session and
+ sudo_auth_end_session.
+ [58243392c0df]
+
+ * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
+ Add pam_session sudoers option.
+ [d994465db9f1]
+
+ * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.h:
+ Dummy out close function if there is no end_session for the auth
+ method and the front-end can handle a NULL close function. Avoids
+ the extra sudo process when we don't actually need it.
+ [74886d5b0fb6]
+
+2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, aclocal.m4:
+ Add m4/ to paths m4_include parameters so we don't need to use
+ autoconf's -I flag.
+ [4fd86e7a84f3]
+
+ * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
+ src/sudo_plugin_int.h:
+ If the policy plugin does not provide a close function, there is no
+ command timeout and no pty is required, skip the event loop and just
+ exec the command directly.
+ [ad532f107170]
+
+ * src/sudo.c:
+ Do not crash if the plugin close and version functions are not
+ defined. If there is no policy close function, simply print a
+ warning that the command was not found.
+ [c789a9dd54e8]
+
+2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c:
+ Fix typos in selinux/solaris privs specific code.
+ [9af3999361b4]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, src/parse_args.c:
+ Pass the default plugin directory to the plugin via the settings
+ list. Could be used by a stacking plugin.
+ [688e771fc145]
+
+ * plugins/sudoers/timestamp.c:
+ Completely ignore time stamp file if it is set to the epoch,
+ regardless of what gettimeofday() returns.
+ [df58842af660]
+
+ * doc/CONTRIBUTORS:
+ Add Nikolai Kondrashov
+ [df59791438f9]
+
+ * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
+ Use userpw_matches() for username matching so #uid works for
+ sudoRunAsUser.
+ [a124062334df]
+
+ * plugins/sudoers/sssd.c:
+ Avoid calling realloc3() with a zero size parameter when all
+ retrieved sssd rules fail. Otherwise we'll get a run-time error due
+ to malloc(0) checking.
+ [84dfcb73ebd7]
+
+ * plugins/sudoers/sssd.c:
+ Do not send error mail if a user is not found in SSSD. Local users
+ can run sudo too. From Nikolai Kondrashov
+ [3d2ae99ee468]
+
+2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/regress/sudo_conf/test4.in,
+ common/regress/sudo_conf/test4.out.ok:
+ Test setting disable_coredump to illegal value.
+ [3c71c6c49027]
+
+ * common/sudo_conf.c:
+ Fix atobool() usage.
+ [d40c9f4d06b0]
+
+ * common/regress/sudo_conf/conf_test.c:
+ Remove unused variable.
+ [328b524b365b]
+
+ * plugins/sudoers/sudoers.c:
+ Make "sudo -l non_existent_command" warn that non_existent_command
+ doesn't exist, not the "list" pseudo-command.
+ [9dc0388fc4f3]
+
+ * plugins/sudoers/parse.c:
+ Make sudoers file long list output better match the format used by
+ ldap sudoers. Tags are now converted to options and there is a
+ single command per line.
+ [6e6dc3f20d84]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use the correct the sudoers policy symbol names and undo an editor
+ goof committed when adding max_groups to sudo.conf.
+ [2a6f7ddf5cc3]
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
+ For "sudo -l" start a new line if the runas list changes to make the
+ output easier to read.
+ [7dc3d724c924]
+
+2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
+ For "sudo -l" and "sudo -ll" only print the runas info for
+ subsequent commands in a list if the runas info has changed. If we
+ have new runas info, print out the tags again so as to be less
+ confusing to the user. For "sudo -ll" set the line continuation
+ indent to 8.
+ [b5ec02fe7fc1]
+
+2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
+ plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
+ plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
+ plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c,
+ plugins/sample_group/sample_group.exp:
+ Rename sample_group plugin to group_file. Install group_file and
+ system_group plugins by default.
+ [951b3e446fae]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
+ plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
+ plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h:
+ Add maxseq sudoers option to limit the max number of I/O log files.
+ [e1abb9810a83]
+
+2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog.c:
+ Log lines and columns in the iolog file.
+ [03adb6230e05]
+
+2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
+ common/regress/sudo_conf/test1.in,
+ common/regress/sudo_conf/test1.out.ok,
+ common/regress/sudo_conf/test2.in,
+ common/regress/sudo_conf/test2.out.ok,
+ common/regress/sudo_conf/test3.in,
+ common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
+ include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
+ src/sudo.c:
+ Add simple regress tests for sudo.conf parsing.
+ [3c36b61bf61c]
+
+ * src/sudo.c:
+ Always display the I/O plugin version as long as its open functions
+ doesn't return an error. Previously it was only displayed if the
+ plugin open returned 1.
+ [4b0277db3f8c]
+
+ * plugins/sudoers/pwutil_impl.c:
+ Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
+ of poking around in struct utmpx.
+ [2c0cc5c42958]
+
+ * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
+ #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
+ build directory and not the src dir when using a separate build
+ directory.
+ [1fcb7ba13018]
+
+2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/fileops.c:
+ If a line was longer that 0x80000000 the bit hack to round to the
+ next power of two would roll over to zero.
+ [f4f729cf6f0f]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/sudoers.h, src/sudo.c:
+ Use max_groups in front-end and plugin.
+ [bf1e74166831]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, src/parse_args.c:
+ Pass max_groups to plugin in settings list.
+ [d7d76e8651f4]
+
+ * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, include/sudo_conf.h:
+ Add max_groups setting to sudo.conf (currently unused) and remove
+ unused return value from setters.
+ [f6494f71e1f0]
+
+2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL:
+ Reorganize configure options
+ [23475de8039f]
+
+2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add Sudo 1.8.6p7
+ [5192fc511cbe]
+
+2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL.configure:
+ Sync with autoconf 2.68
+ [985e5c8efa4e]
+
+ * INSTALL, README:
+ Remove obsolete OS notes and move build requirements to INSTALL.
+ [bf0dd53ca164]
+
+2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Sort elements of the settings, user_info and command_info lists.
+ [663062ada5b7]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Remove trailing white space
+ [027916a6c8e7]
+
+ * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Store the session ID in the tty ticket file too. A tty may only be
+ in one session at a time so if the session ID doesn't match we
+ ignore the ticket.
+ [4eb2cb8df48b]
+
+2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/sudoers.c, src/sudo.c:
+ Move tzset() call from sudoers plugin to sudo front end.
+ [3c058dad8772]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
+ doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Mention line continuation
+ [399873f8c805]
+
+ * MANIFEST, common/Makefile.in, common/fileops.c,
+ common/regress/sudo_parseln/parseln_test.c,
+ common/regress/sudo_parseln/test1.in,
+ common/regress/sudo_parseln/test1.out.ok,
+ common/regress/sudo_parseln/test2.in,
+ common/regress/sudo_parseln/test2.out.ok,
+ common/regress/sudo_parseln/test3.in,
+ common/regress/sudo_parseln/test3.out.ok,
+ common/regress/sudo_parseln/test4.in,
+ common/regress/sudo_parseln/test4.out.ok,
+ common/regress/sudo_parseln/test5.in,
+ common/regress/sudo_parseln/test5.out.ok,
+ common/regress/sudo_parseln/test6.in,
+ common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
+ include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/sudo_nss.c:
+ Add line continuation support to sudo_parseln() and make it use
+ getline() instead of fgets() internally.
+ [d02bf3973fc5]
+
+2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sample/sample_plugin.c:
+ Fix memory leak in error path; found by llvm checker
+ [d090c26a5b00]
+
+ * plugins/sudoers/sudoreplay.c:
+ Remove useless store detected by llvm checker.
+ [12a4db91651a]
+
+ * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
+ src/load_plugins.c, sudo.pp:
+ Sudo now stores its libexec files in a "sudo" subdirectory instead
+ of in libexec itself. For backwards compatibility, if the plugin is
+ not found in the default plugin directory, sudo will check the
+ parent directory default directory ends in "/sudo".
+ [5de67de76489]
+
+ * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
+ plugins/system_group/system_group.c:
+ Add missing __dso_public to plugin structs so they are exported.
+ [dde703577621]
+
+ * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
+ Mention that sudoers has its own plugins too.
+ [0a6c6203b512]
+
+2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
+ Correct last change date.
+ [45894291d792]
+
+ * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in:
+ Remove duplicated sudo.conf info in the sudo, sudoers and
+ sudo_plugin manuals and cross-reference the new sudo.conf manual.
+ [b808ba29cf3a]
+
+ * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
+ Fix typos
+ [0e70964150c6]
+
+ * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in:
+ Fix some typos.
+ [94ae045cfbc6]
+
+ * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
+ doc/sudo.conf.mdoc.in:
+ Add standalone sudo.conf manual page.
+ [d64d949b700c]
+
+ * doc/sample.sudo.conf:
+ add group_source example
+ [118c1ba1c014]
+
+ * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
+ doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
+ doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
+ [f5bd6006dc1c]
+
+ * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
+ src/po/it.po:
+ Sync with translationproject.org
+ [a6f2b9aac371]
+
+2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
+ plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
+ src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
+ src/po/vi.po:
+ Sync with translationproject.org
+ [ba546666969d]
+
+2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
+ plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
+ src/po/es.po, src/po/gl.po:
+ Sync with translationproject.org
+ [cdc454e34c03]
+
+2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Clarify ttyname changes.
+ [cbf2f80fe582]
+
+ * NEWS:
+ Add 1.8.6p6
+ [3aa591e98b3b]
+
+ * src/ttyname.c:
+ Remove ttyname() fall back code on systems where we can query the
+ kernel for the tty device via /proc or sysctl(). If there is no
+ controlling tty, it is better to just treat the tty as unknown
+ rather than to blindly use what is hooked up to std{in,out,err}.
+ [b2bd3005d2e4]
+
+2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
+ Add group_source setting in sudo.conf to allow the admin to specify
+ how a user's groups are looked up. Legal values are static (just
+ the kernel list from getgroups), dynamic (whatever the group
+ database includes) and adaptive (only use group db if kernel group
+ list is full).
+ [87a5b02e22ad]
+
+ * plugins/sudoers/policy.c:
+ Pass back exec_background to front end if it is enabled in sudoers.
+ [8230e1cd0bbd]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention that exec_background is for 1.8.7 and higher only.
+ [fdf0d5a3e182]
+
+2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST:
+ Add missing test files.
+ [1165389aa5e6]
+
+ * plugins/sudoers/regress/visudo/test3.err.ok,
+ plugins/sudoers/regress/visudo/test3.out.ok,
+ plugins/sudoers/regress/visudo/test3.sh:
+ Add regress test for bug 361
+ [54c7fb61b82d]
+
+ * plugins/sudoers/iolog.c:
+ Add __dso_public to extern declaration of declaration to match
+ actual definition.
+ [4695ded501e6]
+
+ * NEWS:
+ Add 1.8.6p5
+ [b07b28c5c4d7]
+
+2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
+ plugins/sudoers/regress/visudo/test2.out.ok,
+ plugins/sudoers/regress/visudo/test2.sh:
+ Add test for visudo cycle check core dump; test case from Daniel
+ Kopecek
+ [41074541147a]
+
+ * plugins/sudoers/visudo.c:
+ Fix potential stack overflow due to infinite recursion in alias
+ cycle detection. From Daniel Kopecek.
+ [d7e018a87434]
+
+ * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
+ Ignore duplicate entries in sudo.conf and report the line number
+ when there is an error. Warn, don't abort if there is more than one
+ policy plugin.
+ [dfcb5a698f0a]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Use strtoul() not atoi().
+ [58a52cf9b6b8]
+
+2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/Makefile.in:
+ regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
+ [9b44e9d26d16]
+
+ * compat/nss_dbdefs.h:
+ Fix typo that breaks the build on HP-UX.
+ [b9ab6ba23485]
+
+ * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
+ configure, configure.in:
+ Use nss_search() to implement getgrouplist() where available.
+ Tested on Solaris and HP-UX. We need to include a compatibility
+ header for HP-UX which uses the Solaris nsswitch implementation but
+ doesn't ship nss_dbdefs.h.
+ [d29dbc4dc06d]
+
+2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
+ Remove extra flag to sudo_sigaction(). We want to trap the signal
+ regardless of whether or not it is ignored by the underlying command
+ since there's no way to know what signal handlers the command will
+ install. Now we just use sudo_sigaction() to set a flag in
+ saved_signals[] to indicate whether a signal needs to be restored
+ before exec.
+ [c042d52c7192]
+
+2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * compat/getgrouplist.c, config.h.in, configure, configure.in:
+ Use _getgroupsbymember() on Solaris to get the groups list. Fixes
+ performance problems with the getgroupslist() compat on Solaris
+ systems with network-based group databases.
+ [287d3ae2ce8d]
+
+2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Document signal handler behavior in plugin API 1.3
+ [20dc9d1c105f]
+
+ * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
+ src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
+ Move signal code into its own source file and add sudo_sigaction()
+ wrapper that has an extra flag to check the saved_signals list to
+ only install the handler if the signal is not already ignored. Bump
+ plugin API version for the new front-end signal behavior.
+ [5d2f27a1b404]
+
+ * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
+ src/sudo_exec.h:
+ Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
+ the command. If we get SIGINT or SIGQUIT, call the plugin close()
+ functions as if the command was interrupted. If we get SIGTSTP,
+ uninstall the handler and deliver SIGTSTP to ourselves.
+ [332baf3a81b7]
+
+ * src/exec.c, src/exec_pty.c:
+ Rename handle_signals() to dispatch_signals(). Block other signals
+ in handler() so we don't have to worry about the write() being
+ interrupted.
+ [666e95c9a0f1]
+
+2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/tgetpass.c:
+ Rename signal handler to avoid name clash with one in exec.c
+ [8913101a29b6]
+
+2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/sudo.c:
+ Add missing call to save_signals().
+ [47d075d7326b]
+
+2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
+ Fill in the comment block at the top of the .pot files and preserve
+ it when regenerating them.
+ [6449497b76db]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
+ doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
+ plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
+ plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
+ Add exec_background option in plugin command info and a sudoers
+ option to match. When set, commands are started in the background
+ and automatically foregrounded as needed. There are issues with
+ some ill-mannered programs (like Linux su) so this is not the
+ default.
+ [c0b32b0938f2]
+
+ * common/Makefile.in:
+ regen
+ [2b2b220e7aea]
+
+ * src/Makefile.in:
+ Add SESH_OBJS variable for sesh object files.
+ [d3e04ae8fd1f]
+
+ * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
+ Update copyright year.
+ [61a0f0cedb13]
+
+ * src/exec_pty.c:
+ Always resume the command in the foreground if sudo itself is the
+ foreground process. This helps work around poorly behaved programs
+ that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
+ worst, sudo will go into the background but upon resume the command
+ will be runnable. Otherwise, we can get into a situation where the
+ command will immediately suspend itself.
+ [c368ac3eb2e4]
+
+ * configure, configure.in:
+ Use -fstack-protector-all in preference to -fstack-protector where
+ supported.
+ [f930c95ceb51]
+
+2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Only test for -fstack-protector and -fvisibility=hidden on GNU
+ compatible compilers.
+ [796f4696d863]
+
+2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * NEWS:
+ Add Sudo 1.8.6p4
+ [8a928de8e717]
+
+ * common/Makefile.in, compat/Makefile.in, configure, configure.in,
+ plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
+ plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
+ src/Makefile.in:
+ Break out stack smashing protector options into SSP_CFLAGS and
+ SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
+ [01be114fc9fb]
+
+2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
+ In rbrepair(), make sure we never try to change the color of the
+ sentinel node, which is the first entry, not the root. From Michael
+ King
+ [3fc4dc4004ec]
+
+2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ No need to restore default signal handler for SIGSTOP as it is not
+ catchable. Attempting to do so is harmless but sigaction() will
+ fail and set errno to EINVAL which makes it looks like there is an
+ error.
+ [be7c0b759e9a]
+
+ * src/exec.c:
+ Print SIGCONT_FG and SIGCONT_BG properly in debug output.
+ [93e59e301c8f]
+
+2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * configure, configure.in:
+ Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
+ [9ed48f696595]
+
+2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * include/missing.h:
+ Add howmany() macro since some systems have this in sys/param.h
+ which we no longer include.
+ [2c5efaa16c45]
+
+2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
+ Remove errant file.
+ [a91699beffc6]
+
+2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c:
+ Remove obsolete sudoers_cleanup() stubs.
+ [89153025a2ae]
+
+ * common/alloc.c, common/atobool.c, common/fileops.c,
+ common/fmt_string.c, common/lbuf.c, common/secure_path.c,
+ common/sudo_conf.c, common/sudo_debug.c, common/term.c,
+ compat/closefrom.c, compat/getcwd.c, compat/glob.c,
+ compat/snprintf.c, include/missing.h,
+ plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
+ plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
+ plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
+ plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
+ plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
+ plugins/sudoers/check.c, plugins/sudoers/defaults.c,
+ plugins/sudoers/env.c, plugins/sudoers/find_path.c,
+ plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
+ plugins/sudoers/logging.c, plugins/sudoers/match.c,
+ plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
+ plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
+ plugins/sudoers/redblack.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
+ plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/get_pty.c,
+ src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
+ src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
+ Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
+ MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
+ HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
+ MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
+ [f4807d46f504]
+
+ * include/missing.h, plugins/sudoers/match.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
+ Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
+ (sys/param.h or netdb.h).
+ [2544f5e306dd]
+
+2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/logging.c:
+ Move debug_decl() in log_failure() to be after the variable
+ declarations for C89.
+ [f48d2035ab44]
- * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
- Check for crypt() returning NULL. Traditionally, crypt() never
- returned NULL but newer versions of eglibc have a crypt() that does.
- Bug #598
- [887b9df243df]
+2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
-2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * common/error.c, include/error.h, plugins/sudoers/iolog.c,
+ plugins/sudoers/logging.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Cannot wrap sigsetjmp() or we end up returning to the wrong place.
+ Use a macro instead.
+ [749ee6acdad8]
- * src/ttyname.c:
- AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
- before we try to match it against st_rdev.
- [5dab449fb962]
+2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/policy.c:
+ Fix return in sudoers_policy_open that should be debug_return.
+ [a78b795b6846]
+
+2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
* src/ttyname.c:
- Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
- a problem finding the tty name when it is not in /dev/pts.
- [6c205d087fa0]
+ Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
+ too.
+ [acfa891c229e]
-2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * src/solaris.c:
+ Quiet a gcc warning and add comment about needing to keep the handle
+ open.
+ [f954f228960f]
- * plugins/sudoers/check.c:
- Completely ignore time stamp file if it is set to the epoch,
- regardless of what gettimeofday() returns.
- [ebd6cc75020f]
+2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
- * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
- plugins/sudoers/sudoers.h:
- Store the session ID in the tty ticket file too. A tty may only be
- in one session at a time so if the session ID doesn't match we
- ignore the ticket.
- [049a12a5cc14]
+ * INSTALL:
+ mention --disable-shared
+ [6954d39e2d0f]
+
+ * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Add missing command_info argument in I/O plugin open() prototype.
+ Bug #579
+ [72beb07aba0e]
+
+2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/gram.c:
+ Regen for proper line numbers.
+ [6cf6e132e764]
* configure, configure.in:
- Sudo 1.8.6p7
- [3334bc872111]
+ Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
+ [d604dc8ca38a]
- * NEWS:
- Update for Sudo 1.8.6p7
- [3b853ddc529c]
+ * common/sudo_printf.c:
+ Include missing.h for __printflike.
+ [a33640600faf]
-2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/iolog.c:
+ Saner loop invariant in io_mkdirs (cosmetic only).
+ [dc30274afe38]
- * NEWS:
- Add Sudo 1.8.6p7
- [77480be0f378]
+ * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
+ configure, configure.in, include/error.h, mkdep.pl,
+ plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
+ src/sesh.c:
+ Move warn/error into common and make static builds work.
+ [4d3f374f4e4c]
-2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
+ * MANIFEST, common/Makefile.in, common/sudo_debug.c,
+ common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
+ plugins/sudoers/gram.c, plugins/sudoers/gram.y,
+ plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/Makefile.in, src/conversation.c, src/sesh.c:
+ Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
+ Add sudo_printf function pointer that is initialized to
+ _sudo_printf() instead of requiring a sudo_conv function pointer
+ everywhere. The plugin will reset sudo_printf to point to the
+ version passed in via the plugin open function. Now plugin_error.c
+ can just call sudo_printf in all cases. The sudoers binaries no
+ longer need their own version of sudo_printf.
+ [9b09d3f63790]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
+ need error_jmp to be extern. Also add plugin_clearjmp() that clears
+ a flag so error()/errorx() knows when to call exit() vs. longjmp().
+ [5a4617148e70]
- * NEWS:
- Clarify ttyname changes.
- [9963ed81732d]
+ * plugins/sudoers/set_perms.c:
+ Let warning() call gettext() for us.
+ [ab8d502ba4ac]
- * NEWS:
- Add 1.8.6p6
- [162ea7fae117]
+ * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
+ Do locale swapping in the warning()/error() macros themselves
+ instead of in the underlying functions.
+ [4cd205540e17]
- * src/ttyname.c:
- Remove ttyname() fall back code on systems where we can query the
- kernel for the tty device via /proc or sysctl(). If there is no
- controlling tty, it is better to just treat the tty as unknown
- rather than to blindly use what is hooked up to std{in,out,err}.
- [2f3225a2a4a4]
+ * common/alloc.c, common/list.c, include/error.h,
+ plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
+ src/hooks.c:
+ Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
+ [48346393634d]
+
+ * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
+ src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
+ Call gettext() on parameters for warning()/warningx() instead of
+ having warning() do it for us.
+ [c71088bc9d3e]
+
+ * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
+ Call gettext() in sudoerserror() in the user's locale and pass the
+ untranslated string to it.
+ [cdbfc231b848]
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
+ plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Allow sudoers programs (visudo, sudoreplay, visudo) to use
+ plugin_error.c instead of the error.c from the front-end. This
+ means sudoers_setlocale() needs to be independent of the sudo_user
+ struct and the defaults table. The sudoers locale is now updated
+ via a callback.
+ [e356f5f8cd6a]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
+ plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
+ Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
+ warning/error functions work when sudo_conv is NULL
+ [7365ee24a779]
-2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
+ * src/error.c:
+ No need to change locale in front-end warning()/error().
+ [23dc1df7f93b]
+
+ * plugins/sudoers/tsgetgrpw.c:
+ Ignore bad lines in passwd/group file instead if stopping processing
+ when we hit one.
+ [79b790559075]
+
+ * plugins/sudoers/regress/testsudoers/test2.sh,
+ plugins/sudoers/regress/testsudoers/test3.sh,
+ plugins/sudoers/regress/testsudoers/test5.sh:
+ Bash doesn't let you set UID to use MYUID instead.
+ [5be56335f059]
+
+ * plugins/sudoers/visudo.c:
+ Avoid NULL deref for unknown Defaults in strict mode.
+ [545c21c1e7d6]
+
+ * common/sudo_conf.c, common/sudo_debug.c:
+ See DEFAULT_TEXT_DOMAIN
+ [3d723e1d27db]
+
+2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * .hgignore:
+ Add signame.c and mksigname.
+ [d59bbf423f00]
+
+ * plugins/sudoers/Makefile.in:
+ Fold preinstall into install-plugin and pass the path to the plugin
+ binary to the preinstall command.
+ [2c2205af8bb7]
+
+ * pp:
+ sync with upstream
+ [a4b7336b3256]
+
+ * src/sudo.h:
+ repair spacing
+ [f5c1255ce514]
+
+2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * common/sudo_debug.c:
+ Set group on sudo_debug when creating it to gid 0 so systems without
+ BSD group semantics don't get the invoking user's group.
+ [7dda01196554]
* plugins/sudoers/iolog.c:
- Add __dso_public to extern declaration of declaration to match
- actual definition.
- [e16ecb5c6677]
+ Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
+ path is a temporary, in which case the final component is created
+ via mkdtemp() instead of mkdir().
+ [79c0c4e7ed58]
- * configure, configure.in:
- Sudo 1.8.6p5
- [8d7c8bd159c5]
+ * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
+ For PERM_ROOT set egid to 0 so log files are not created with the
+ gid of the user.
+ [5b964ea43474]
- * NEWS:
- Add 1.8.6p5
- [1cb9b7c4f626]
+ * plugins/sudoers/logging.c:
+ Add calls to set_perms(PERM_ROOT) becore logging to a file. We
+ should already be root but since we cache the current permission
+ status it is basically free. That way, if more of sudoers runs as
+ non-root in the future logging will still work correctly.
+ [c591d4973f41]
+
+ * common/sudo_conf.c, config.h.in, configure, configure.in,
+ include/gettext.h, plugins/sudoers/locale.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
+ #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
+ [41f6bb4926f4]
-2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
+ doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
+ doc/sudo_plugin.mdoc.in:
+ Mention that sudo.conf is parsed in the C locale.
+ [f711c416e30c]
- * plugins/sudoers/visudo.c:
- Fix potential stack overflow due to infinite recursion in alias
- cycle detection. From Daniel Kopecek.
- [77f2228877bc]
+ * common/sudo_conf.c:
+ Parse sudo.conf in the "C" locale.
+ [776658f651ea]
-2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.h:
+ Fix compilation on systems w/o setlocale()
+ [6940d1c1c1ce]
- * compat/getgrouplist.c, config.h.in, configure, configure.in:
- Use _getgroupsbymember() on Solaris to get the groups list. Fixes
- performance problems with the getgroupslist() compat on Solaris
- systems with network-based group databases.
- [6ab76bea5ea4]
+ * doc/TROUBLESHOOTING:
+ Sudo now includes a workaround for the Solaris 11 locale issue.
+ [ab93787a552c]
-2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
+2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
- * src/sudo.c:
- Add missing call to save_signals().
- [708b8db3b30e]
+ * include/gettext.h, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/locale.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
+ src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
+ Always include locale.h from gettext.h so we no longer need to
+ include locale.h from the .c files.
+ [93d39182ccfa]
+
+ * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
+ plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
+ src/solaris.c, src/sudo.c, src/sudo.h:
+ Add os-specific initialization functions for solaris (workaround
+ setuid locale problem in Solaris 11) and openbsd (set malloc_options
+ if SUDO_DEVEL). Also move set_project() to solaris.c.
+ [1d6581afbaf4]
+
+2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
+ Avoid strerror() when possible and just rely on warning/error to
+ handle errno in the proper locale.
+ [bf612caae97c]
-2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/logging.c:
+ Set sudoers locale in log_allowed()
+ [2dd0ac704cae]
- * configure, configure.in:
- Use -fstack-protector-all in preference to -fstack-protector where
- supported.
- [52ac4eadf5c9]
+ * plugins/sudoers/check.c:
+ Make the sudo lecture translatable.
+ [3cdfc183d72d]
-2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Makefile.in:
+ Add the values of badpass_message, passprompt and mailsub to
+ sudoers.pot so they can be translated.
+ [51cbe8adcb94]
- * configure, configure.in:
- Only test for -fstack-protector and -fvisibility=hidden on GNU
- compatible compilers.
- [5f31c5b4edc9]
+ * plugins/sudoers/logging.c:
+ Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
+ up by xgettext.
+ [c5b74115caf0]
-2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
+2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
- * NEWS:
- Add Sudo 1.8.6p4
- [88358d481baa]
+ * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
+ plugins/sudoers/sudoers.h:
+ Make expand_prompt() args const and free the prompt when we are done
+ with it.
+ [995ef8519fe6]
- * configure, configure.in:
- Sudo 1.8.6p4
- [e8032237c4b1]
+ * plugins/sudoers/policy.c:
+ Fix cut and pasto
+ [e002921c1d15]
- * common/Makefile.in, compat/Makefile.in, configure, configure.in,
- plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
- plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
- src/Makefile.in:
- Break out stack smashing protector options into SSP_CFLAGS and
- SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
- [9c3662776afa]
+ * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
+ Expand def_mailsub in the sudoers locale, not the user's.
+ [a4775f2fb385]
-2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
+ plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
+ plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
+ plugins/sudoers/env.c, plugins/sudoers/iolog.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.c,
+ plugins/sudoers/logging.h, plugins/sudoers/parse.c,
+ plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/timestamp.c:
+ Call gettext inside log_error et al instead of having the caller do
+ it. This way we can display any messages to the user in their own
+ locale but log in the sudoers local.
+ [286e0444f785]
+
+ * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
+ plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
+ plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.l,
+ plugins/sudoers/visudo.c, src/error.c, src/exec.c,
+ src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
+ src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
+ src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
+ Display warning/error messages in the user's locale.
+ [00a04165c0cf]
+
+ * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
+ plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
+ audit_failure() now calls gettext itself using the sudoers locale.
+ [d77f1d78799a]
- * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
- In rbrepair(), make sure we never try to change the color of the
- sentinel node, which is the first entry, not the root. From Michael
- King
- [24ebb817e1ee]
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.c:
+ Convert setlocale() to sudoers_setlocale() in the sudoers module.
+ This only converts existing uses, there are more places where we
+ need to sprinkle sudoers_setlocale() calls.
+ [8ee0cbf0d0a9]
-2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
+ plugins/sudoers/locale.c, plugins/sudoers/logging.h,
+ plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
+ Add simple locale switching to make it easy to switch from the
+ user's locale to the sudoers locale without making excessive
+ setlocale() calls when we don't need to.
+ [5c61582fdeee]
- * configure, configure.in:
- Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
- [ce07ef64d410]
+ * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
+ plugins/sudoers/plugin_error.c, src/error.c:
+ Add variants of warn/error and sudo_debug_printf that take a va_list
+ instead of a variable number of args.
+ [00392bdc063c]
-2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
+ * INSTALL, doc/TROUBLESHOOTING:
+ Document Solaris 11 locale issues and workarounds.
+ [05f7d34af3ae]
- * plugins/sudoers/visudo.c:
- Avoid NULL deref for unknown Defaults in strict mode.
- [4c2d9717d91e]
+ * Makefile.in, configure, configure.in:
+ Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
+ locales. Make links from localdir/lang -> localdir/lang.UTF-8
+ [5ca9326480e2]
2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
Do not inform the user that the command was not permitted by the
policy if they do not successfully authenticate. This is a
regression introduced in sudo 1.8.6.
- [e5c1e760954e]
+ [c1279df08bfb]
+
+ * plugins/sudoers/Makefile.in:
+ Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
+ the rpath in HP-UX SOM shared libraries for the LDAP libs.
+ [b07185657b42]
* src/parse_args.c:
The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
- [4e112e7da105]
+ [22c73cbe3ff9]
+
+2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * INSTALL, configure, configure.in:
+ Allow the user to specify and alternate libtool
+ [c9d6fc9521fd]
2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
* doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
Allow sudo to be build with sss support without also including ldap
support. From Stephane Graber.
- [7e0bd9191589]
+ [b992a80ebea1]
+
+2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
+ plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
+ plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c:
+ Refactor policy plugin interface code from sudoers.c into policy.c
+ [393e62910b8a]
+
+ * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
+ Refactor command_info setting into its own function.
+ [a952b948324c]
+
+ * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
+ plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
+ plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
+ Make interfaces pointer private to interfaces.c and add
+ get_interfaces() accessor.
+ [b69b9334ed3c]
+
+2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
+ plugins/sudoers/sudoers.h:
+ Make user_cwd const since it is either a string literal or passed in
+ from the front-end.
+ [90751b81e8bc]
+
+ * configure, configure.in:
+ sudo 1.8.7
+ [bf727adb8af0]
+
+ * plugins/sudoers/sudoers.c:
+ Avoid nested strtok() calls.
+ [9d9f22ab52a9]
+
+2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
+ Move expand_prompt() into its own source file for easier unit
+ testing.
+ [b419b48a436f]
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
+ plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
+ Make check.c independent of the underlying timestamp implementation.
+ [895071bd6065]
+
+ * plugins/sudoers/iolog_path.c:
+ Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
+ [8ac38f02dd6d]
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Use a list for the possible values of Tag_Spec with a minimal indent
+ to improve readability. In the pod version, these were =head3. Also
+ use .St -p1003.1 instead of just POSIX when talking about glob() and
+ fnmatch().
+ [361a6f7a5c44]
+
+2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/ttyname.c:
+ sudo_ttyname_dev() is unused if there is no /proc or sysctl().
+ [6598dbf81e16]
+
+ * compat/mksiglist.c, compat/mksigname.c,
+ compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
+ plugins/sample_group/plugin_test.c,
+ plugins/sudoers/regress/check_symbols/check_symbols.c,
+ plugins/sudoers/regress/iolog_path/check_iolog_path.c,
+ plugins/sudoers/regress/logging/check_wrap.c,
+ plugins/sudoers/regress/parser/check_addr.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
+ Explicitly mark main() as public in executables to avoid an HP-UX ld
+ warning.
+ [72a40ce218be]
+
+ * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
+ Remove grep from SEE ALSO section.
+ [c7cafee1621f]
+
+ * common/alloc.c:
+ If vasprintf() fails, just use the errno it sets instead of assuming
+ ENOMEM.
+ [1be5bfdc0cab]
+
+2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/TROUBLESHOOTING:
+ Mention HP-UX pam.conf settings.
+ [8b8e745b49fd]
+
+2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
+ plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
+ plugins/sudoers/timestamp.h:
+ Split off timestamp functions into their own source file.
+ [d5833332511d]
+
+2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Mention how !foo is not the same as ALL,!foo
+ [51f8e470757d]
+
+2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * src/exec_pty.c:
+ Start commands in the background when I/O logging is enabled. We
+ can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
+ which returns EINTR on signal instead of restarting automatically.
+ [83b1d59146f7]
+
+ * src/exec_pty.c:
+ Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
+ string in deliver_signal().
+ [2cefea7a976e]
2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
Fix running commands that need the terminal in the background when
I/O logging is enabled. E.g. "sudo vi &". When the command is
foregrounded, it will now resume properly.
- [c30ec73a5da8]
+ [0bc13a253429]
-2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
+ * plugins/sudoers/match.c:
+ Add rudimentary support for name-based matching as a compile-time
+ option. This unsafe when used in conjunction with the '!' operator.
+ [f93bc8e6db15]
- * plugins/sudoers/Makefile.in:
- Fold preinstall into install-plugin and pass the path to the plugin
- binary to the preinstall command.
- [994f8f58495e]
+2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
-2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
+ * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
+ plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
+ Split out implementation-specific back end code out of pwutil.c into
+ pwutil_impl.c. This will allow the main pwutil code to be used for
+ lookup methods other than getpw* and getgr*.
+ [999c2dde60e4]
- * plugins/sudoers/Makefile.in:
- Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
- the rpath in HP-UX SOM shared libraries for the LDAP libs.
- [685796ea58fe]
+2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS, configure, configure.in:
sudo 1.8.6p3
at some point. Bug #573
[6652f834b8f5]
+ * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
+ Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
+ really needed due to the #defines that yacc makes but it is less
+ confusing this way as the lexer calls sudoerserror().
+ [a0577be6527d]
+
+ * common/alloc.c, plugins/sample_group/plugin_test.c,
+ plugins/sudoers/env.c, plugins/sudoers/toke.c,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ src/exec_common.c, src/parse_args.c, src/sudo.c:
+ No need to translate "unable to allocate memory" when we can just
+ use the system translation via strerror().
+ [377499e5827c]
+
* plugins/sudoers/sudoreplay.c:
Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
all file systems support d_type. Bug #572
after resume.
[242628694e42]
+ * plugins/sudoers/env.c:
+ Replace the guts of sudo_setenv_nodebug() with our old setenv.c
+ which supports non-standard BSD and glibc semantics. sudo_setenv()
+ now simply calls sudo_setenv2().
+ [57ffb6c9efaa]
+
+2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
+ doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
+ Document non-Unix group support in LDAP sudoers.
+ [33c89f3aeee6]
+
+ * plugins/sudoers/ldap.c:
+ Enable non-Unix group support for LDAP sudoers. We now check for
+ non-Unix groups and netgroups with the same query in the second
+ pass. Bug #571
+ [eb98fdff54d9]
+
+2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
+
+ * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
+ plugins/sudoers/gram.h, plugins/sudoers/parse.c,
+ plugins/sudoers/regress/parser/check_fill.c,
+ plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
+ plugins/sudoers/toke.c, plugins/sudoers/toke.h,
+ plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
+ plugins/sudoers/visudo.c:
+ Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
+ [cb6c0d93215e]
+
2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
* NEWS:
before configuring and building sudo. You may also wish to read the
file INSTALL.configure which explains more about the `configure' script.
+System requirements
+===================
+
+To build sudo from the source distribution you need a POSIX-compliant
+operating system (any modern version of BSD, Linux or Unix should work),
+an ANSI/ISO C compiler that supports the "long long" type, variadic
+macros (a C99 feature) as well as the ar, make and ranlib utilities.
+
+If you wish to modify the parser then you will need flex version
+2.5.2 or later and either bison or byacc (sudo comes with a
+pre-generated parser). You'll also have to run configure with the
+--with-devel option or pass DEVEL=1 to make. You can get flex from
+http://flex.sourceforge.net/. You can get GNU bison from
+ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU mirror.
+
Simple sudo installation
========================
"gotchas" relating to your operating system.
2) `cd' to the source or build directory and type `./configure'
- to generate a Makefile and config.h file suitable for
- building sudo. Before you actually run configure you
- should read the `Available configure options' section
- to see if there are any special options you may want
- or need.
-
- 3) Edit the configure-generated Makefile if you wish to
- change any of the default paths (alternatively, you could
- have changed the paths via options to `configure'.
+ to generate a Makefile and config.h file suitable for building
+ sudo. Before you actually run configure you should read the
+ `Available configure options' section to see if there are
+ any special options you may want or need.
- 5) Type `make' to compile sudo. If you are building sudo
+ 4) Type `make' to compile sudo. If you are building sudo
in a separate build tree (apart from the sudo source) GNU
make will probably be required. If `configure' did its job
properly (and you have a supported configuration) there won't
be any problems. If this doesn't work, take a look at the
- TROUBLESHOOTING file for tips on what might have gone wrong.
- Please mail us if you have a fix or if you are unable to
- come up with a fix (address at EOF).
+ doc/TROUBLESHOOTING file for tips on what might have gone
+ wrong. Please mail us if you have a fix or if you are unable
+ to come up with a fix (address at EOF).
- 6) Type `make install' (as root) to install sudo, visudo, the
+ 5) Type `make install' (as root) to install sudo, visudo, the
man pages, and a skeleton sudoers file. Note that the install
will not overwrite an existing sudoers file. You can also
install various pieces the package via the install-binaries,
install-doc, and install-sudoers make targets.
- 7) Edit the sudoers file with `visudo' as necessary for your
+ 6) Edit the sudoers file with `visudo' as necessary for your
site. You will probably want to refer the sample.sudoers
file and sudoers man page included with the sudo package.
- 8) If you want to use syslogd(8) to do the logging, you'll need
+ 7) If you want to use syslogd(8) to do the logging, you'll need
to update your /etc/syslog.conf file. See the sample.syslog.conf
file included in the distribution for an example.
--quiet, --silent, -q
Do not print `checking...' messages
+ --srcdir=DIR
+ Find the sources in DIR [configure dir or `..']
+
Directory and file names:
--prefix=PREFIX
- Install architecture-independent files in PREFIX This really only
- applies to man pages. [/usr/local]
+ Install architecture-independent files in PREFIX. [/usr/local]
--exec-prefix=EPREFIX
- Install architecture-dependent files in EPREFIX This includes the
- sudo and visudo executables. [same as prefix]
+ Install architecture-dependent files in EPREFIX.
+ This includes the executables and plugins. [same as PREFIX]
--bindir=DIR
- Install `sudo' in DIR [EPREFIX/bin]
+ Install `sudo', `sudoedit' and `sudoreplay' in DIR. [EPREFIX/bin]
--sbindir=DIR
- Install `visudo' in DIR [EPREFIX/sbin]
+ Install `visudo' in DIR. [EPREFIX/sbin]
+
+ --libexecdir=DIR
+ Install plugins and helper programs in DIR/sudo [PREFIX/libexec/sudo]
--sysconfdir=DIR
- Install `sudoers' file in DIR [/etc]
+ Look for `sudo.conf' and `sudoers' files in DIR. [/etc]
+
+ --includedir=DIR
+ Install sudo_plugin.h include file in DIR [PREFIX/include]
+
+ --datarootdir=DIR
+ Root directory for platform-independent data files [PREFIX/share]
+
+ --localedir=DIR
+ Install sudo and sudoers locale files in DIR [DATAROOTDIR/locale]
--mandir=DIR
Install man pages in DIR [PREFIX/man]
- --srcdir=DIR
- Find the sources in DIR [configure dir or ..]
+ --docdir=DIR
+ Install other sudo documentation in DIR [DATAROOTDIR/doc/sudo]
+
+ --with-plugindir=PATH
+ Set the directory that sudo looks in to find the policy and I/O
+ logging plugins. Defaults to the LIBEXEC/sudo.
+
+ --with-timedir=PATH
+ Use PATH to store the sudo time stamp files. By default,
+ the first existing directory in the following list is used:
+ /var/db, /var/lib, /var/adm, /usr/adm.
+
+Compilation options:
+ --disable-hardening
+ Disable the use of compiler/linker exploit mitigation options
+ which are enabled by default. This includes compiling with
+ _FORTIFY_SOURCE defined to 2, building with -fstack-protector
+ and linking with -zrelro, where supported.
+
+ --enable-pie
+ Build sudo and related programs as as a position independent
+ executables (PIE). This improves the effectiveness of address
+ space layout randomization (ASLR) on systems that support it.
+ Sudo will create PIE binaries by default on Linux systems.
+
+ --disable-pie
+ Disable the creation of position independent executables (PIE),
+ even if the compiler creates PIE binaries by default. This
+ option may be needed on some Linux systems where PIE binaries
+ are not fully supported.
+
+ --disable-rpath
+ By default, configure will use -Rpath in addition to -Lpath
+ when passing library paths to the loader. This option will
+ disable the use of -Rpath.
+
+ --disable-shared
+ Disable dynamic shared object support. By default, sudo
+ is built with a plugin API capable of loading arbitrary
+ policy and I/O logging plugins. If the --disable-shared
+ option is specified, this support is disabled and the default
+ sudoers policy and I/O plugins are embedded in the sudo
+ binary itself. This will also disable the noexec option
+ as it too relies on dynamic shared object support.
+
+ --enable-zlib[=location]
+ Enable the use of the zlib compress library when storing
+ I/O log files. If specified, location is the base directory
+ containing the zlib include and lib directories. The special
+ values "system" and "builtin" can be used to indicate that
+ the system version of zlib should be used or that the version
+ of zlib shipped with sudo should be used instead.
+ If this option is not specified, configure will use the
+ system zlib if it is present.
-Special features/options:
--with-incpath=DIR
Adds the specified directory (or directories) to CPPFLAGS
so configure and the compiler will look there for include
files. Multiple directories may be specified as long as
they are space separated.
- Eg: --with-incpath="/usr/local/include /opt/include"
+ E.g. --with-incpath="/usr/local/include /opt/include"
--with-libpath=DIR
Adds the specified directory (or directories) to LDFLAGS
so configure and the compiler will look there for libraries.
Multiple directories may be specified as with --with-incpath.
- --with-rpath
- Tells configure to use -Rpath in addition to -Lpath when
- passing library paths to the loader. This option is on
- by default for Solaris and SVR4.
-
- --with-blibpath[=PATH]
- Tells configure to construct a -blibpath argument to the
- loader. If a PATH is specified, it will be used as the
- base. Otherwise, "/usr/lib:/lib:/usr/local/lib" will be
- used for gcc and "/usr/lib:/lib" for non-gcc. Additional
- library paths will be appended as needed by configure.
- This option is only valid for AIX where it is on by default.
-
--with-libraries=LIBRARY
- Adds the specified library (or libaries) to SUDO_LIBS and
+ Adds the specified library (or libraries) to SUDO_LIBS and
and VISUDO_LIBS so sudo will link against them. If the
library doesn't start with `-l' or end in `.a' or `.o' a
- `-l' will be prepended to it. Multiple libraries may be
+ `-l' will be pre-pended to it. Multiple libraries may be
specified as long as they are space separated.
- --with-plugindir=PATH
- Set the directory that sudo looks in to find the policy and I/O
- logging plugins. Defaults to the libexec dir used by configure.
-
- --with-efence
- Link with the "electric fence" debugging malloc.
-
- --with-bsm-audit
- Enable support for sudo BSM audit logs on systems that support
- it. Currently only supported under FreeBSD and Mac OS X.
-
- --with-csops
- Add CSOps standard options. You probably aren't interested in this.
-
- --with-devel
- Configure development options. This will enable compiler warnings
- and set the Makefile to be able to regenerate the sudoers parser
- as well as the manual pages.
-
- --with-linux-audit
- Enable audit support for Linux systems. Audits attempts
- to run a command as well as SELinux role changes.
-
- --with-skey[=DIR]
- Enable S/Key OTP (One Time Password) support. If specified,
- DIR should contain include and lib directories with skey.h
- and libskey.a respectively.
-
- --with-opie[=DIR]
- Enable NRL OPIE OTP (One Time Password) support. If specified,
- DIR should contain include and lib directories with opie.h
- and libopie.a respectively.
-
- --with-SecurID[=DIR]
- Enable SecurID support. If specified, DIR is directory containing
- libaceclnt.a, acexport.h, and sdacmvls.h.
+ --with-libtool=PATH
+ By default, sudo will use the included version of libtool
+ to build shared libraries. The --with-libtool option can
+ be used to specify a different version of libtool to use.
+ The special values "system" and "builtin" can be used in
+ place of a path to denote the default system libtool (obtained
+ via the user's PATH) and the default libtool that comes
+ with sudo.
- --with-fwtk[=DIR]
- Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
- DIR is the base directory containing the compiled FWTK package
- (or at least the library and header files).
+Optional features:
+ --disable-root-mailer
+ By default sudo will run the mailer as root when tattling
+ on a user so as to prevent that user from killing the mailer.
+ With this option, sudo will run the mailer as the invoking
+ user which some people consider to be safer.
- --with-kerb5[=DIR]
- Enable Kerberos V support. If specified, DIR is the base
- directory containing the Kerberos V include and lib dirs.
- This This uses Kerberos passphrases for authentication but
- does not use the Kerberos cookie scheme. Will not work for
- Kerberos V older than version 1.1.
+ --enable-nls[=location]
+ Enable natural language support using the gettext() family
+ of functions. If specified, location is the base directory
+ containing the libintl include and lib directories. If
+ this option is not specified, configure will look for the
+ gettext() family of functions in the standard C library
+ first, then check for a standalone libintl (linking with
+ libiconv as needed).
- --enable-kerb5-instance=string
- By default, the user name is used as the principal name
- when authenticating via Kerberos V. If this option is
- enabled, the specified instance string will be appended to
- the user name (separated by a slash) when creating the
- principal name.
+ --disable-nls
+ Disable natural language support. By default, sudo will
+ use the gettext() family of functions, if available, to
+ implement messages in the invoking user's native language.
+ Note that translations do not exist for all languages.
--with-ldap[=DIR]
Enable LDAP support. If specified, DIR is the base directory
this file instead of /etc/ldap.secret to read the secret password
when rootbinddn is specified in the ldap config file.
+ --with-logincap
+ This adds support for login classes specified in /etc/login.conf.
+ It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
+ NetBSD (where available). By default, a login class is not applied
+ unless the 'use_loginclass' option is defined in sudoers or the user
+ specifies a class on the command line.
+
+ --with-interfaces=no, --without-interfaces
+ This option keeps sudo from trying to glean the ip address
+ from each attached Ethernet interface. It is only useful
+ on a machine where sudo's interface reading support does
+ not work, which may be the case on some SysV-based OS's
+ using STREAMS.
+
+ --with-noexec[=PATH]
+ Enable support for the "noexec" functionality which prevents
+ a dynamically-linked program being run by sudo from executing
+ another program (think shell escapes). Please see the
+ "PREVENTING SHELL ESCAPES" section in the sudoers man page
+ for details. If specified, PATH should be a fully qualified
+ path name, e.g. /usr/local/libexec/sudo_noexec.so. If PATH
+ is "no", noexec support will not be compiled in. The default
+ is to compile noexec support if libtool supports building
+ shared objects on your OS.
+
+ --with-selinux
+ Enable support for role based access control (RBAC) on
+ systems that support SELinux.
+
--with-sssd
Enable support for using the System Security Services Daemon
- (SSSD) as a sudoers data source. For more informaton on
+ (SSSD) as a sudoers data source. For more information on
SSD, see http://fedorahosted.org/sssd/
--with-sssd-lib=PATH
Specify the path to the SSSD shared library, which is loaded
at run-time.
- --with-nsswitch[=PATH]
- Path to nsswitch.conf or "no" to disable nsswitch support.
- If specified, sudo uses this file instead of /etc/nsswitch.conf.
- If nsswitch is disabled but LDAP is enabled, sudo will check
- LDAP first, then the sudoers file.
+Operating system-specific options:
+ --disable-setreuid
+ Disable use of the setreuid() function for operating systems
+ where it is broken. For instance, 4.4BSD has setreuid()
+ that is not fully functional.
+
+ --disable-setresuid
+ Disable use of the setresuid() function for operating systems
+ where it is broken (none currently known).
+
+ --enable-admin-flag
+ Enable the creation of an Ubuntu-style admin flag file
+ the first time sudo is run.
+
+ --with-bsm-audit
+ Enable support for sudo BSM audit logs on systems that support it.
+ This includes recent versions of FreeBSD, Mac OS X and Solaris.
+
+ --with-linux-audit
+ Enable audit support for Linux systems. Audits attempts
+ to run a command as well as SELinux role changes.
+
+ --with-man
+ Use the "man" macros for manual pages. By default, mdoc versions
+ of the manuals are installed if supported. This can be used to
+ override configure's test for "nroff -mdoc" support.
+
+ --with-mdoc
+ Use the "mdoc" macros for manual pages. By default, mdoc versions
+ of the manuals are installed if supported. This can be used to
+ override configure's test for "nroff -mdoc" support.
--with-netsvc[=PATH]
Path to netsvc.conf or "no" to disable netsvc.conf support.
If specified, sudo uses this file instead of /etc/netsvc.conf
- on AIX systems.
+ on AIX systems. If netsvc support is disabled but LDAP is
+ enabled, sudo will check LDAP first, then the sudoers file.
+
+ --with-nsswitch[=PATH]
+ Path to nsswitch.conf or "no" to disable nsswitch support.
+ If specified, sudo uses this file instead of /etc/nsswitch.conf.
+ If nsswitch support is disabled but LDAP is enabled, sudo will
+ check LDAP first, then the sudoers file.
+
+ --with-project
+ Enable support for Solaris project resource limits.
+ This option is only available on Solaris 9 and above.
+
+Authentication options:
+ --with-AFS
+ Enable AFS support with Kerberos authentication. Should work under
+ AFS 3.3. If your AFS doesn't have -laudit you should be able to
+ link without it.
--with-aixauth
Enable support for the AIX 4.x general authentication function.
on the machine. It is on by default for AIX systems that
support it.
+ --with-bsdauth
+ Enable support for BSD authentication. This is the default
+ for BSD/OS and OpenBSD systems that support it.
+ It is not possible to mix BSD authentication with other
+ authentication methods (and there really should be no need
+ to do so). Note that only the newer BSD authentication API
+ is supported. If you don't have /usr/include/bsd_auth.h
+ then you cannot use this.
+
+ --with-DCE
+ Enable DCE support for systems without PAM. Known to work on
+ HP-UX 9.X, 10.X, and 11.0; other systems may require source
+ code and/or `configure' changes. On systems with PAM support
+ (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the
+ DCE PAM module (usually libpam_dce) should be used instead.
+
+ --with-fwtk[=DIR]
+ Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
+ DIR is the base directory containing the compiled FWTK package
+ (or at least the library and header files).
+
+ --with-kerb5[=DIR]
+ Enable Kerberos V support. If specified, DIR is the base
+ directory containing the Kerberos V include and lib dirs.
+ This uses Kerberos pass phrases for authentication but
+ does not use the Kerberos cookie scheme. Will not work for
+ Kerberos V older than version 1.1.
+
+ --enable-kerb5-instance=string
+ By default, the user name is used as the principal name
+ when authenticating via Kerberos V. If this option is
+ enabled, the specified instance string will be appended to
+ the user name (separated by a slash) when creating the
+ principal name.
+
+ --with-opie[=DIR]
+ Enable NRL OPIE OTP (One Time Password) support. If specified,
+ DIR should contain include and lib directories with opie.h
+ and libopie.a respectively.
+
+ --with-otp-only
+ This option is now just an alias for --without-passwd.
+
--with-pam
Enable PAM support. This is on by default for Darwin, FreeBSD,
Linux, Solaris and HP-UX (version 11 and higher).
option from "sudo" to "sudo-i", allowing for a separate pam
configuration for sudo's initial login mode.
- --with-AFS
- Enable AFS support with Kerberos authentication. Should work under
- AFS 3.3. If your AFS doesn't have -laudit you should be able to
- link without it.
-
- --with-DCE
- Enable DCE support for systems without PAM. Known to work on
- HP-UX 9.X, 10.X, and 11.0; other systems may require source
- code and/or `configure' changes. On systems with PAM support
- (such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the
- DCE PAM module (usually libpam_dce) should be used instead.
-
- --with-logincap
- This adds support for login classes specified in /etc/login.conf.
- It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
- NetBSD (where available). By default, a login class is not applied
- unless the 'use_loginclass' option is defined in sudoers or the user
- specifies a class on the command line.
-
- --with-bsdauth
- Enable support for BSD authentication. This is the default
- for BSD/OS and OpenBSD systems that support it.
- It is not possible to mix BSD authentication with other
- authentication methods (and there really should be no need
- to do so). Note that only the newer BSD authentication API
- is supported. If you don't have /usr/include/bsd_auth.h
- then you cannot use this.
-
- --with-project
- Enable support for Solaris project resource limits.
- This option is only available on Solaris 9 and above.
-
- --with-noexec[=PATH]
- Enable support for the "noexec" functionality which prevents
- a dynamically-linked program being run by sudo from executing
- another program (think shell escapes). Please see the
- "PREVENTING SHELL ESCAPES" section in the sudoers man page
- for details. If specified, PATH should be a fully qualified
- path name, e.g. /usr/local/libexec/sudo_noexec.so. If PATH
- is "no", noexec support will not be compiled in. The default
- is to compile noexec support if libtool supports building
- shared objects on your OS.
-
--disable-pam-session
Disable sudo's PAM session support. This may be needed on
older PAM implementations or on operating systems where
PAM session support is disabled, resource limits may not
be updated for the command being run.
- --disable-root-mailer
- By default sudo will run the mailer as root when tattling
- on a user so as to prevent that user from killing the mailer.
- With this option, sudo will run the mailer as the invoking
- user which some people consider to be safer.
+ --with-passwd=no, --without-passwd
+ This option excludes authentication via the passwd (or
+ shadow) file. It should only be used when another, alternative,
+ authentication scheme is in use.
- --disable-setreuid
- Disable use of the setreuid() function for operating systems
- where it is broken. Mac OS X has setreuid() but it doesn't
- really work.
+ --with-SecurID[=DIR]
+ Enable SecurID support. If specified, DIR is directory containing
+ libaceclnt.a, acexport.h, and sdacmvls.h.
- --disable-setresuid
- Disable use of the setresuid() function for operating systems
- where it is broken (none currently known).
+ --with-skey[=DIR]
+ Enable S/Key OTP (One Time Password) support. If specified,
+ DIR should contain include and lib directories with skey.h
+ and libskey.a respectively.
--disable-sia
Disable SIA support. This is the "Security Integration
in shadow password support and use a shadow password if it
exists.
- --with-sudoers-mode=MODE
- File mode for the sudoers file (octal). Note that if you
- wish to NFS-mount the sudoers file this must be group
- readable. Also note that this is actually set in the
- Makefile. The default mode is 0440.
-
- --with-sudoers-uid=UID
- User id that "owns" the sudoers file. Note that this is
- the numeric id, *not* the symbolic name. Also note that
- this is actually set in the Makefile. The default is 0.
-
- --with-sudoers-gid=GID
- Group id that "owns" the sudoers file. Note that this is
- the numeric id, *not* the symbolic name. Also note that
- this is actually set in the Makefile. The default is 0.
-
- --without-interfaces
- This option keeps sudo from trying to glean the ip address
- from each attached ethernet interface. It is only useful
- on a machine where sudo's interface reading support does
- not work, which may be the case on some SysV-based OS's
- using STREAMS.
-
- --without-passwd
- This option excludes authentication via the passwd (or
- shadow) file. It should only be used when another, alternative,
- authentication scheme is in use.
-
- --with-otp-only
- This option is now just an alias for --without-passwd.
-
- --with-selinux
- Enable support for role based access control (RBAC) on
- systems that support SELinux.
-
- --with-man
- Use the "man" macros for manual pages. By default, mdoc
- versions of the manuals are installed. This can be used
- to override configure's test for "nroff -mdoc" support.
-
- --with-mdoc
- Use the "mdoc" macros for manual pages. By default, mdoc
- versions of the manuals are installed. This can be used
- to override configure's test for "nroff -mdoc" support.
+ --enable-gss-krb5-ccache-name
+ Use the gss_krb5_ccache_name() function to set the Kerberos
+ V credential cache file name. By default, sudo will use
+ the KRB5CCNAME environment variable to set this. While
+ gss_krb5_ccache_name() provides a better API to do this it
+ is not supported by all Kerberos V and SASL combinations.
-The following options are also configurable at runtime:
+Development options:
+ --enable-env-debug
+ Enable debugging of the environment setting functions. This
+ enables extra checks to make sure the environment does not
+ become corrupted.
- --with-long-otp-prompt
- When validating with a One Time Password scheme (S/Key or
- OPIE), a two-line prompt is used to make it easier to cut
- and paste the challenge to a local window. It's not as
- pretty as the default but some people find it more convenient.
+ --enable-warnings
+ Enable compiler warnings when building sudo with gcc.
- --with-logging=TYPE
- How you want to do your logging. You may choose "syslog",
- "file", or "both". Setting this to "syslog" is nice because
- you can keep all of your sudo logs in one place (see the
- sample.syslog.conf file). The default is "syslog".
+ --enable-werror
+ Enable the -Werror compiler option when building sudo with gcc.
- --with-logfac=FACILITY
- Determines which syslog facility to log to. This requires
- a 4.3BSD or later version of syslog. You can still set
- this for ancient syslogs but it will have no effect. The
- following facilities are supported: authpriv (if your OS
- supports it), auth, daemon, user, local0, local1, local2,
- local3, local4, local5, local6, and local7.
+ --with-devel
+ Configure development options. This will enable compiler warnings
+ and set up the Makefile to be able to regenerate the sudoers parser
+ as well as the manual pages.
- --with-goodpri=PRIORITY
- Determines which syslog priority to log successfully
- authenticated commands. The following priorities are
- supported: alert, crit, debug, emerg, err, info, notice,
- and warning.
+ --with-efence
+ Link with the "electric fence" debugging malloc.
- --with-badpri=PRIORITY
- Determines which syslog priority to log unauthenticated
- commands and errors. The following priorities are supported:
- alert, crit, debug, emerg, err, info, notice, and warning.
+Options that set runtime-changeable default values:
+ --disable-authentication
+ By default, sudo requires the user to authenticate via a
+ password or similar means. This options causes sudo to
+ *not* require authentication. It is possible to turn
+ authentication back on in sudoers via the PASSWD attribute.
+ Sudoers option: !authenticate
- --with-logpath=PATH
- Override the default location of the sudo log file and use
- "path" instead. By default will use /var/log/sudo.log if
- there is a /var/log dir, falling back to /var/adm/sudo.log
- or /usr/adm/sudo.log if not.
+ --disable-env-reset
+ Disable environment resetting. This sets the default value
+ of the "env_reset" Defaults option in sudoers to false.
+ Sudoers option: !env_reset
- --with-loglen=NUMBER
- Number of characters per line for the file log. This is only used if
- you are to "file" or "both". This value is used to decide when to wrap
- lines for nicer log files. The default is 80. Setting this to 0
- will disable the wrapping.
+ --disable-path-info
+ Normally, sudo will tell the user when a command could not be found
+ in their $PATH. Some sites may wish to disable this as it could
+ be used to gather information on the location of executables that
+ the normal user does not have access to. The disadvantage is that
+ if the executable is simply not in the user's path, sudo will tell
+ the user that they are not allowed to run it, which can be confusing.
+ Sudoers option: path_info
- --with-ignore-dot
- If set, sudo will ignore '.' or '' (current dir) in $PATH.
- The $PATH itself is not modified.
+ --disable-root-sudo
+ Don't let root run sudo. This can be used to prevent people from
+ "chaining" sudo commands to get a root shell by doing something
+ like "sudo sudo /bin/sh".
+ Sudoers option: !root_sudo
- --with-mailto=USER|MAIL_ALIAS
- User (or mail alias) that mail from sudo is sent to.
- This should go to a sysadmin at your site. The default is "root".
+ --disable-zlib
+ Disable the use of the zlib compress library when storing
+ I/O log files.
+ Sudoers option: !compress_io
- --with-mailsubject="SUBJECT OF MAIL"
- Subject of the mail sent to the "mailto" user. The token "%h"
- will expand to the hostname of the machine.
- Default is "*** SECURITY information for %h ***".
+ --enable-log-host
+ Log the hostname in the log file.
+ Sudoers option: log_host
- --without-mail-if-no-user
- Normally, sudo will mail to the "alertmail" user if the user invoking
- sudo is not in the sudoers file. This option disables that behavior.
+ --enable-noargs-shell
+ If sudo is invoked with no arguments it acts as if the "-s" flag had
+ been given. That is, it runs a shell as root (the shell is determined
+ by the SHELL environment variable, falling back on the shell listed
+ in the invoking user's /etc/passwd entry).
+ Sudoers option: shell_noargs
- --with-mail-if-no-host
- Send mail to the "alermail" user if the user exists in the sudoers
- file, but is not allowed to run commands on the current host.
+ --enable-shell-sets-home
+ If sudo is invoked with the "-s" flag the HOME environment variable
+ will be set to the home directory of the target user (which is root
+ unless the "-u" option is used). This option effectively makes the
+ "-s" flag imply "-H".
+ Sudoers option: set_home
- --with-mail-if-noperms
- Send mail to the "alermail" user if the user is allowed to use sudo but
- the command they are trying is not listed in their sudoers file entry.
+ --with-all-insults
+ Include all the insult sets listed below. You must either specify
+ --with-insults or enable insults in the sudoers file for this to
+ have any effect.
- --with-passprompt="PASSWORD PROMPT"
- Default prompt to use when asking for a password; can be overridden
- via the -p option and the SUDO_PROMPT environment variable. Supports
- the "%H", "%h", "%U" and "%u" escapes as documented in the sudo
- manual page. The default value is "Password:".
+ --with-askpass=PATH
+ Set PATH as the "askpass" program to use when no tty is
+ available. Typically, this is a graphical password prompter,
+ similar to the one used by ssh. The program must take a
+ prompt as an argument and print the received password to
+ the standard output. This value may overridden at run-time
+ in the sudo.conf file.
--with-badpass-message="BAD PASSWORD MESSAGE"
Message that is displayed if a user enters an incorrect password.
The default is "Sorry, try again." unless insults are turned on.
+ Sudoers option: badpass_message
- --with-fqdn
- Define this if you want to put fully qualified hostnames in the sudoers
- file. Ie: instead of myhost you would use myhost.mydomain.edu. You may
- still use the short form if you wish (and even mix the two). Beware
- that turning FQDN on requires sudo to make DNS lookups which may make
- sudo unusable if your DNS is totally hosed. Also note that you must
- use the host's official name as DNS knows it. That is, you may not use
- a host alias (CNAME entry) due to performance issues and the fact that
- there is no way to get all aliases from DNS.
-
- --with-timedir=PATH
- Override the default location of the sudo timestamp directory and
- use "path" instead.
-
- --with-sendmail=PATH
- Override configure's guess as to the location of sendmail.
-
- --without-sendmail
- Do not use sendmail to mail messages to the "mailto" user.
- Use only if don't run sendmail or the equivalent.
-
- --with-umask=MASK
- Umask to use when running the root command. The default is 0022.
-
- --without-umask
- Preserves the umask of the user invoking sudo.
-
- --with-umask-override
- Use the umask specified in sudoers even if it is less restrictive
- than the user's. The default is to use the intersection of the
- user's umask and the umask specified in sudoers.
-
- --with-runas-default=USER
- The default user to run commands as if the -u flag is not specified
- on the command line. This defaults to "root".
-
- --with-exempt=GROUP
- Users in the specified group don't need to enter a password when
- running sudo. This may be useful for sites that don't want their
- "core" sysadmins to have to enter a password but where Jr. sysadmins
- need to. You should probably use NOPASSWD in sudoers instead.
-
- --with-passwd-tries=NUMBER
- Number of tries a user gets to enter his/her password before sudo logs
- the failure and exits. The default is 3.
-
- --with-timeout=NUMBER
- Number of minutes that can elapse before sudo will ask for a passwd
- again. The default is 5, set this to 0 to always prompt for a password.
-
- --with-password-timeout=NUMBER
- Number of minutes before the sudo password prompt times out.
- The default is 5, set this to 0 for no password timeout.
-
- --without-tty-tickets
- By default, sudo uses a different ticket file for each user/tty combo.
- With this option disabled, a single ticket will be used for all
- of a user's login sessions.
-
- --with-insults
- Define this if you want to be insulted for typing an incorrect password
- just like the original sudo(8). This is off by default.
-
- --with-insults=disabled
- Include support for insults but disable them unless explicitly
- enabled in sudoers.
-
- --with-all-insults
- Include all the insult sets listed below. You must either specify
- --with-insults or enable insults in the sudoers file for this to
- have any effect.
+ --with-badpri=PRIORITY
+ Determines which syslog priority to log unauthenticated
+ commands and errors. The following priorities are supported:
+ alert, crit, debug, emerg, err, info, notice, and warning.
+ Sudoers option: syslog_badpri
--with-classic-insults
Uses insults from sudo "classic." If you just specify --with-insults
--with-insults as well for this to have any effect. This is on by
default if --with-insults is given.
- --with-hal-insults
- Uses 2001-like insults when an incorrect password is entered.
- You must either specify --with-insults or enable insults in the
- sudoers file for this to have any effect.
-
- --with-goons-insults
- Insults the user with lines from the "Goon Show" when an incorrect
- password is entered. You must either specify --with-insults or
- enable insults in the sudoers file for this to have any effect.
-
- --with-pc-insults
- Replace politically incorrect insults with less objectionable ones.
-
- --with-secure-path[=PATH]
- Path used for every command run from sudo(8). If you don't trust the
- people running sudo to have a sane PATH environment variable you may
- want to use this. Another use is if you want to have the "root path"
- be separate from the "user path." You will need to customize the path
- for your site. NOTE: this is not applied to users in the group
- specified by --with-exemptgroup. If you do not specify a path,
- "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.
-
- --without-lecture
- Don't print the lecture the first time a user runs sudo.
-
--with-editor=PATH
Specify the default editor path for use by visudo. This may be a
single path name or a colon-separated list of editors. In the latter
case, visudo will choose the editor that matches the user's VISUAL
or EDITOR environment variables or the first editor in the list that
exists. The default is the path to vi on your system.
+ Sudoers option: editor
--with-env-editor
Makes visudo consult the VISUAL and EDITOR environment variables before
is to use a colon-separated list of editors with the --with-editor
option. visudo will then only use the VISUAL or EDITOR variables
if they match a value specified via --with-editor.
+ Sudoers option: env_editor
- --with-askpass=PATH
- Set PATH as the "askpass" program to use when no tty is
- available. Typically, this is a graphical password prompter,
- similar to the one used by ssh. The program must take a
- prompt as an argument and print the received password to
- the standard output.
+ --with-exempt=GROUP
+ Users in the specified group don't need to enter a password when
+ running sudo. This may be useful for sites that don't want their
+ "core" sysadmins to have to enter a password but where Jr. sysadmins
+ need to. You should probably use NOPASSWD in sudoers instead.
+ Sudoers option: exempt_group
+
+ --with-fqdn
+ Define this if you want to put fully qualified host names in the sudoers
+ file. Ie: instead of myhost you would use myhost.mydomain.edu. You may
+ still use the short form if you wish (and even mix the two). Beware
+ that turning FQDN on requires sudo to make DNS lookups which may make
+ sudo unusable if your DNS is totally hosed. Also note that you must
+ use the host's official name as DNS knows it. That is, you may not use
+ a host alias (CNAME entry) due to performance issues and the fact that
+ there is no way to get all aliases from DNS.
+ Sudoers option: fqdn
+
+ --with-goodpri=PRIORITY
+ Determines which syslog priority to log successfully
+ authenticated commands. The following priorities are
+ supported: alert, crit, debug, emerg, err, info, notice,
+ and warning.
+ Sudoers option: syslog_goodpri
+
+ --with-goons-insults
+ Insults the user with lines from the "Goon Show" when an incorrect
+ password is entered. You must either specify --with-insults or
+ enable insults in the sudoers file for this to have any effect.
+
+ --with-hal-insults
+ Uses 2001-like insults when an incorrect password is entered.
+ You must either specify --with-insults or enable insults in the
+ sudoers file for this to have any effect.
+
+ --with-ignore-dot
+ If set, sudo will ignore '.' or '' (current dir) in $PATH.
+ The $PATH itself is not modified.
+ Sudoers option: ignore_dot
+
+ --with-insults
+ Define this if you want to be insulted for typing an incorrect password
+ just like the original sudo(8). This is off by default.
+ Sudoers option: insults
+
+ --with-insults=disabled
+ Include support for insults but disable them unless explicitly
+ enabled in sudoers.
+ Sudoers option: !insults
--with-iologdir[=DIR]
By default, sudo stores I/O log files in either /var/log/sudo-io,
/var/adm/sudo-io, or /usr/log/sudo-io. If this option is
specified, I/O logs will be stored in the indicated directory
instead.
+ Sudoers option: iolog_dir
- --disable-authentication
- By default, sudo requires the user to authenticate via a
- password or similar means. This options causes sudo to
- *not* require authentication. It is possible to turn
- authentication back on in sudoers via the PASSWD attribute.
+ --with-lecture=no, --without-lecture
+ Don't print the lecture the first time a user runs sudo.
+ Sudoers option: !lecture
- --disable-root-sudo
- Don't let root run sudo. This can be used to prevent people from
- "chaining" sudo commands to get a root shell by doing something
- like "sudo sudo /bin/sh".
+ --with-logfac=FACILITY
+ Determines which syslog facility to log to. This requires
+ a 4.3BSD or later version of syslog. You can still set
+ this for ancient syslogs but it will have no effect. The
+ following facilities are supported: authpriv (if your OS
+ supports it), auth, daemon, user, local0, local1, local2,
+ local3, local4, local5, local6, and local7.
+ Sudoers option: syslog
- --enable-gss-krb5-ccache-name
- Use the gss_krb5_ccache_name() function to set the Kerberos
- V credential cache file name. By default, sudo will use
- the KRB5CCNAME environment variable to set this. While
- gss_krb5_ccache_name() provides a better API to do this it
- is not supported by all Kerberos V and SASL combinations.
+ --with-logging=TYPE
+ How you want to do your logging. You may choose "syslog",
+ "file", or "both". Setting this to "syslog" is nice because
+ you can keep all of your sudo logs in one place (see the
+ sample.syslog.conf file). The default is "syslog".
+ Sudoers options: syslog and logfile
- --enable-log-host
- Log the hostname in the log file.
+ --with-loglen=NUMBER
+ Number of characters per line for the file log. This is only used if
+ you are to "file" or "both". This value is used to decide when to wrap
+ lines for nicer log files. The default is 80. Setting this to 0
+ will disable the wrapping.
+ Sudoers options: loglinelen
- --enable-noargs-shell
- If sudo is invoked with no arguments it acts as if the "-s" flag had
- been given. That is, it runs a shell as root (the shell is determined
- by the SHELL environment variable, falling back on the shell listed
- in the invoking user's /etc/passwd entry).
+ --with-logpath=PATH
+ Override the default location of the sudo log file and use
+ "path" instead. By default will use /var/log/sudo.log if
+ there is a /var/log dir, falling back to /var/adm/sudo.log
+ or /usr/adm/sudo.log if not.
+ Sudoers option: logfile
- --enable-shell-sets-home
- If sudo is invoked with the "-s" flag the HOME environment variable
- will be set to the home directory of the target user (which is root
- unless the "-u" option is used). This option effectively makes the
- "-s" flag imply "-H".
+ --with-long-otp-prompt
+ When validating with a One Time Password scheme (S/Key or
+ OPIE), a two-line prompt is used to make it easier to cut
+ and paste the challenge to a local window. It's not as
+ pretty as the default but some people find it more convenient.
+ Sudoers option: long_otp_prompt
- --disable-path-info
- Normally, sudo will tell the user when a command could not be found
- in their $PATH. Some sites may wish to disable this as it could
- be used to gather information on the location of executables that
- the normal user does not have access to. The disadvantage is that
- if the executable is simply not in the user's path, sudo will tell
- the user that they are not allowed to run it, which can be confusing.
+ --with-mail-if-no-user=no, --without-mail-if-no-user
+ Normally, sudo will mail to the "alertmail" user if the user invoking
+ sudo is not in the sudoers file. This option disables that behavior.
+ Sudoers option: mail_no_user
- --enable-zlib[=location]
- Enable the use of the zlib compress library when storing
- I/O log files. If specified, location is the base directory
- containing the zlib include and lib directories. The special
- values "system" and "builtin" can be used to indicate that
- the system version of zlib should be used or that the version
- of zlib shipped with sudo should be used instead.
- If this option is not specified, configure will use the
- system zlib if it is present.
+ --with-mail-if-no-host
+ Send mail to the "alermail" user if the user exists in the sudoers
+ file, but is not allowed to run commands on the current host.
+ Sudoers option: mail_no_host
- --disable-zlib
- Disable the use of the zlib compress library when storing
- I/O log files.
+ --with-mail-if-noperms
+ Send mail to the "alermail" user if the user is allowed to use sudo but
+ the command they are trying is not listed in their sudoers file entry.
+ Sudoers option: mail_no_perms
- --enable-warnings
- Enable compiler warnings when building sudo with gcc.
+ --with-mailsubject="SUBJECT OF MAIL"
+ Subject of the mail sent to the "mailto" user. The token "%h"
+ will expand to the hostname of the machine.
+ Default is "*** SECURITY information for %h ***".
+ Sudoers option: mailsub
- --enable-werror
- Enable the -Werror compiler option when building sudo with gcc.
+ --with-mailto=USER|MAIL_ALIAS
+ User (or mail alias) that mail from sudo is sent to.
+ This should go to a sysadmin at your site. The default is "root".
+ Sudoers option: mailto
- --disable-hardening
- Disable the use of compiler/linker exploit mitigation options
- which are enabled by default. This includes compiling with
- _FORTIFY_SOURCE defined to 2, building with -fstack-protector
- and linking with -zrelro, where supported.
+ --with-passprompt="PASSWORD PROMPT"
+ Default prompt to use when asking for a password; can be overridden
+ via the -p option and the SUDO_PROMPT environment variable. Supports
+ the "%H", "%h", "%U" and "%u" escapes as documented in the sudo
+ manual page. The default value is "Password:".
+ Sudoers option: passprompt
- --disable-pie
- Disable the creation of position independent executables (PIE)
- even when the compiler and linker support them.
- By default, sudo will be built as a PIE where possible.
+ --with-password-timeout=NUMBER
+ Number of minutes before the sudo password prompt times out.
+ The default is 5, set this to 0 for no password timeout.
+ Sudoers option: passwd_timeout
- --enable-admin-flag
- Enable the creation of an Ubuntu-style admin flag file
- the first time sudo is run.
+ --with-passwd-tries=NUMBER
+ Number of tries a user gets to enter his/her password before sudo logs
+ the failure and exits. The default is 3.
+ Sudoers option: passwd_tries
- --disable-env-reset
- Disable environment resetting. This sets the default value
- of the "env_reset" Defaults option in sudoers to false.
+ --with-pc-insults
+ Replace politically incorrect insults with less objectionable ones.
- --enable-nls[=location]
- Enable natural language support using the gettext() family
- of functions. If specified, location is the base directory
- containing the libintl include and lib directories. If
- this option is not specified, configure will look for the
- gettext() family of functions in the standard C library
- first, then check for a standalone libintl (linking with
- libiconv as needed).
+ --with-runas-default=USER
+ The default user to run commands as if the -u flag is not specified
+ on the command line. This defaults to "root".
+ Sudoers option: runas_default
- --disable-nls
- Disable natural language support. By default, sudo will
- use the gettext() family of functions, if available, to
- implement messages in the invoking user's native language.
- Note that translations do not exist for all languages.
+ --with-secure-path[=PATH]
+ Path used for every command run from sudo(8). If you don't trust the
+ people running sudo to have a sane PATH environment variable you may
+ want to use this. Another use is if you want to have the "root path"
+ be separate from the "user path." You will need to customize the path
+ for your site. NOTE: this is not applied to users in the group
+ specified by --with-exemptgroup. If you do not specify a path,
+ "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.
+ Sudoers option: secure_path
-Shadow password and C2 support
-==============================
+ --with-sendmail=PATH
+ Override configure's guess as to the location of sendmail.
+ Sudoers option: mailerpath
-Shadow passwords (also included with most C2 security packages) are
-supported on most major platforms for which they exist. The
-`configure' script will attempt to determine if your system can use
-shadow passwords and include support for them if so. Shadow password
-support is now compiled in by default (it doesn't hurt anything if you
-don't have them configured). To disable the shadow password support,
-use the --disable-shadow option to configure.
-
-Shadow passwords are known to work on the following platforms:
-
- SunOS 4.x
- Solaris 2.x
- HP-UX >= 9.x
- Ultrix 4.x
- Digital UNIX
- IRIX >= 5.x
- AIX >= 3.2.x
- Linux
- SCO >= 3.2.2
- Pyramid DC/OSx
- UnixWare
- SVR4 (and variants using standard SVR4 shadow passwords)
- 4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X)
- Systems using SecureWare's C2 security.
+ --with-sendmail=no, --without-sendmail
+ Do not use sendmail to mail messages to the "mailto" user.
+ Use only if you don't run sendmail or the equivalent.
+ Sudoers options: !mailerpath or !mailto
-OS dependent notes
-==================
+ --with-sudoers-mode=MODE
+ File mode for the sudoers file (octal). Note that if you
+ wish to NFS-mount the sudoers file this must be group
+ readable. This value may overridden at run-time in the
+ sudo.conf file. The default mode is 0440.
-Linux:
- PAM and LDAP headers are not installed by default on most Linux
- systems. You will need to install the "pam-dev" package if
- /usr/include/security/pam_appl.h is not present on your system.
- If you wish to build with LDAP support you will also need the
- openldap-devel package.
+ --with-sudoers-uid=UID
+ User id that "owns" the sudoers file. Note that this is
+ the numeric id, *not* the symbolic name. This value may
+ overridden at run-time in the sudo.conf file. The default
+ is 0.
- Versions of glibc 2.x previous to 2.0.7 have a broken lsearch().
- You will need to either upgrade to glibc-2.0.7 or use sudo's
- version of lsearch(). To use sudo's lsearch(), comment out
- the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
- to the LIBOBJS line in the Makefile.
+ --with-sudoers-gid=GID
+ Group id that "owns" the sudoers file. Note that this is
+ the numeric id, *not* the symbolic name. This value may
+ overridden at run-time in the sudo.conf file. The default
+ is 0.
- If you are using a Linux kernel older than 2.4 it is not possible
- to access the sudoers file via NFS. This is due to a bug in
- the Linux client-side NFS implementation that has since been
- fixed. There is a workaround on the sudo ftp site, linux_nfs.patch,
- if you need to NFS-mount sudoers on older Linux kernels.
+ --with-timeout=NUMBER
+ Number of minutes that can elapse before sudo will ask for a passwd
+ again. The default is 5, set this to 0 to always prompt for a password.
+ Sudoers option: timestamp_timeout
-Solaris 2.x:
- You need to have a C compiler in order to build sudo. Since
- Solaris 2.x does not come with one by default this means that
- you either need to install the Sun Studio compiler suite,
- available for free from www.sun.com, or have a copy of the GNU
- C compiler (gcc) which is distributed on the Solaris Companion
- CD. You can also get them from various places on the net,
- including http://www.sunfreeware.com/
- NOTE: sudo will *not* build with the sun C compiler in BSD
- compatibility mode (/usr/ucb/cc). Sudo is designed to
- compile with the standard C compiler (or gcc) and will
- not build correctly with /usr/ucb/cc. You can set the
- CC environment variable to the non-ucb compiler when
- running `configure' if it is not the first cc in your
- path. Some sites link /usr/ucb/cc to gcc; configure will
- not notice this and still refuse to use /usr/ucb/cc, so
- make sure gcc is also in your path if your site is setup
- this way.
- Also: Older versions of Solaris come with a broken syslogd.
- If you have having problems with sudo logging you should
- make sure you have the latest syslogd patch installed.
- This is a problem for Solaris 2.4 and 2.5 at least.
+ --with-tty-tickets=no, --without-tty-tickets
+ By default, sudo uses a different ticket file for each user/tty combo.
+ With this option disabled, a single ticket will be used for all
+ of a user's login sessions.
+ Sudoers option: tty_tickets
-Mac OS X:
- The pseudo-tty support in the Mac OS X kernel has bugs related
- to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
- It does not restart reads and writes when those signals are
- delivered. This may cause problems for some commands when I/O
- logging is enabled. The issue has been reported to Apple and
- is bug id #7952709.
+ --with-umask=MASK
+ Umask to use when running the root command. The default is 0022.
+ Sudoers option: umask
+
+ --with-umask=no, --without-umask
+ Preserves the umask of the user invoking sudo.
+ Sudoers option: !umask
+
+ --with-umask-override
+ Use the umask specified in sudoers even if it is less restrictive
+ than the user's. The default is to use the intersection of the
+ user's umask and the umask specified in sudoers.
+ Sudoers option: umask_override
+
+OS dependent notes
+==================
HP-UX:
The default C compiler shipped with HP-UX is not an ANSI compiler.
sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login
-Digital UNIX:
- By default, sudo will use SIA (Security Integration Architecture)
- to validate a user. If you want to use an alternative authentication
- method that does not go through SIA, you need to use the
- --disable-sia option to configure. If you use gcc to compile
- you will get warnings when building interfaces.c. These are
- harmless but if they really bug you, you can edit
- /usr/include/net/if.h around line 123, right after the comment:
- /* forward decls for C++ */
- change the line:
- #ifdef __cplusplus
- to:
- #if defined(__cplusplus) || defined(__GNUC__)
- If you don't like the idea of editing the system header file
- you can just make a copy in gcc's private include tree and
- edit that.
-
-AIX 3.2.x:
- I've had various problems with the AIX C compiler producing
- incorrect code when the -O flag was used. When optimization
- is not used, the problems go away. Gcc does not appear
- to have this problem.
-
-SCO ODT:
- You'll probably need libcrypt_i.a available via anonymous ftp
- from sosco.sco.com. The necessary files are /SLS/lng225b.Z
- and /SLS/lng225b.ltr.Z.
+Linux:
+ PAM and LDAP headers are not installed by default on most Linux
+ systems. You will need to install the "pam-dev" package if
+ /usr/include/security/pam_appl.h is not present on your system.
+ If you wish to build with LDAP support you will also need the
+ openldap-devel package.
+
+Mac OS X:
+ The pseudo-tty support in the Mac OS X kernel has bugs related
+ to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
+ It does not restart reads and writes when those signals are
+ delivered. This may cause problems for some commands when I/O
+ logging is enabled. The issue has been reported to Apple and
+ is bug id #7952709.
+
+Solaris:
+ You need to have a C compiler in order to build sudo. Since
+ Solaris does not come with one by default this means that you
+ either need to either install the Solaris Studio compiler suite,
+ available for free from www.oracle.com, or install the GNU C
+ compiler (gcc) which is can be installed via the pkg utility
+ on Solaris 11 and higher and is distributed on the Solaris
+ Companion CD for older Solaris releases. You can also download
+ gcc packages from http://www.opencsw.org/packages/CSWgcc4core/
SunOS 4.x:
SunOS does not ship with an ANSI C compiler. You will need to
The /bin/sh shipped with SunOS blows up while running configure.
You can work around this by installing bash or zsh. If you
- have bash or zsh in your path, configure will use it instead
- automatically.
-
-ULTRIX 4.x:
- ULTRIX does not ship with an ANSI C compiler. You will need to
- install an ANSI compiler such as gcc to build sudo.
-
- The /bin/sh shipped with ULTRIX blows up while running configure.
- You can work around this by installing bash or zsh. If you
- have bash or zsh in your path, configure will use it instead
- automatically.
-
- ULTRIX ships with the 4.2BSD syslog(3) which does not
- allow things like logging different facilities to different
- files, redirecting logs to a single loghost and other niceties.
- You may want to just grab and install:
- ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz
- (available via anonymous ftp) which is a port if the 4.3BSD
- syslog/syslogd that is backwards compatible with the Ultrix version.
- I recommend it highly. If you do not do this you probably want
- to run configure with --with-logging=file
+ have bash or zsh in your path, configure will use it automatically.
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
+
Basic Installation
==================
- These are generic installation instructions.
+ Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package. The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package. Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, a file
-`config.cache' that saves the results of its tests to speed up
-reconfiguring, and a file `config.log' containing compiler output
-(useful mainly for debugging `configure').
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+ It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring. Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
-be considered for the next release. If at some point `config.cache'
-contains results you don't want to keep, you may remove or edit it.
+be considered for the next release. If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
- The file `configure.in' is used to create `configure' by a program
-called `autoconf'. You only need `configure.in' if you want to change
-it or regenerate `configure' using a newer version of `autoconf'.
+ The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'. You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
-The simplest way to compile this package is:
+ The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
- `./configure' to configure the package for your system. If you're
- using `csh' on an old version of System V, you might need to type
- `sh ./configure' instead to prevent `csh' from trying to execute
- `configure' itself.
+ `./configure' to configure the package for your system.
- Running `configure' takes awhile. While running, it prints some
- messages telling which features it is checking for.
+ Running `configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
- the package.
+ the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
- documentation.
-
- 5. You can remove the program binaries and object files from the
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the `make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior `make install' required
+ root privileges, verifies that the installation completed
+ correctly.
+
+ 6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
all sorts of other programs in order to regenerate files that came
with the distribution.
+ 7. Often, you can also type `make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide `make
+ distcheck', which can by used by developers to test that all other
+ targets like `make install' and `make uninstall' work correctly.
+ This target is generally not run by end users.
+
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
-the `configure' script does not know about. You can give `configure'
-initial values for variables by setting them in the environment. Using
-a Bourne-compatible shell, you can do that on the command line like
-this:
- CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+the `configure' script does not know about. Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+ You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment. Here
+is an example:
-Or on systems that have the `env' program, you can do it like this:
- env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+ *Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
-own directory. `cd' to the directory where you want the object files
-and executables to go and run the `configure' script. `configure'
-automatically checks for the source code in the directory that `configure'
-is in and in `..'.
+own directory. To do this, you can use GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'. This
+is known as a "VPATH" build.
+
+ With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+ On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor. Like
+this:
+
+ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CPP="gcc -E" CXXCPP="g++ -E"
+
+ This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
Installation Names
==================
- By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc. You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
+ By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc. You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
-options like `--bindir=PATH' to specify different values for particular
+options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
+you can set and what kinds of files go in them. In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'. Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated. The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the `DESTDIR' variable. For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names. The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-Optional Features
-=================
-
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
+ Some packages offer the ability to configure how verbose the
+execution of `make' will be. For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
+Particular systems
+==================
+
+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file. The option `-nodtk' can be used as
+a workaround. If GNU CC is not installed, it is therefore recommended
+to try
+
+ ./configure CC="cc"
+
+and if that doesn't work, try
+
+ ./configure CC="cc -nodtk"
+
+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+ On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
Specifying the System Type
==========================
- There may be some features `configure' can not figure out
-automatically, but needs to determine by the type of host the package
-will run on. Usually `configure' can figure that out, but if it prints
-a message saying it can not guess the host type, give it the
-`--host=TYPE' option. TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name with three fields:
+ There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on. Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
CPU-COMPANY-SYSTEM
-See the file `config.sub' for the possible values of each field. If
+where SYSTEM can have one of these forms:
+
+ OS
+ KERNEL-OS
+
+ See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
-need to know the host type.
+need to know the machine type.
+
+ If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
- If you are building compiler tools for cross-compiling, you can also
-use the `--target=TYPE' option to select the type of system they will
-produce code for and the `--build=TYPE' option to select the type of
-system on which you are compiling the package.
+ If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
Sharing Defaults
================
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
-Operation Controls
+Defining Variables
==================
+ Variables not defined in a site shell script can be set in the
+environment passed to `configure'. However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost. In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'. For example:
+
+ ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug. Until the bug is fixed you can use this workaround:
+
+ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
`configure' recognizes the following options to control how it
operates.
+`--help'
+`-h'
+ Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+ Print a summary of the options unique to this package's
+ `configure', and exit. The `short' variant lists options used
+ only in the top level, while the `recursive' variant lists options
+ also present in any nested packages.
+
+`--version'
+`-V'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
`--cache-file=FILE'
- Use and save the results of the tests in FILE instead of
- `./config.cache'. Set FILE to `/dev/null' to disable caching, for
- debugging `configure'.
+ Enable the cache: use and save the results of the tests in FILE,
+ traditionally `config.cache'. FILE defaults to `/dev/null' to
+ disable caching.
-`--help'
- Print a summary of the options to `configure', and exit.
+`--config-cache'
+`-C'
+ Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
- Do not print messages saying which checks are being made.
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
-`--version'
- Print the version of Autoconf used to generate the `configure'
- script, and exit.
+`--prefix=DIR'
+ Use DIR as the installation prefix. *note Installation Names::
+ for more details, including other options available for fine-tuning
+ the installation locations.
+
+`--no-create'
+`-n'
+ Run the configure checks, but stop before creating any output
+ files.
-`configure' also accepts some other, not widely useful, options.
+`configure' also accepts some other, not widely useful, options. Run
+`configure --help' for more details.
common/aix.c
common/alloc.c
common/atobool.c
+common/error.c
common/fileops.c
common/fmt_string.c
common/lbuf.c
common/list.c
+common/regress/sudo_conf/conf_test.c
+common/regress/sudo_conf/test1.in
+common/regress/sudo_conf/test1.out.ok
+common/regress/sudo_conf/test2.in
+common/regress/sudo_conf/test2.out.ok
+common/regress/sudo_conf/test3.in
+common/regress/sudo_conf/test3.out.ok
+common/regress/sudo_conf/test4.in
+common/regress/sudo_conf/test4.out.ok
+common/regress/sudo_parseln/parseln_test.c
+common/regress/sudo_parseln/test1.in
+common/regress/sudo_parseln/test1.out.ok
+common/regress/sudo_parseln/test2.in
+common/regress/sudo_parseln/test2.out.ok
+common/regress/sudo_parseln/test3.in
+common/regress/sudo_parseln/test3.out.ok
+common/regress/sudo_parseln/test4.in
+common/regress/sudo_parseln/test4.out.ok
+common/regress/sudo_parseln/test5.in
+common/regress/sudo_parseln/test5.out.ok
+common/regress/sudo_parseln/test6.in
+common/regress/sudo_parseln/test6.out.ok
common/secure_path.c
common/setgroups.c
common/sudo_conf.c
common/sudo_debug.c
+common/sudo_printf.c
common/term.c
common/ttysize.c
common/zero_bytes.c
compat/closefrom.c
compat/dlfcn.h
compat/dlopen.c
+compat/endian.h
compat/fnmatch.c
compat/fnmatch.h
compat/getaddrinfo.c
compat/mksigname.h
compat/mktemp.c
compat/nanosleep.c
+compat/nss_dbdefs.h
compat/pw_dup.c
compat/regress/fnmatch/fnm_test.c
compat/regress/fnmatch/fnm_test.in
doc/schema.OpenLDAP
doc/schema.iPlanet
doc/sudo.cat
+doc/sudo.conf.cat
+doc/sudo.conf.man.in
+doc/sudo.conf.mdoc.in
doc/sudo.man.in
doc/sudo.mdoc.in
doc/sudo_plugin.cat
mkinstalldirs
mkpkg
pathnames.h.in
+plugins/group_file/Makefile.in
+plugins/group_file/getgrent.c
+plugins/group_file/group_file.c
+plugins/group_file/group_file.exp
+plugins/group_file/plugin_test.c
plugins/sample/Makefile.in
plugins/sample/sample_plugin.c
plugins/sample/sample_plugin.exp
-plugins/sample_group/Makefile.in
-plugins/sample_group/getgrent.c
-plugins/sample_group/plugin_test.c
-plugins/sample_group/sample_group.c
-plugins/sample_group/sample_group.exp
plugins/sudoers/Makefile.in
plugins/sudoers/aixcrypt.exp
plugins/sudoers/alias.c
plugins/sudoers/auth/sia.c
plugins/sudoers/auth/sudo_auth.c
plugins/sudoers/auth/sudo_auth.h
+plugins/sudoers/base64.c
plugins/sudoers/boottime.c
plugins/sudoers/bsm_audit.c
plugins/sudoers/bsm_audit.h
plugins/sudoers/check.c
+plugins/sudoers/check.h
plugins/sudoers/def_data.c
plugins/sudoers/def_data.h
plugins/sudoers/def_data.in
plugins/sudoers/gram.h
plugins/sudoers/gram.y
plugins/sudoers/group_plugin.c
+plugins/sudoers/hexchar.c
plugins/sudoers/ins_2001.h
plugins/sudoers/ins_classic.h
plugins/sudoers/ins_csops.h
plugins/sudoers/ldap.c
plugins/sudoers/linux_audit.c
plugins/sudoers/linux_audit.h
+plugins/sudoers/locale.c
plugins/sudoers/logging.c
plugins/sudoers/logging.h
plugins/sudoers/logwrap.c
plugins/sudoers/mkdefaults
plugins/sudoers/parse.c
plugins/sudoers/parse.h
-plugins/sudoers/plugin_error.c
plugins/sudoers/po/README
plugins/sudoers/po/da.mo
plugins/sudoers/po/da.po
+plugins/sudoers/po/de.mo
+plugins/sudoers/po/de.po
plugins/sudoers/po/eo.mo
plugins/sudoers/po/eo.po
plugins/sudoers/po/eu.mo
plugins/sudoers/po/ja.po
plugins/sudoers/po/lt.mo
plugins/sudoers/po/lt.po
+plugins/sudoers/po/nl.mo
+plugins/sudoers/po/nl.po
plugins/sudoers/po/pl.mo
plugins/sudoers/po/pl.po
-plugins/sudoers/po/sl.mo
+plugins/sudoers/po/sl.mo
plugins/sudoers/po/sl.po
plugins/sudoers/po/sudoers.pot
plugins/sudoers/po/sv.mo
plugins/sudoers/po/sv.po
+plugins/sudoers/po/tr.mo
+plugins/sudoers/po/tr.po
plugins/sudoers/po/uk.mo
plugins/sudoers/po/uk.po
plugins/sudoers/po/vi.mo
plugins/sudoers/po/vi.po
plugins/sudoers/po/zh_CN.mo
plugins/sudoers/po/zh_CN.po
+plugins/sudoers/policy.c
+plugins/sudoers/prompt.c
plugins/sudoers/pwutil.c
+plugins/sudoers/pwutil.h
+plugins/sudoers/pwutil_impl.c
plugins/sudoers/redblack.c
plugins/sudoers/redblack.h
plugins/sudoers/regress/check_symbols/check_symbols.c
plugins/sudoers/regress/logging/check_wrap.out.ok
plugins/sudoers/regress/parser/check_addr.c
plugins/sudoers/regress/parser/check_addr.in
+plugins/sudoers/regress/parser/check_base64.c
+plugins/sudoers/regress/parser/check_digest.c
+plugins/sudoers/regress/parser/check_digest.out.ok
plugins/sudoers/regress/parser/check_fill.c
plugins/sudoers/regress/sudoers/test1.in
plugins/sudoers/regress/sudoers/test1.out.ok
plugins/sudoers/regress/sudoers/test1.toke.ok
+plugins/sudoers/regress/sudoers/test10.in
+plugins/sudoers/regress/sudoers/test10.out.ok
+plugins/sudoers/regress/sudoers/test10.toke.ok
+plugins/sudoers/regress/sudoers/test11.in
+plugins/sudoers/regress/sudoers/test11.out.ok
+plugins/sudoers/regress/sudoers/test11.toke.ok
+plugins/sudoers/regress/sudoers/test12.in
+plugins/sudoers/regress/sudoers/test12.out.ok
+plugins/sudoers/regress/sudoers/test12.toke.ok
+plugins/sudoers/regress/sudoers/test13.in
+plugins/sudoers/regress/sudoers/test13.out.ok
+plugins/sudoers/regress/sudoers/test13.toke.ok
+plugins/sudoers/regress/sudoers/test14.in
+plugins/sudoers/regress/sudoers/test14.out.ok
+plugins/sudoers/regress/sudoers/test14.toke.ok
plugins/sudoers/regress/sudoers/test2.in
plugins/sudoers/regress/sudoers/test2.out.ok
plugins/sudoers/regress/sudoers/test2.toke.ok
plugins/sudoers/regress/sudoers/test8.in
plugins/sudoers/regress/sudoers/test8.out.ok
plugins/sudoers/regress/sudoers/test8.toke.ok
+plugins/sudoers/regress/sudoers/test9.in
+plugins/sudoers/regress/sudoers/test9.out.ok
+plugins/sudoers/regress/sudoers/test9.toke.ok
plugins/sudoers/regress/testsudoers/test1.out.ok
plugins/sudoers/regress/testsudoers/test1.sh
+plugins/sudoers/regress/testsudoers/test2.inc
+plugins/sudoers/regress/testsudoers/test2.out.ok
+plugins/sudoers/regress/testsudoers/test2.sh
+plugins/sudoers/regress/testsudoers/test3.d/root
+plugins/sudoers/regress/testsudoers/test3.out.ok
+plugins/sudoers/regress/testsudoers/test3.sh
+plugins/sudoers/regress/testsudoers/test4.out.ok
+plugins/sudoers/regress/testsudoers/test4.sh
+plugins/sudoers/regress/testsudoers/test5.out.ok
+plugins/sudoers/regress/testsudoers/test5.sh
+plugins/sudoers/regress/visudo/test1.out.ok
+plugins/sudoers/regress/visudo/test1.sh
+plugins/sudoers/regress/visudo/test2.err.ok
+plugins/sudoers/regress/visudo/test2.out.ok
+plugins/sudoers/regress/visudo/test2.sh
+plugins/sudoers/regress/visudo/test3.err.ok
+plugins/sudoers/regress/visudo/test3.out.ok
+plugins/sudoers/regress/visudo/test3.sh
+plugins/sudoers/regress/visudo/test4.out.ok
+plugins/sudoers/regress/visudo/test4.sh
plugins/sudoers/set_perms.c
+plugins/sudoers/sha2.c
+plugins/sudoers/sha2.h
plugins/sudoers/sssd.c
plugins/sudoers/sudo_nss.c
plugins/sudoers/sudo_nss.h
plugins/sudoers/sudoers_version.h
plugins/sudoers/sudoreplay.c
plugins/sudoers/testsudoers.c
+plugins/sudoers/timestamp.c
plugins/sudoers/timestr.c
plugins/sudoers/toke.c
plugins/sudoers/toke.h
src/Makefile.in
src/conversation.c
src/env_hooks.c
-src/error.c
src/exec.c
src/exec_common.c
src/exec_pty.c
src/get_pty.c
src/hooks.c
src/load_plugins.c
+src/locale_stub.c
src/net_ifs.c
+src/openbsd.c
src/parse_args.c
src/po/README
src/po/da.mo
src/po/it.po
src/po/ja.mo
src/po/ja.po
+src/po/nl.mo
+src/po/nl.po
src/po/pl.mo
src/po/pl.po
src/po/ru.mo
src/po/sudo.pot
src/po/sv.mo
src/po/sv.po
+src/po/tr.mo
+src/po/tr.po
src/po/uk.mo
src/po/uk.po
src/po/vi.mo
src/po/zh_CN.mo
src/po/zh_CN.po
src/preload.c
+src/regress/ttyname/check_ttyname.c
src/selinux.c
src/sesh.c
+src/signal.c
+src/solaris.c
src/sudo.c
src/sudo.h
src/sudo_edit.c
#
-# Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
sudoers_mode = @SUDOERS_MODE@
shlib_mode = @SHLIB_MODE@
-SUBDIRS = compat common @ZLIB_SRC@ plugins/sudoers src include doc
+SUBDIRS = compat common @ZLIB_SRC@ plugins/group_file plugins/sudoers \
+ plugins/system_group src include doc
-SAMPLES = plugins/sample plugins/sample_group plugins/system_group
+SAMPLES = plugins/sample
VERSION = @PACKAGE_VERSION@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
# Message catalog support
NLS = @SUDO_NLS@
POTFILES = src/po/sudo.pot plugins/sudoers/po/sudoers.pot
+LOCALEDIR_SUFFIX = @LOCALEDIR_SUFFIX@
MSGFMT = msgfmt
MSGMERGE = msgmerge
XGETTEXT = xgettext
"--msgid-bugs-address=http://www.sudo.ws/bugs" \
--package-name=@PACKAGE_NAME@ --package-version=$(VERSION) \
--flag warning:1:c-format --flag warningx:1:c-format \
- --flag error:2:c-format --flag errorx:2:c-format \
+ --flag fatal:1:c-format --flag fatalx:1:c-format \
--flag easprintf:3:c-format --flag lbuf_append:2:c-format \
--flag lbuf_append_quoted:3:c-format --foreign-user
all: config.status
- for d in $(SUBDIRS) $(SAMPLES); \
+ for d in $(SUBDIRS); \
do (cd $$d && exec $(MAKE) $@) && continue; \
exit $$?; \
done
rm -f $(DESTDIR)$(localedir)/*/LC_MESSAGES/$$domain.mo; \
done
-autoconf:
- autoconf -I m4
-
siglist.c signame.c:
(cd compat && exec $(MAKE) $@)
fi; \
$(srcdir)/mkdep.pl $(srcdir)/common/Makefile.in \
$(srcdir)/compat/Makefile.in $(srcdir)/plugins/sample/Makefile.in \
- $(srcdir)/plugins/sample_group/Makefile.in \
+ $(srcdir)/plugins/group_file/Makefile.in \
$(srcdir)/plugins/sudoers/Makefile.in \
$(srcdir)/plugins/system_group/Makefile.in \
$(srcdir)/src/Makefile.in $(srcdir)/zlib/Makefile.in; \
./config.status --file $(srcdir)/common/Makefile \
--file $(srcdir)/compat/Makefile \
--file $(srcdir)/plugins/sample/Makefile \
- --file $(srcdir)/plugins/sample_group/Makefile \
+ --file $(srcdir)/plugins/group_file/Makefile \
--file $(srcdir)/plugins/sudoers/Makefile \
--file $(srcdir)/plugins/system_group/Makefile \
--file $(srcdir)/src/Makefile --file $(srcdir)/zlib/Makefile
echo "Updating $$pot"; \
domain=`basename $$pot .pot`; \
case "$$domain" in \
- sudo) cfiles="src/*c common/*c compat/*c";; \
- sudoers) cfiles="plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \
+ sudo) tmpfiles=; cfiles="src/*c common/*c compat/*c";; \
+ sudoers) \
+ echo "syntax error" > confstr.sh; \
+ sed -n -e 's/^badpass_message="/gettext "/p' \
+ -e 's/^passprompt="/gettext "/p' \
+ -e 's/^mailsub="/gettext "/p' configure.in \
+ >> confstr.sh; \
+ tmpfiles=confstr.sh; \
+ cfiles="plugins/sudoers/*.c plugins/sudoers/auth/*.c";; \
*) echo unknown domain $$domain; continue;; \
esac; \
- $(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles -o $$pot.tmp; \
+ $(XGETTEXT) $(XGETTEXT_OPTS) -d$$domain $$cfiles $$tmpfiles -o $$pot.tmp; \
+ test -n "$$tmpfiles" && rm -f $$tmpfiles; \
if diff -I'^.POT-Creation-Date' -I'^.Project-Id-Version' -I'^#' $$pot.tmp $$pot >/dev/null; then \
rm -f $$pot.tmp; \
else \
- mv -f $$pot.tmp $$pot; \
+ printf '/^#$$/+1,$$d\nw\nq\n' | ed - $$pot; \
+ sed '1,/^#$$/d' $$pot.tmp >> $$pot; \
+ rm -f $$pot.tmp; \
fi; \
done; \
fi
test -s $$podir/$$lang.mo || continue; \
echo $(ECHO_N) " $$lang$(ECHO_C)"; \
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \
+ if test -n "$(LOCALEDIR_SUFFIX)"; then \
+ if test ! -d $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); then \
+ ln -s $$lang $(DESTDIR)$(localedir)/$$lang$(LOCALEDIR_SUFFIX); \
+ fi; \
+ fi; \
$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 $$podir/$$lang.mo $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$$domain.mo; \
done; \
echo ""; \
check-dist: update-pot compile-po
@if [ -d .hg ]; then \
- if hg stat -am | grep '\.[mp]ot*$$'; then \
- echo "Uncommitted message catalog changes" 1>&2; \
- false; \
+ if test `hg stat -am | wc -l` -ne 0; then \
+ echo "Uncommitted changes" 1>&2; \
+ hg stat -am 1>&2; \
+ exit 1; \
fi; \
fi
-dist: check-dist ChangeLog $(srcdir)/MANIFEST
+dist: check-dist force-dist
+
+force-dist: ChangeLog $(srcdir)/MANIFEST
pax -w -x ustar -s '/^/$(PACKAGE_TARNAME)-$(VERSION)\//' \
-f ../$(PACKAGE_TARNAME)-$(VERSION).tar \
`sed 's/[ ].*//' $(srcdir)/MANIFEST`
+What's new in Sudo 1.8.7?
+
+ * The non-Unix group plugin is now supported when sudoers data
+ is stored in LDAP.
+
+ * Sudo now uses a workaround for a locale bug on Solaris 11.0
+ that prevents setuid programs like sudo from fully using locales.
+
+ * User messages are now always displayed in the user's locale,
+ even when the same message is being logged or mailed in a
+ different locale.
+
+ * Log files created by sudo now explicitly have the group set
+ to group ID 0 rather than relying on BSD group semantics (which
+ may not be the default).
+
+ * A new "exec_background" sudoers option can be used to initially
+ run the command without read access to the terminal when running
+ a command in a pseudo-tty. If the command tries to read from
+ the terminal it will be stopped by the kernel (via SIGTTIN or
+ SIGTTOU) and sudo will immediately restart it as the forground
+ process (if possible). This allows sudo to only pass terminal
+ input to the program if the program actually is expecting it.
+ Unfortunately, a few poorly-behaved programs (like "su" on most
+ Linux systems) do not handle SIGTTIN and SIGTTOU properly.
+
+ * Sudo now uses an efficient group query to get all the groups
+ for a user instead of iterating over every record in the group
+ database on HP-UX and Solaris.
+
+ * Sudo now produces better error messages when there is an error
+ in the sudo.conf file.
+
+ * Two new settings have been added to sudo.conf to give the admin
+ better control of how group database queries are performed. The
+ "group_source" specifies how the group list for a user will be
+ determined. Legal values are "static" (use the kernel groups
+ list), "dynamic" (perform a group database query) and "adaptive"
+ (only perform a group database query if the kernel list is full).
+ The "max_groups" specifies the maximum number of groups a user may
+ belong to when performing a group database query.
+
+ * The sudo.conf file now supports line continuation by using a
+ backslash as the last character on the line.
+
+ * There is now a standalone sudo.conf manual page.
+
+ * Sudo now stores its libexec files in a "sudo" subdirectory instead
+ of in libexec itself. For backwards compatibility, if the plugin
+ is not found in the default plugin directory, sudo will check
+ the parent directory if the default directory ends in "/sudo".
+
+ * The sudoers I/O logging plugin now logs the terminal size.
+
+ * A new sudoers option "maxseq" can be used to limit the number of
+ I/O log entries that are stored.
+
+ * The "system_group" and "group_file" sudoers group provider plugins
+ are now installed by default.
+
+ * The list output (sudo -l) output from the sudoers plugin is now
+ less ambiguous when an entry includes different runas users.
+ The long list output (sudo -ll) for file-based sudoers is now
+ more consistent with the format of LDAP-based sudoers.
+
+ * A uid may now be used in the sudoRunAsUser attributes for LDAP
+ sudoers.
+
+ * Minor plugin API change: the close and version functions are now
+ optional. If the policy plugin does not provide a close function
+ and the command is not being run in a new pseudo-tty, sudo may
+ now execute the command directly instead of in a child process.
+
+ * A new sudoers option "pam_session" can be used to disable sudo's
+ PAM session support.
+
+ * On HP-UX systems, sudo will now use the pstat() function to
+ determine the tty instead of ttyname().
+
+ * Turkish translation for sudo and sudoers from translationproject.org.
+
+ * Dutch translation for sudo and sudoers from translationproject.org.
+
+ * Tivoli Directory Server client libraries may now be used with
+ HP-UX where libibmldap has a hidden dependency on libCsup.
+
+ * The sudoers plugin will now ignore invalid domain names when
+ checking netgroup membership. Most Linux systems use the string
+ "(none)" for the NIS-style domain name instead of an empty string.
+
+ * New support for specifying a SHA-2 digest along with the command
+ in sudoers. Supported hash types are sha224, sha256, sha384 and
+ sha512. See the description of Digest_Spec in the sudoers manual
+ or the description of sudoCommand in the sudoers.ldap manual for
+ details.
+
+ * The paths to ldap.conf and ldap.secret may now be specified as
+ arguments to the sudoers plugin in the sudo.conf file.
+
+ * Fixed potential false positives in visudo's alias cycle detection.
+
+ * Fixed a problem where the time stamp file was being treated
+ as out of date on Linux systems where the change time on the
+ pseudo-tty device node can change after it is allocated.
+
+ * Sudo now only builds Position Independent Executables (PIE)
+ by default on Linux systems and verifies that a trivial test
+ program builds and runs.
+
+ * On Solaris 11.1 and higher, sudo binaries will now have the
+ ASLR tag enabled if supported by the linker.
+
What's new in Sudo 1.8.6p8?
- * Terminal dection now works properly on 64-bit AIX kernels.
+ * Terminal detection now works properly on 64-bit AIX kernels.
This was broken by the removal of the ttyname() fallback in Sudo
1.8.6p6. Sudo is now able to map an AIX 64-bit device number
to the corresponding device file in /dev.
For a history of sudo please see the HISTORY file in the doc directory.
You can find a list of contributors to sudo in the doc/CONTRIBUTORS file.
-System requirements
-===================
-To build sudo from the source distribution you need a POSIX-compliant
-operating system (any modern version of BSD, Linux or Unix should
-work), an ANSI/ISO C compiler that supports variadic marcos (a C99
-feature) and the ar, make and ranlib utilities.
-
-If you wish to modify the parser then you will need flex version
-2.5.2 or later and either bison or byacc (sudo comes with a pre-flex'd
-tokenizer and pre-yacc'd grammar parser). You'll also have to
-uncomment a few lines from the Makefile or run configure with the
---with-devel option. You can get flex from http://flex.sourceforge.net/.
-You can get GNU bison from ftp://ftp.gnu.org/pub/gnu/bison/ or any
-GNU mirror.
-
Building the release
====================
-Please read the installation guide in the `INSTALL' file before
-trying to build sudo. Pay special attention to the "OS dependent notes"
-section.
+Please read the installation guide in the `INSTALL' file before trying to
+build sudo. Pay special attention to the "OS dependent notes" section.
Copyright
=========
Web page
========
-There is a sudo web page at http://www.sudo.ws/ that contains
-an overview of sudo, documentation, downloads, information about
-beta versions and other useful info.
+There is a sudo web page at http://www.sudo.ws/ that contains an
+overview of sudo, documentation, downloads, a bug tracker, information
+about beta versions and other useful info.
Bug reports
===========
dnl Local m4 macros for autoconf (used by sudo)
dnl
-dnl Copyright (c) 1994-1996, 1998-2005, 2007-2011
+dnl Copyright (c) 1994-1996, 1998-2005, 2007-2013
dnl Todd C. Miller <Todd.Miller@courtesan.com>
dnl
dnl XXX - should cache values in all cases!!!
AC_MSG_RESULT($sudo_cv_func_fnmatch)
AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])])
+dnl
+dnl Attempt to check for working PIE support.
+dnl This is a bit of a hack but on Solaris 10 with GNU ld and GNU as
+dnl we can end up with strange values from malloc().
+dnl A better check would be to verify that ASLR works with PIE.
+dnl
+AC_DEFUN([SUDO_WORKING_PIE],
+[AC_MSG_CHECKING([for working PIE support])
+AC_CACHE_VAL(sudo_cv_working_pie,
+[rm -f conftestdata; > conftestdata
+AC_TRY_RUN(AC_INCLUDES_DEFAULT([])
+[main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }], [sudo_cv_working_pie=yes], [sudo_cv_working_pie=no],
+ [sudo_cv_working_pie=no])
+rm -f core core.* *.core])
+AC_MSG_RESULT($sudo_cv_working_pie)
+AS_IF([test $sudo_cv_working_pie = yes], [$1], [$2])])
+
dnl
dnl check for isblank(3)
dnl
])
dnl
-dnl append a libpath to an LDFLAGS style variable
+dnl Append a libpath to an LDFLAGS style variable if not already present.
+dnl Also appends to the _R version unless rpath is disabled.
dnl
AC_DEFUN([SUDO_APPEND_LIBPATH], [
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) $1="${$1} -L$2 -Wl,+b,$2"
- ;;
- *) $1="${$1} -L$2 -Wl,-R$2"
- ;;
- esac
- else
- $1="${$1} -L$2"
- fi
- if test X"$blibpath" != X"" -a "$1" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:$2"
- fi
+ case "${$1}" in
+ *"-L$2"|*"-L$2 ")
+ ;;
+ *)
+ $1="${$1} -L$2"
+ if test X"$enable_rpath" = X"yes"; then
+ $1_R="${$1_R} -R$2"
+ fi
+ ;;
+ esac
+])
+
+dnl
+dnl Append a directory to CPPFLAGS if not already present.
+dnl
+AC_DEFUN([SUDO_APPEND_CPPFLAGS], [
+ case "${CPPFLAGS}" in
+ *"$1"|*"$1 ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="$1"
+ else
+ CPPFLAGS="${CPPFLAGS} $1"
+ fi
+ ;;
+ esac
])
dnl
dnl
dnl Pull in libtool macros
dnl
-m4_include([libtool.m4])
-m4_include([ltoptions.m4])
-m4_include([ltsugar.m4])
-m4_include([ltversion.m4])
-m4_include([lt~obsolete.m4])
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])
dnl
dnl Pull in other non-standard macros
dnl
-m4_include([ax_check_compile_flag.m4])
-m4_include([ax_check_link_flag.m4])
+m4_include([m4/ax_check_compile_flag.m4])
+m4_include([m4/ax_check_link_flag.m4])
#
-# Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
SSP_CFLAGS = @SSP_CFLAGS@
SSP_LDFLAGS = @SSP_LDFLAGS@
+# Regression tests
+TEST_PROGS = conf_test parseln_test
+TEST_LIBS = @LIBS@ @LIBINTL@ ../compat/libreplace.la
+TEST_LDFLAGS = @LDFLAGS@
+
# OS dependent defines
DEFS = @OSDEFS@ -D_PATH_SUDO_CONF=\"$(sysconfdir)/sudo.conf\"
SHELL = @SHELL@
-LTOBJS = alloc.lo atobool.lo fileops.lo fmt_string.lo lbuf.lo list.lo \
- secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo term.lo \
- ttysize.lo zero_bytes.lo @COMMON_OBJS@
+LTOBJS = alloc.lo atobool.lo error.lo fileops.lo fmt_string.lo lbuf.lo list.lo \
+ secure_path.lo setgroups.lo sudo_conf.lo sudo_debug.lo sudo_printf.lo \
+ term.lo ttysize.lo zero_bytes.lo @COMMON_OBJS@
+
+PARSELN_TEST_OBJS = parseln_test.lo
+
+CONF_TEST_OBJS = conf_test.lo
all: libcommon.la
libcommon.la: $(LTOBJS)
$(LIBTOOL) --mode=link $(CC) -o $@ $(LTOBJS) -no-install
+conf_test: $(CONF_TEST_OBJS) libcommon.la
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CONF_TEST_OBJS) libcommon.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
+parseln_test: $(PARSELN_TEST_OBJS) libcommon.la
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(PARSELN_TEST_OBJS) libcommon.la $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LDFLAGS) $(TEST_LIBS)
+
pre-install:
install:
uninstall:
-check:
+check: $(TEST_PROGS)
+ @if test X"$(cross_compiling)" != X"yes"; then \
+ passed=0; failed=0; total=0; \
+ for dir in sudo_conf sudo_parseln; do \
+ mkdir -p regress/$$dir; \
+ for t in $(srcdir)/regress/$$dir/*.in; do \
+ base=`basename $$t .in`; \
+ out="regress/$$dir/$$base.out"; \
+ if test "$$dir" = "sudo_conf"; then \
+ ./conf_test $$t >$$out; \
+ else \
+ ./parseln_test <$$t >$$out; \
+ fi; \
+ if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \
+ passed=`expr $$passed + 1`; \
+ echo "$$dir/$$base: OK"; \
+ else \
+ failed=`expr $$failed + 1`; \
+ echo "$$dir/$$base: FAIL"; \
+ diff $$out $(srcdir)/$$out.ok; \
+ fi; \
+ total=`expr $$total + 1`; \
+ done; \
+ done; \
+ echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \
+ exit $$failed; \
+ fi
clean:
- -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.*
+ -$(LIBTOOL) --mode=clean rm -f $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* regress/*/*.out
mostlyclean: clean
atobool.lo: $(srcdir)/atobool.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/sudo_debug.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/atobool.c
+conf_test.lo: $(srcdir)/regress/sudo_conf/conf_test.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
+ $(incdir)/sudo_conf.h $(incdir)/list.h
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_conf/conf_test.c
+error.lo: $(srcdir)/error.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h $(incdir)/alloc.h \
+ $(incdir)/error.h $(incdir)/sudo_plugin.h $(incdir)/gettext.h
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/error.c
fileops.lo: $(srcdir)/fileops.c $(top_builddir)/config.h \
$(top_srcdir)/compat/stdbool.h $(top_srcdir)/compat/timespec.h \
$(incdir)/missing.h $(incdir)/fileops.h $(incdir)/sudo_debug.h
list.lo: $(srcdir)/list.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/list.h $(incdir)/error.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/list.c
+parseln_test.lo: $(srcdir)/regress/sudo_parseln/parseln_test.c \
+ $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h \
+ $(incdir)/missing.h $(incdir)/fileops.h
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/sudo_parseln/parseln_test.c
secure_path.lo: $(srcdir)/secure_path.c $(top_builddir)/config.h \
$(incdir)/missing.h $(incdir)/sudo_debug.h \
$(incdir)/secure_path.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_conf.c
sudo_debug.lo: $(srcdir)/sudo_debug.c $(top_builddir)/config.h \
$(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
- $(incdir)/alloc.h $(incdir)/error.h $(incdir)/gettext.h \
- $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h
+ $(incdir)/alloc.h $(incdir)/error.h $(incdir)/sudo_plugin.h \
+ $(incdir)/sudo_debug.h $(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_debug.c
+sudo_printf.lo: $(srcdir)/sudo_printf.c $(top_builddir)/config.h \
+ $(incdir)/missing.h $(incdir)/sudo_plugin.h \
+ $(incdir)/sudo_debug.h
+ $(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudo_printf.c
term.lo: $(srcdir)/term.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/sudo_debug.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/term.c
/*
- * Copyright (c) 2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2008, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
debug_decl(aix_setlimits, SUDO_DEBUG_UTIL)
if (setuserdb(S_READ) != 0)
- error(1, "unable to open userdb");
+ fatal("unable to open userdb");
/*
* For each resource limit, get the soft/hard values for the user
if (user != NULL) {
if (setuserdb(S_READ) != 0)
- error(1, _("unable to open userdb"));
+ fatal(_("unable to open userdb"));
if (getuserattr(user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
if (setauthdb(registry, NULL) != 0)
- error(1, _("unable to switch to registry \"%s\" for %s"),
+ fatal(_("unable to switch to registry \"%s\" for %s"),
registry, user);
}
enduserdb();
debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL)
if (setauthdb(NULL, NULL) != 0)
- error(1, _("unable to restore registry"));
+ fatal(_("unable to restore registry"));
debug_return;
}
/*
- * Copyright (c) 1999-2005, 2007, 2010-2011
+ * Copyright (c) 1999-2005, 2007, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#include "missing.h"
#include "alloc.h"
#include "error.h"
+#include "errno.h"
#define DEFAULT_TEXT_DOMAIN "sudo"
#include "gettext.h"
void *ptr;
if (size == 0)
- errorx2(1, _("internal error, tried to emalloc(0)"));
+ fatalx_nodebug(_("internal error, tried to emalloc(0)"));
if ((ptr = malloc(size)) == NULL)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
return ptr;
}
void *ptr;
if (nmemb == 0 || size == 0)
- errorx2(1, _("internal error, tried to emalloc2(0)"));
+ fatalx_nodebug(_("internal error, tried to emalloc2(0)"));
if (nmemb > SIZE_MAX / size)
- errorx2(1, _("internal error, %s overflow"), "emalloc2()");
+ fatalx_nodebug(_("internal error, %s overflow"), "emalloc2()");
size *= nmemb;
if ((ptr = malloc(size)) == NULL)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
return ptr;
}
void *ptr;
if (nmemb == 0 || size == 0)
- errorx2(1, _("internal error, tried to ecalloc(0)"));
+ fatalx_nodebug(_("internal error, tried to ecalloc(0)"));
if (nmemb != 1) {
if (nmemb > SIZE_MAX / size)
- errorx2(1, _("internal error, %s overflow"), "ecalloc()");
+ fatalx_nodebug(_("internal error, %s overflow"), "ecalloc()");
size *= nmemb;
}
if ((ptr = malloc(size)) == NULL)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
memset(ptr, 0, size);
return ptr;
}
{
if (size == 0)
- errorx2(1, _("internal error, tried to erealloc(0)"));
+ fatalx_nodebug(_("internal error, tried to erealloc(0)"));
ptr = ptr ? realloc(ptr, size) : malloc(size);
if (ptr == NULL)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
return ptr;
}
{
if (nmemb == 0 || size == 0)
- errorx2(1, _("internal error, tried to erealloc3(0)"));
+ fatalx_nodebug(_("internal error, tried to erealloc3(0)"));
if (nmemb > SIZE_MAX / size)
- errorx2(1, _("internal error, %s overflow"), "erealloc3()");
+ fatalx_nodebug(_("internal error, %s overflow"), "erealloc3()");
size *= nmemb;
ptr = ptr ? realloc(ptr, size) : malloc(size);
if (ptr == NULL)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
return ptr;
}
size_t size;
if (nmemb == 0 || msize == 0)
- errorx2(1, _("internal error, tried to erecalloc(0)"));
+ fatalx_nodebug(_("internal error, tried to erecalloc(0)"));
if (nmemb > SIZE_MAX / msize)
- errorx2(1, _("internal error, %s overflow"), "erecalloc()");
+ fatalx_nodebug(_("internal error, %s overflow"), "erecalloc()");
size = nmemb * msize;
ptr = ptr ? realloc(ptr, size) : malloc(size);
if (ptr == NULL)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
if (nmemb > onmemb) {
size = (nmemb - onmemb) * msize;
memset((char *)ptr + (onmemb * msize), 0, size);
{
int len;
va_list ap;
+
va_start(ap, fmt);
len = vasprintf(ret, fmt, ap);
va_end(ap);
if (len == -1)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
return len;
}
int len;
if ((len = vasprintf(ret, format, args)) == -1)
- errorx2(1, _("unable to allocate memory"));
+ fatalx_nodebug(NULL);
return len;
}
-
-/*
- * Wrapper for free(3) so we can depend on C89 semantics.
- */
-void
-efree(void *ptr)
-{
- if (ptr != NULL)
- free(ptr);
-}
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
--- /dev/null
+/*
+ * Copyright (c) 2004-2005, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
+
+#include "missing.h"
+#include "alloc.h"
+#include "error.h"
+#include "sudo_plugin.h"
+
+#define DEFAULT_TEXT_DOMAIN "sudo"
+#include "gettext.h"
+
+sigjmp_buf fatal_jmp;
+static bool setjmp_enabled = false;
+static struct sudo_fatal_callback {
+ void (*func)(void);
+ struct sudo_fatal_callback *next;
+} *callbacks;
+
+static void _warning(int, const char *, va_list);
+
+static void
+do_cleanup(void)
+{
+ struct sudo_fatal_callback *cb;
+
+ /* Run callbacks, removing them from the list as we go. */
+ while ((cb = callbacks) != NULL) {
+ callbacks = cb->next;
+ cb->func();
+ free(cb);
+ }
+}
+
+void
+fatal2(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ _warning(1, fmt, ap);
+ va_end(ap);
+ do_cleanup();
+ if (setjmp_enabled)
+ siglongjmp(fatal_jmp, 1);
+ else
+ exit(EXIT_FAILURE);
+}
+
+void
+fatalx2(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ _warning(0, fmt, ap);
+ va_end(ap);
+ do_cleanup();
+ if (setjmp_enabled)
+ siglongjmp(fatal_jmp, 1);
+ else
+ exit(EXIT_FAILURE);
+}
+
+void
+vfatal2(const char *fmt, va_list ap)
+{
+ _warning(1, fmt, ap);
+ do_cleanup();
+ if (setjmp_enabled)
+ siglongjmp(fatal_jmp, 1);
+ else
+ exit(EXIT_FAILURE);
+}
+
+void
+vfatalx2(const char *fmt, va_list ap)
+{
+ _warning(0, fmt, ap);
+ do_cleanup();
+ if (setjmp_enabled)
+ siglongjmp(fatal_jmp, 1);
+ else
+ exit(EXIT_FAILURE);
+}
+
+void
+warning2(const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ _warning(1, fmt, ap);
+ va_end(ap);
+}
+
+void
+warningx2(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ _warning(0, fmt, ap);
+ va_end(ap);
+}
+
+void
+vwarning2(const char *fmt, va_list ap)
+{
+ _warning(1, fmt, ap);
+}
+
+void
+vwarningx2(const char *fmt, va_list ap)
+{
+ _warning(0, fmt, ap);
+}
+
+static void
+_warning(int use_errno, const char *fmt, va_list ap)
+{
+ int serrno = errno;
+ char *str;
+
+ evasprintf(&str, fmt, ap);
+ if (use_errno) {
+ if (fmt != NULL) {
+ sudo_printf(SUDO_CONV_ERROR_MSG,
+ _("%s: %s: %s\n"), getprogname(), str, strerror(serrno));
+ } else {
+ sudo_printf(SUDO_CONV_ERROR_MSG,
+ _("%s: %s\n"), getprogname(), strerror(serrno));
+ }
+ } else {
+ sudo_printf(SUDO_CONV_ERROR_MSG,
+ _("%s: %s\n"), getprogname(), str ? str : "(null)");
+ }
+ efree(str);
+ errno = serrno;
+}
+
+int
+fatal_callback_register(void (*func)(void))
+{
+ struct sudo_fatal_callback *cb;
+
+ cb = malloc(sizeof(*cb));
+ if (cb == NULL)
+ return -1;
+ cb->func = func;
+ cb->next = callbacks;
+ callbacks = cb;
+
+ return 0;
+}
+
+void
+fatal_disable_setjmp(void)
+{
+ setjmp_enabled = false;
+}
+
+void
+fatal_enable_setjmp(void)
+{
+ setjmp_enabled = true;
+}
/*
- * Copyright (c) 1999-2005, 2007, 2009-2011
+ * Copyright (c) 1999-2005, 2007, 2009-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/time.h>
#ifdef HAVE_FLOCK
# include <sys/file.h>
#endif /* HAVE_FLOCK */
-#include <stdio.h>
-#ifdef HAVE_STDBOOL_H
-# include <stdbool.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
#else
-# include "compat/stdbool.h"
-#endif
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
# include <string.h>
#endif /* HAVE_STRING_H */
#ifdef HAVE_STRINGS_H
# include <strings.h>
-#endif /* HAVE_STRINGS_H */
+#endif /* HAVE_STRING_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
#include <ctype.h>
-#include <limits.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include <fcntl.h>
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif
#if TIME_WITH_SYS_TIME
# include <time.h>
#endif
#include "fileops.h"
#include "sudo_debug.h"
-#ifndef LINE_MAX
-# define LINE_MAX 2048
-#endif
-
/*
* Update the access and modify times on an fd or file.
*/
#endif
/*
- * Read a line of input, remove comments and strip off leading
- * and trailing spaces. Returns static storage that is reused.
+ * Read a line of input, honoring line continuation chars.
+ * Remove comments and strips off leading and trailing spaces.
+ * Returns the line length and updates the buf and bufsize pointers.
+ * XXX - just use a struct w/ state, including getline buffer?
+ * could also make comment char and line continuation configurable
*/
-char *
-sudo_parseln(FILE *fp)
+ssize_t
+sudo_parseln(char **bufp, size_t *bufsizep, unsigned int *lineno, FILE *fp)
{
- size_t len;
- char *cp = NULL;
- static char buf[LINE_MAX];
+ size_t len, linesize = 0, total = 0;
+ char *cp, *line = NULL;
+ bool continued;
debug_decl(sudo_parseln, SUDO_DEBUG_UTIL)
- if (fgets(buf, sizeof(buf), fp) != NULL) {
- /* Remove comments */
- if ((cp = strchr(buf, '#')) != NULL)
+ do {
+ continued = false;
+ len = getline(&line, &linesize, fp);
+ if (len == -1)
+ break;
+ if (lineno != NULL)
+ (*lineno)++;
+
+ /* Remove trailing newline(s) if present. */
+ while (len > 0 && (line[len - 1] == '\n' || line[len - 1] == '\r'))
+ line[--len] = '\0';
+
+ /* Remove comments or check for line continuation (but not both) */
+ if ((cp = strchr(line, '#')) != NULL) {
*cp = '\0';
+ len = (size_t)(cp - line);
+ } else if (len > 0 && line[len - 1] == '\\' && (len == 1 || line[len - 2] != '\\')) {
+ line[--len] = '\0';
+ continued = true;
+ }
- /* Trim leading and trailing whitespace/newline */
- len = strlen(buf);
- while (len > 0 && isspace((unsigned char)buf[len - 1]))
- buf[--len] = '\0';
- for (cp = buf; isblank((unsigned char)*cp); cp++)
- continue;
- }
- debug_return_str(cp);
+ /* Trim leading and trailing whitespace */
+ if (!continued) {
+ while (len > 0 && isblank((unsigned char)line[len - 1]))
+ line[--len] = '\0';
+ }
+ for (cp = line; isblank((unsigned char)*cp); cp++)
+ len--;
+
+ if (*bufp == NULL || total + len >= *bufsizep) {
+ void *tmp;
+ size_t size = total + len + 1;
+
+ if (size < 64) {
+ size = 64;
+ } else if (size <= 0x80000000) {
+ /* Round up to next highest power of two. */
+ size--;
+ size |= size >> 1;
+ size |= size >> 2;
+ size |= size >> 4;
+ size |= size >> 8;
+ size |= size >> 16;
+ size++;
+ }
+ if ((tmp = realloc(*bufp, size)) == NULL)
+ break;
+ *bufp = tmp;
+ *bufsizep = size;
+ }
+ memcpy(*bufp + total, cp, len + 1);
+ total += len;
+ } while (continued);
+ free(line);
+ if (len == -1 && total == 0)
+ debug_return_size_t((size_t)-1);
+ debug_return_size_t(total);
}
/*
- * Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
/*
- * Copyright (c) 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
debug_return;
}
+static void
+lbuf_expand(struct lbuf *lbuf, size_t extra)
+{
+ if (lbuf->len + extra + 1 >= lbuf->size) {
+ do {
+ lbuf->size += 256;
+ } while (lbuf->len + extra + 1 >= lbuf->size);
+ lbuf->buf = erealloc(lbuf->buf, lbuf->size);
+ }
+}
+
/*
* Parse the format and append strings, only %s and %% escapes are supported.
* Any characters in set are quoted with a backslash.
{
va_list ap;
int len;
- char *cp, *s = NULL;
+ char *cp, *s;
debug_decl(lbuf_append_quoted, SUDO_DEBUG_UTIL)
va_start(ap, fmt);
while (*fmt != '\0') {
- len = 1;
if (fmt[0] == '%' && fmt[1] == 's') {
- s = va_arg(ap, char *);
- len = strlen(s);
- }
- /* Assume worst case that all chars must be escaped. */
- if (lbuf->len + (len * 2) + 1 >= lbuf->size) {
- do {
- lbuf->size += 256;
- } while (lbuf->len + len + 1 >= lbuf->size);
- lbuf->buf = erealloc(lbuf->buf, lbuf->size);
- }
- if (*fmt == '%') {
- if (*(++fmt) == 's') {
- while ((cp = strpbrk(s, set)) != NULL) {
- len = (int)(cp - s);
- memcpy(lbuf->buf + lbuf->len, s, len);
- lbuf->len += len;
- lbuf->buf[lbuf->len++] = '\\';
- lbuf->buf[lbuf->len++] = *cp;
- s = cp + 1;
- }
- if (*s != '\0') {
- len = strlen(s);
- memcpy(lbuf->buf + lbuf->len, s, len);
- lbuf->len += len;
- }
- fmt++;
- continue;
+ if ((s = va_arg(ap, char *)) == NULL)
+ goto done;
+ while ((cp = strpbrk(s, set)) != NULL) {
+ len = (int)(cp - s);
+ lbuf_expand(lbuf, len + 2);
+ memcpy(lbuf->buf + lbuf->len, s, len);
+ lbuf->len += len;
+ lbuf->buf[lbuf->len++] = '\\';
+ lbuf->buf[lbuf->len++] = *cp;
+ s = cp + 1;
}
+ if (*s != '\0') {
+ len = strlen(s);
+ lbuf_expand(lbuf, len);
+ memcpy(lbuf->buf + lbuf->len, s, len);
+ lbuf->len += len;
+ }
+ fmt += 2;
+ continue;
}
+ lbuf_expand(lbuf, 2);
if (strchr(set, *fmt) != NULL)
lbuf->buf[lbuf->len++] = '\\';
lbuf->buf[lbuf->len++] = *fmt++;
}
- lbuf->buf[lbuf->len] = '\0';
+done:
+ if (lbuf->size != 0)
+ lbuf->buf[lbuf->len] = '\0';
va_end(ap);
debug_return;
{
va_list ap;
int len;
- char *s = NULL;
+ char *s;
debug_decl(lbuf_append, SUDO_DEBUG_UTIL)
va_start(ap, fmt);
while (*fmt != '\0') {
- len = 1;
if (fmt[0] == '%' && fmt[1] == 's') {
- s = va_arg(ap, char *);
+ if ((s = va_arg(ap, char *)) == NULL)
+ goto done;
len = strlen(s);
+ lbuf_expand(lbuf, len);
+ memcpy(lbuf->buf + lbuf->len, s, len);
+ lbuf->len += len;
+ fmt += 2;
+ continue;
}
- if (lbuf->len + len + 1 >= lbuf->size) {
- do {
- lbuf->size += 256;
- } while (lbuf->len + len + 1 >= lbuf->size);
- lbuf->buf = erealloc(lbuf->buf, lbuf->size);
- }
- if (*fmt == '%') {
- if (*(++fmt) == 's') {
- memcpy(lbuf->buf + lbuf->len, s, len);
- lbuf->len += len;
- fmt++;
- continue;
- }
- }
+ lbuf_expand(lbuf, 1);
lbuf->buf[lbuf->len++] = *fmt++;
}
- lbuf->buf[lbuf->len] = '\0';
+done:
+ if (lbuf->size != 0)
+ lbuf->buf[lbuf->len] = '\0';
va_end(ap);
debug_return;
/*
- * Copyright (c) 2007-2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2008, 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
if (l != NULL) {
#ifdef DEBUG
if (l->prev == NULL) {
- warningx2("list2tq called with non-semicircular list");
+ warningx_nodebug("list2tq called with non-semicircular list");
abort();
}
#endif
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif
+
+#include "missing.h"
+#include "sudo_conf.h"
+
+static void sudo_conf_dump(void);
+
+/*
+ * Simple test driver for sudo_conf().
+ * Parses the given configuration file and dumps the resulting
+ * sudo_conf_data struct to the standard output.
+ */
+int
+main(int argc, char *argv[])
+{
+ if (argc != 2) {
+ fprintf(stderr, "usage: conf_test conf_file\n");
+ exit(1);
+ }
+ sudo_conf_read(argv[1]);
+ sudo_conf_dump();
+
+ exit(0);
+}
+
+static void
+sudo_conf_dump(void)
+{
+ struct plugin_info_list *plugins = sudo_conf_plugins();
+ struct plugin_info *info;
+
+ printf("Set disable_coredump %s\n",
+ sudo_conf_disable_coredump() ? "true" : "false");
+ printf("Set group_source %s\n",
+ sudo_conf_group_source() == GROUP_SOURCE_ADAPTIVE ? "adaptive" :
+ sudo_conf_group_source() == GROUP_SOURCE_STATIC ? "static" : "dynamic");
+ printf("Set max_groups %d\n", sudo_conf_max_groups());
+ if (sudo_conf_debug_flags() != NULL)
+ printf("Debug %s %s\n", getprogname(), sudo_conf_debug_flags());
+ if (sudo_conf_askpass_path() != NULL)
+ printf("Path askpass %s\n", sudo_conf_askpass_path());
+#ifdef _PATH_SUDO_NOEXEC
+ if (sudo_conf_noexec_path() != NULL)
+ printf("Path noexec %s\n", sudo_conf_noexec_path());
+#endif
+ tq_foreach_fwd(plugins, info) {
+ printf("Plugin %s %s", info->symbol_name, info->path);
+ if (info->options) {
+ char * const * op;
+ for (op = info->options; *op != NULL; op++)
+ printf(" %s", *op);
+ }
+ putchar('\n');
+ }
+}
+
+/* STUB */
+void
+warning_set_locale(void)
+{
+ return;
+}
+
+/* STUB */
+void
+warning_restore_locale(void)
+{
+ return;
+}
--- /dev/null
+#
+# Sample /etc/sudo.conf file
+#
+# Format:
+# Plugin plugin_name plugin_path plugin_options ...
+# Path askpass /path/to/askpass
+# Path noexec /path/to/sudo_noexec.so
+# Debug sudo /var/log/sudo_debug all@warn
+# Set disable_coredump true
+#
+# Sudo plugins:
+#
+# The plugin_path is relative to ${prefix}/libexec unless fully qualified.
+# The plugin_name corresponds to a global symbol in the plugin
+# that contains the plugin interface structure.
+# The plugin_options are optional.
+#
+# The sudoers plugin is used by default if no Plugin lines are present.
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+
+#
+# Sudo askpass:
+#
+# An askpass helper program may be specified to provide a graphical
+# password prompt for "sudo -A" support. Sudo does not ship with its
+# own askpass program but can use the OpenSSH askpass.
+#
+# Use the OpenSSH askpass
+Path askpass /usr/X11R6/bin/ssh-askpass
+#
+# Use the Gnome OpenSSH askpass
+#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+#
+# Sudo noexec:
+#
+# Path to a shared library containing dummy versions of the execv(),
+# execve() and fexecve() library functions that just return an error.
+# This is used to implement the "noexec" functionality on systems that
+# support C<LD_PRELOAD> or its equivalent.
+# The compiled-in value is usually sufficient and should only be changed
+# if you rename or move the sudo_noexec.so file.
+#
+Path noexec /usr/libexec/sudo_noexec.so
+
+#
+# Core dumps:
+#
+# By default, sudo disables core dumps while it is executing (they
+# are re-enabled for the command that is run).
+# To aid in debugging sudo problems, you may wish to enable core
+# dumps by setting "disable_coredump" to false.
+#
+Set disable_coredump false
+
+#
+# User groups:
+#
+# Sudo passes the user's group list to the policy plugin.
+# If the user is a member of the maximum number of groups (usually 16),
+# sudo will query the group database directly to be sure to include
+# the full list of groups.
+#
+# On some systems, this can be expensive so the behavior is configurable.
+# The "group_source" setting has three possible values:
+# static - use the user's list of groups returned by the kernel.
+# dynamic - query the group database to find the list of groups.
+# adaptive - if user is in less than the maximum number of groups.
+# use the kernel list, else query the group database.
+#
+Set group_source static
--- /dev/null
+Set disable_coredump false
+Set group_source static
+Set max_groups -1
+Path askpass /usr/X11R6/bin/ssh-askpass
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
--- /dev/null
+Set disable_coredump true
+Set group_source adaptive
+Set max_groups -1
--- /dev/null
+Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0
+Plugin sudoers_io sudoers.so
--- /dev/null
+Set disable_coredump true
+Set group_source adaptive
+Set max_groups -1
+Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_mode=0400 sudoers_gid=0 sudoers_uid=0
+Plugin sudoers_io sudoers.so
--- /dev/null
+Set disable_coredump foo
--- /dev/null
+Set disable_coredump true
+Set group_source adaptive
+Set max_groups -1
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif
+
+#include "missing.h"
+#include "fileops.h"
+
+/*
+ * Simple test driver for sudo_parseln().
+ * Behaves similarly to "cat -n" but with comment removal
+ * and line continuation.
+ */
+
+int
+main(int argc, char *argv[])
+{
+ unsigned int lineno = 0;
+ size_t linesize = 0;
+ char *line = NULL;
+
+ while (sudo_parseln(&line, &linesize, &lineno, stdin) != -1)
+ printf("%6u\t%s\n", lineno, line);
+ free(line);
+ exit(0);
+}
+
+/* STUB */
+void
+warning_set_locale(void)
+{
+ return;
+}
+
+/* STUB */
+void
+warning_restore_locale(void)
+{
+ return;
+}
--- /dev/null
+#
+# Sample /etc/sudo.conf file
+#
+# Format:
+# Plugin plugin_name plugin_path plugin_options ...
+# Path askpass /path/to/askpass
+# Path noexec /path/to/sudo_noexec.so
+# Debug sudo /var/log/sudo_debug all@warn
+# Set disable_coredump true
+#
+# Sudo plugins:
+#
+# The plugin_path is relative to ${prefix}/libexec unless fully qualified.
+# The plugin_name corresponds to a global symbol in the plugin
+# that contains the plugin interface structure.
+# The plugin_options are optional.
+#
+# The sudoers plugin is used by default if no Plugin lines are present.
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+
+#
+# Sudo askpass:
+#
+# An askpass helper program may be specified to provide a graphical
+# password prompt for "sudo -A" support. Sudo does not ship with its
+# own askpass program but can use the OpenSSH askpass.
+#
+# Use the OpenSSH askpass
+#Path askpass /usr/X11R6/bin/ssh-askpass
+#
+# Use the Gnome OpenSSH askpass
+#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+#
+# Sudo noexec:
+#
+# Path to a shared library containing dummy versions of the execv(),
+# execve() and fexecve() library functions that just return an error.
+# This is used to implement the "noexec" functionality on systems that
+# support C<LD_PRELOAD> or its equivalent.
+# The compiled-in value is usually sufficient and should only be changed
+# if you rename or move the sudo_noexec.so file.
+#
+#Path noexec /usr/libexec/sudo_noexec.so
+
+#
+# Core dumps:
+#
+# By default, sudo disables core dumps while it is executing (they
+# are re-enabled for the command that is run).
+# To aid in debugging sudo problems, you may wish to enable core
+# dumps by setting "disable_coredump" to false.
+#
+#Set disable_coredump false
+
+#
+# User groups:
+#
+# Sudo passes the user's group list to the policy plugin.
+# If the user is a member of the maximum number of groups (usually 16),
+# sudo will query the group database directly to be sure to include
+# the full list of groups.
+#
+# On some systems, this can be expensive so the behavior is configurable.
+# The "group_source" setting has three possible values:
+# static - use the user's list of groups returned by the kernel.
+# dynamic - query the group database to find the list of groups.
+# adaptive - if user is in less than the maximum number of groups.
+# use the kernel list, else query the group database.
+#
+#Set group_source static
--- /dev/null
+ 1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+ 10
+ 11
+ 12
+ 13
+ 14
+ 15
+ 16
+ 17
+ 18
+ 19 Plugin sudoers_policy sudoers.so
+ 20 Plugin sudoers_io sudoers.so
+ 21
+ 22
+ 23
+ 24
+ 25
+ 26
+ 27
+ 28
+ 29
+ 30
+ 31
+ 32
+ 33
+ 34
+ 35
+ 36
+ 37
+ 38
+ 39
+ 40
+ 41
+ 42
+ 43
+ 44
+ 45
+ 46
+ 47
+ 48
+ 49
+ 50
+ 51
+ 52
+ 53
+ 54
+ 55
+ 56
+ 57
+ 58
+ 59
+ 60
+ 61
+ 62
+ 63
+ 64
+ 65
+ 66
+ 67
+ 68
+ 69
+ 70
+ 71
+ 72
--- /dev/null
+this \
+is all \
+one line
+# this is a comment, and does not get continued\
+trim the \
+ leading \
+ white \
+space
--- /dev/null
+ 3 this is all one line
+ 4
+ 8 trim the leading white space
--- /dev/null
+line continuation at EOF \
--- /dev/null
+ 1 line continuation at EOF
--- /dev/null
+line contin\
+uation raw
+line contin\
+ uation indented
--- /dev/null
+ 2 line continuation raw
+ 4 line continuation indented
--- /dev/null
+ leading and trailing white space
+ # a comment
+\
--- /dev/null
+ 1 leading and trailing white space
+ 2
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef HAVE_STRING_H
# include <string.h>
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#endif /* HAVE_UNISTD_H */
#include <ctype.h>
#include <errno.h>
+#include <limits.h>
#define SUDO_ERROR_WRAP 0
#include "sudo_conf.h"
#include "sudo_debug.h"
#include "secure_path.h"
+
+#define DEFAULT_TEXT_DOMAIN "sudo"
#include "gettext.h"
#ifdef __TANDEM
# define ROOT_UID 0
#endif
-#ifndef _PATH_SUDO_ASKPASS
-# define _PATH_SUDO_ASKPASS NULL
-#endif
-
extern bool atobool(const char *str); /* atobool.c */
struct sudo_conf_table {
const char *name;
unsigned int namelen;
- bool (*setter)(const char *entry);
+ void (*setter)(const char *entry, const char *conf_file);
};
struct sudo_conf_paths {
const char *pval;
};
-static bool set_debug(const char *entry);
-static bool set_path(const char *entry);
-static bool set_plugin(const char *entry);
-static bool set_variable(const char *entry);
+static void set_debug(const char *entry, const char *conf_file);
+static void set_path(const char *entry, const char *conf_file);
+static void set_plugin(const char *entry, const char *conf_file);
+static void set_variable(const char *entry, const char *conf_file);
+static void set_var_disable_coredump(const char *entry, const char *conf_file);
+static void set_var_group_source(const char *entry, const char *conf_file);
+static void set_var_max_groups(const char *entry, const char *conf_file);
+
+static unsigned int conf_lineno;
static struct sudo_conf_table sudo_conf_table[] = {
{ "Debug", sizeof("Debug") - 1, set_debug },
{ NULL }
};
+static struct sudo_conf_table sudo_conf_table_vars[] = {
+ { "disable_coredump", sizeof("disable_coredump") - 1, set_var_disable_coredump },
+ { "group_source", sizeof("group_source") - 1, set_var_group_source },
+ { "max_groups", sizeof("max_groups") - 1, set_var_max_groups },
+ { NULL }
+};
+
static struct sudo_conf_data {
bool disable_coredump;
+ int group_source;
+ int max_groups;
const char *debug_flags;
- struct sudo_conf_paths paths[3];
+ struct sudo_conf_paths paths[4];
struct plugin_info_list plugins;
} sudo_conf_data = {
true,
+ GROUP_SOURCE_ADAPTIVE,
+ -1,
NULL,
{
#define SUDO_CONF_ASKPASS_IDX 0
{ "askpass", sizeof("askpass") - 1, _PATH_SUDO_ASKPASS },
+#define SUDO_CONF_SESH_IDX 1
+ { "sesh", sizeof("sesh") - 1, _PATH_SUDO_SESH },
#ifdef _PATH_SUDO_NOEXEC
-#define SUDO_CONF_NOEXEC_IDX 1
+#define SUDO_CONF_NOEXEC_IDX 2
{ "noexec", sizeof("noexec") - 1, _PATH_SUDO_NOEXEC },
#endif
{ NULL }
/*
* "Set variable_name value"
*/
-static bool
-set_variable(const char *entry)
+static void
+set_variable(const char *entry, const char *conf_file)
+{
+ struct sudo_conf_table *var;
+
+ for (var = sudo_conf_table_vars; var->name != NULL; var++) {
+ if (strncmp(entry, var->name, var->namelen) == 0 &&
+ isblank((unsigned char)entry[var->namelen])) {
+ entry += var->namelen + 1;
+ while (isblank((unsigned char)*entry))
+ entry++;
+ var->setter(entry, conf_file);
+ break;
+ }
+ }
+}
+
+static void
+set_var_disable_coredump(const char *entry, const char *conf_file)
+{
+ int val = atobool(entry);
+
+ if (val != -1)
+ sudo_conf_data.disable_coredump = val;
+}
+
+static void
+set_var_group_source(const char *entry, const char *conf_file)
{
-#undef DC_LEN
-#define DC_LEN (sizeof("disable_coredump") - 1)
- /* Currently the only variable supported is "disable_coredump". */
- if (strncmp(entry, "disable_coredump", DC_LEN) == 0 &&
- isblank((unsigned char)entry[DC_LEN])) {
- entry += DC_LEN + 1;
- while (isblank((unsigned char)*entry))
- entry++;
- sudo_conf_data.disable_coredump = atobool(entry);
+ if (strcasecmp(entry, "adaptive") == 0) {
+ sudo_conf_data.group_source = GROUP_SOURCE_ADAPTIVE;
+ } else if (strcasecmp(entry, "static") == 0) {
+ sudo_conf_data.group_source = GROUP_SOURCE_STATIC;
+ } else if (strcasecmp(entry, "dynamic") == 0) {
+ sudo_conf_data.group_source = GROUP_SOURCE_DYNAMIC;
+ } else {
+ warningx(_("unsupported group source `%s' in %s, line %d"), entry,
+ conf_file, conf_lineno);
+ }
+}
+
+static void
+set_var_max_groups(const char *entry, const char *conf_file)
+{
+ long lval;
+ char *ep;
+
+ lval = strtol(entry, &ep, 10);
+ if (*entry == '\0' || *ep != '\0' || lval < 0 || lval > INT_MAX ||
+ (errno == ERANGE && lval == LONG_MAX)) {
+ warningx(_("invalid max groups `%s' in %s, line %d"), entry,
+ conf_file, conf_lineno);
+ } else {
+ sudo_conf_data.max_groups = (int)lval;
}
-#undef DC_LEN
- return true;
}
/*
* "Debug progname debug_file debug_flags"
*/
-static bool
-set_debug(const char *entry)
+static void
+set_debug(const char *entry, const char *conf_file)
{
size_t filelen, proglen;
const char *progname;
proglen = strlen(progname);
if (strncmp(entry, progname, proglen) != 0 ||
!isblank((unsigned char)entry[proglen]))
- return false;
+ return;
entry += proglen + 1;
while (isblank((unsigned char)*entry))
entry++;
debug_flags = strpbrk(entry, " \t");
if (debug_flags == NULL)
- return false;
+ return;
filelen = (size_t)(debug_flags - entry);
while (isblank((unsigned char)*debug_flags))
debug_flags++;
efree(debug_file);
sudo_conf_data.debug_flags = debug_flags;
-
- return true;
}
-static bool
-set_path(const char *entry)
+static void
+set_path(const char *entry, const char *conf_file)
{
const char *name, *path;
struct sudo_conf_paths *cur;
name = entry;
path = strpbrk(entry, " \t");
if (path == NULL)
- return false;
+ return;
while (isblank((unsigned char)*path))
path++;
break;
}
}
-
- return true;
}
-static bool
-set_plugin(const char *entry)
+static void
+set_plugin(const char *entry, const char *conf_file)
{
struct plugin_info *info;
const char *name, *path, *cp, *ep;
name = entry;
path = strpbrk(entry, " \t");
if (path == NULL)
- return false;
+ return;
namelen = (size_t)(path - name);
while (isblank((unsigned char)*path))
path++;
info->options = options;
info->prev = info;
/* info->next = NULL; */
+ info->lineno = conf_lineno;
tq_append(&sudo_conf_data.plugins, info);
-
- return true;
}
const char *
return sudo_conf_data.paths[SUDO_CONF_ASKPASS_IDX].pval;
}
+const char *
+sudo_conf_sesh_path(void)
+{
+ return sudo_conf_data.paths[SUDO_CONF_SESH_IDX].pval;
+}
+
#ifdef _PATH_SUDO_NOEXEC
const char *
sudo_conf_noexec_path(void)
return sudo_conf_data.debug_flags;
}
+int
+sudo_conf_group_source(void)
+{
+ return sudo_conf_data.group_source;
+}
+
+int
+sudo_conf_max_groups(void)
+{
+ return sudo_conf_data.max_groups;
+}
+
struct plugin_info_list *
sudo_conf_plugins(void)
{
* Reads in /etc/sudo.conf and populates sudo_conf_data.
*/
void
-sudo_conf_read(void)
+sudo_conf_read(const char *conf_file)
{
struct sudo_conf_table *cur;
struct stat sb;
FILE *fp;
- char *cp;
-
- switch (sudo_secure_file(_PATH_SUDO_CONF, ROOT_UID, -1, &sb)) {
- case SUDO_PATH_SECURE:
- break;
- case SUDO_PATH_MISSING:
- /* Root should always be able to read sudo.conf. */
- if (errno != ENOENT && geteuid() == ROOT_UID)
- warning(_("unable to stat %s"), _PATH_SUDO_CONF);
- goto done;
- case SUDO_PATH_BAD_TYPE:
- warningx(_("%s is not a regular file"), _PATH_SUDO_CONF);
- goto done;
- case SUDO_PATH_WRONG_OWNER:
- warningx(_("%s is owned by uid %u, should be %u"),
- _PATH_SUDO_CONF, (unsigned int) sb.st_uid, ROOT_UID);
- goto done;
- case SUDO_PATH_WORLD_WRITABLE:
- warningx(_("%s is world writable"), _PATH_SUDO_CONF);
- goto done;
- case SUDO_PATH_GROUP_WRITABLE:
- warningx(_("%s is group writable"), _PATH_SUDO_CONF);
- goto done;
- default:
- /* NOTREACHED */
- goto done;
+ char *cp, *line = NULL;
+ char *prev_locale = estrdup(setlocale(LC_ALL, NULL));
+ size_t linesize = 0;
+
+ /* Parse sudo.conf in the "C" locale. */
+ if (prev_locale[0] != 'C' || prev_locale[1] != '\0')
+ setlocale(LC_ALL, "C");
+
+ if (conf_file == NULL) {
+ conf_file = _PATH_SUDO_CONF;
+ switch (sudo_secure_file(conf_file, ROOT_UID, -1, &sb)) {
+ case SUDO_PATH_SECURE:
+ break;
+ case SUDO_PATH_MISSING:
+ /* Root should always be able to read sudo.conf. */
+ if (errno != ENOENT && geteuid() == ROOT_UID)
+ warning(_("unable to stat %s"), conf_file);
+ goto done;
+ case SUDO_PATH_BAD_TYPE:
+ warningx(_("%s is not a regular file"), conf_file);
+ goto done;
+ case SUDO_PATH_WRONG_OWNER:
+ warningx(_("%s is owned by uid %u, should be %u"),
+ conf_file, (unsigned int) sb.st_uid, ROOT_UID);
+ goto done;
+ case SUDO_PATH_WORLD_WRITABLE:
+ warningx(_("%s is world writable"), conf_file);
+ goto done;
+ case SUDO_PATH_GROUP_WRITABLE:
+ warningx(_("%s is group writable"), conf_file);
+ goto done;
+ default:
+ /* NOTREACHED */
+ goto done;
+ }
}
- if ((fp = fopen(_PATH_SUDO_CONF, "r")) == NULL) {
+ if ((fp = fopen(conf_file, "r")) == NULL) {
if (errno != ENOENT && geteuid() == ROOT_UID)
- warning(_("unable to open %s"), _PATH_SUDO_CONF);
+ warning(_("unable to open %s"), conf_file);
goto done;
}
- while ((cp = sudo_parseln(fp)) != NULL) {
- /* Skip blank or comment lines */
- if (*cp == '\0')
- continue;
+ conf_lineno = 0;
+ while (sudo_parseln(&line, &linesize, &conf_lineno, fp) != -1) {
+ if (*(cp = line) == '\0')
+ continue; /* empty line or comment */
for (cur = sudo_conf_table; cur->name != NULL; cur++) {
if (strncasecmp(cp, cur->name, cur->namelen) == 0 &&
cp += cur->namelen;
while (isblank((unsigned char)*cp))
cp++;
- if (cur->setter(cp))
- break;
+ cur->setter(cp, conf_file);
+ break;
}
}
}
fclose(fp);
+ free(line);
done:
- return;
+ /* Restore locale if needed. */
+ if (prev_locale[0] != 'C' || prev_locale[1] != '\0')
+ setlocale(LC_ALL, prev_locale);
+ efree(prev_locale);
}
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <stdio.h>
#include "missing.h"
#include "alloc.h"
#include "error.h"
-#include "gettext.h"
#include "sudo_plugin.h"
#include "sudo_debug.h"
+#define DEFAULT_TEXT_DOMAIN "sudo"
+#include "gettext.h"
+
/*
* The debug priorities and subsystems are currently hard-coded.
* In the future we might consider allowing plugins to register their
static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3];
static size_t sudo_debug_pidlen;
-extern sudo_conv_t sudo_conv;
-
/*
* Parse settings string from sudo.conf and open debugfile.
* Returns 1 on success, 0 if cannot open debugfile.
if (debugfile != NULL) {
if (sudo_debug_fd != -1)
close(sudo_debug_fd);
- sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
- S_IRUSR|S_IWUSR);
- if (sudo_debug_fd == -1)
- return 0;
+ sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR);
+ if (sudo_debug_fd == -1) {
+ /* Create debug file as needed and set group ownership. */
+ if (errno == ENOENT) {
+ sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
+ S_IRUSR|S_IWUSR);
+ }
+ if (sudo_debug_fd == -1)
+ return 0;
+ ignore_result(fchown(sudo_debug_fd, (uid_t)-1, 0));
+ }
(void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC);
sudo_debug_mode = SUDO_DEBUG_MODE_FILE;
} else {
sudo_debug_write_conv(const char *func, const char *file, int lineno,
const char *str, int len, int errno_val)
{
- struct sudo_conv_message msg;
- struct sudo_conv_reply repl;
- char *buf = NULL;
-
- /* Call conversation function */
- if (sudo_conv != NULL) {
- /* Remove the newline at the end if appending extra info. */
- if (str[len - 1] == '\n')
- len--;
-
- if (func != NULL && file != NULL && lineno != 0) {
- if (errno_val) {
- easprintf(&buf, "%.*s: %s @ %s() %s:%d", len, str,
- strerror(errno_val), func, file, lineno);
- } else {
- easprintf(&buf, "%.*s @ %s() %s:%d", len, str,
- func, file, lineno);
- }
- str = buf;
- } else if (errno_val) {
- easprintf(&buf, "%.*s: %s", len, str, strerror(errno_val));
- str = buf;
+ /* Remove the newline at the end if appending extra info. */
+ if (str[len - 1] == '\n')
+ len--;
+
+ if (func != NULL && file != NULL) {
+ if (errno_val) {
+ sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s @ %s() %s:%d",
+ len, str, strerror(errno_val), func, file, lineno);
+ } else {
+ sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s @ %s() %s:%d",
+ len, str, func, file, lineno);
+ }
+ } else {
+ if (errno_val) {
+ sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s: %s",
+ len, str, strerror(errno_val));
+ } else {
+ sudo_printf(SUDO_CONV_DEBUG_MSG, "%.*s", len, str);
}
- memset(&msg, 0, sizeof(msg));
- memset(&repl, 0, sizeof(repl));
- msg.msg_type = SUDO_CONV_DEBUG_MSG;
- msg.msg = str;
- sudo_conv(1, &msg, &repl);
- if (buf != NULL)
- efree(buf);
}
}
}
/* Do timestamp last due to ctime's static buffer. */
- now = time(NULL);
+ time(&now);
timestr = ctime(&now) + 4;
timestr[15] = ' '; /* replace year with a space */
timestr[16] = '\0';
}
void
-sudo_debug_printf2(const char *func, const char *file, int lineno, int level,
- const char *fmt, ...)
+sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level,
+ const char *fmt, va_list ap)
{
int buflen, pri, subsys, saved_errno = errno;
- va_list ap;
char *buf;
if (!sudo_debug_mode)
/* Make sure we want debug info at this level. */
if (subsys < NUM_SUBSYSTEMS && sudo_debug_settings[subsys] >= pri) {
- va_start(ap, fmt);
buflen = vasprintf(&buf, fmt, ap);
va_end(ap);
if (buflen != -1) {
errno = saved_errno;
}
+void
+sudo_debug_printf2(const char *func, const char *file, int lineno, int level,
+ const char *fmt, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmt);
+ sudo_debug_vprintf2(func, file, lineno, level, fmt, ap);
+ va_end(ap);
+}
+
void
sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[])
{
--- /dev/null
+/*
+ * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <stdarg.h>
+#include <errno.h>
+
+#include "missing.h"
+#include "sudo_plugin.h"
+#include "sudo_debug.h"
+
+int
+_sudo_printf(int msg_type, const char *fmt, ...)
+{
+ va_list ap;
+ char *buf;
+ int len = -1;
+
+ switch (msg_type) {
+ case SUDO_CONV_INFO_MSG:
+ va_start(ap, fmt);
+ len = vfprintf(stdout, fmt, ap);
+ va_end(ap);
+ break;
+ case SUDO_CONV_ERROR_MSG:
+ va_start(ap, fmt);
+ len = vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ break;
+ case SUDO_CONV_DEBUG_MSG:
+ /* XXX - add debug version of vfprintf()? */
+ va_start(ap, fmt);
+ len = vasprintf(&buf, fmt, ap);
+ va_end(ap);
+ if (len != -1)
+ sudo_debug_write(buf, len, 0);
+ break;
+ default:
+ errno = EINVAL;
+ break;
+ }
+
+ return len;
+}
+
+sudo_printf_t sudo_printf = _sudo_printf;
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#
-# Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
$(CC) $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/mksigname.c -o $@
fnm_test: fnm_test.o libreplace.la
- $(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la
+ $(LIBTOOL) --mode=link $(CC) -o $@ fnm_test.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS)
globtest: globtest.o libreplace.la
- $(LIBTOOL) --mode=link $(CC) -o $@ globtest.o libreplace.la
+ $(LIBTOOL) --mode=link $(CC) -o $@ globtest.o libreplace.la $(PIE_LDFLAGS) $(SSP_LDFLAGS)
$(srcdir)/mksiglist.h: $(srcdir)/siglist.in
@if [ -n "$(DEVEL)" ]; then \
$(top_srcdir)/compat/dlfcn.h $(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/dlopen.c
fnm_test.o: $(srcdir)/regress/fnmatch/fnm_test.c $(top_builddir)/config.h \
- $(top_srcdir)/compat/fnmatch.h
+ $(top_srcdir)/compat/fnmatch.h $(incdir)/missing.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/fnmatch/fnm_test.c
fnmatch.lo: $(srcdir)/fnmatch.c $(top_builddir)/config.h $(incdir)/missing.h \
$(top_srcdir)/compat/charclass.h $(top_srcdir)/compat/fnmatch.h
getcwd.lo: $(srcdir)/getcwd.c $(top_builddir)/config.h $(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getcwd.c
getgrouplist.lo: $(srcdir)/getgrouplist.c $(top_builddir)/config.h \
- $(incdir)/missing.h
+ $(top_srcdir)/compat/nss_dbdefs.h $(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrouplist.c
getline.lo: $(srcdir)/getline.c $(top_builddir)/config.h $(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getline.c
/*
- * Copyright (c) 2004-2005, 2007, 2010
+ * Copyright (c) 2004-2005, 2007, 2010, 2012-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
+#ifndef HAVE_CLOSEFROM
+
#include <sys/types.h>
-#include <sys/param.h>
#include <unistd.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# endif
#endif /* STDC_HEADERS */
#include <fcntl.h>
-#ifdef HAVE_DIRENT_H
-# include <dirent.h>
-# define NAMLEN(dirent) strlen((dirent)->d_name)
+#ifdef HAVE_PSTAT_GETPROC
+# include <sys/param.h>
+# include <sys/pstat.h>
#else
-# define dirent direct
-# define NAMLEN(dirent) (dirent)->d_namlen
-# ifdef HAVE_SYS_NDIR_H
-# include <sys/ndir.h>
-# endif
-# ifdef HAVE_SYS_DIR_H
-# include <sys/dir.h>
-# endif
-# ifdef HAVE_NDIR_H
-# include <ndir.h>
+# ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+# else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+# include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+# include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+# include <ndir.h>
+# endif
# endif
#endif
* Close all file descriptors greater than or equal to lowfd.
* We try the fast way first, falling back on the slow method.
*/
-#ifdef HAVE_FCNTL_CLOSEM
+#if defined(HAVE_FCNTL_CLOSEM)
void
closefrom(int lowfd)
{
if (fcntl(lowfd, F_CLOSEM, 0) == -1)
closefrom_fallback(lowfd);
}
-#else
-# ifdef HAVE_DIRFD
+#elif defined(HAVE_PSTAT_GETPROC)
+void
+closefrom(int lowfd)
+{
+ struct pst_status pstat;
+ int fd;
+
+ if (pstat_getproc(&pstat, sizeof(pstat), 0, getpid()) != -1) {
+ for (fd = lowfd; fd <= pstat.pst_highestfd; fd++)
+ (void) close(fd);
+ } else {
+ closefrom_fallback(lowfd);
+ }
+}
+#elif defined(HAVE_DIRFD)
void
closefrom(int lowfd)
{
} else
closefrom_fallback(lowfd);
}
-#endif /* HAVE_DIRFD */
#endif /* HAVE_FCNTL_CLOSEM */
+#endif /* HAVE_CLOSEFROM */
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010, 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_DLOPEN
+
#include <sys/types.h>
#include <stdio.h>
void *
sudo_dlopen(const char *path, int mode)
{
- int flags = DYNAMIC_PATH;
+ int flags = DYNAMIC_PATH | BIND_VERBOSE;
if (mode == 0)
mode = RTLD_LAZY; /* default behavior */
{
return strerror(errno);
}
-
#endif /* HAVE_SHL_LOAD */
+#endif /* HAVE_DLOPEN */
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _COMPAT_ENDIAN_H
+#define _COMPAT_ENDIAN_H
+
+#ifndef BYTE_ORDER
+# undef LITTLE_ENDIAN
+# define LITTLE_ENDIAN 1234
+# undef BIG_ENDIAN
+# define BIG_ENDIAN 4321
+# undef UNKNOWN_ENDIAN
+# define UNKNOWN_ENDIAN 0
+
+/*
+ * Attempt to guess endianness.
+ * Solaris may define _LITTLE_ENDIAN and _BIG_ENDIAN to 1
+ * HP-UX may define __LITTLE_ENDIAN__ and __BIG_ENDIAN__ to 1
+ * Otherwise, check for cpu-specific cpp defines.
+ * Note that some CPUs are bi-endian, including: arm, powerpc, alpha,
+ * sparc64, mips, hppa, sh4 and ia64.
+ * We just check for the most common uses.
+ */
+
+# if defined(__BYTE_ORDER)
+# define BYTE_ORDER __BYTE_ORDER
+# elif defined(_BYTE_ORDER)
+# define BYTE_ORDER _BYTE_ORDER
+# elif defined(_LITTLE_ENDIAN) || defined(__LITTLE_ENDIAN__)
+# define BYTE_ORDER LITTLE_ENDIAN
+# elif defined(_BIG_ENDIAN) || defined(__BIG_ENDIAN__)
+# define BYTE_ORDER BIG_ENDIAN
+# elif defined(__alpha__) || defined(__alpha) || defined(__amd64) || \
+ defined(BIT_ZERO_ON_RIGHT) || defined(i386) || defined(__i386) || \
+ defined(MIPSEL) || defined(_MIPSEL) || defined(ns32000) || \
+ defined(__ns3200) || defined(sun386) || defined(vax) || \
+ defined(__vax) || defined(__x86__) || \
+ (defined(sun) && defined(__powerpc)) || \
+ (!defined(__hpux) && defined(__ia64))
+# define BYTE_ORDER LITTLE_ENDIAN
+# elif defined(__68k__) || defined(apollo) || defined(BIT_ZERO_ON_LEFT) || \
+ defined(__convex__) || defined(_CRAY) || defined(DGUX) || \
+ defined(__hppa) || defined(__hp9000) || defined(__hp9000s300) || \
+ defined(__hp9000s700) || defined(__hp3000s900) || \
+ defined(ibm032) || defined(ibm370) || defined(_IBMR2) || \
+ defined(is68k) || defined(mc68000) || defined(m68k) || \
+ defined(__m68k) || defined(m88k) || defined(__m88k) || \
+ defined(MIPSEB) || defined(_MIPSEB) || defined(MPE) || \
+ defined(pyr) || defined(__powerpc) || defined(__powerpc__) || \
+ defined(sel) || defined(__sparc) || defined(__sparc__) || \
+ defined(tahoe) || (defined(__hpux) && defined(__ia64)) || \
+ (defined(sun) && defined(__powerpc))
+# define BYTE_ORDER BIG_ENDIAN
+# else
+# define BYTE_ORDER UNKNOWN_ENDIAN
+# endif
+#endif /* BYTE_ORDER */
+
+#endif /* _COMPAT_ENDIAN_H */
#include <config.h>
+#ifndef HAVE_FNMATCH
+
#include <sys/types.h>
#include <stdio.h>
/* pattern didn't match to the end of string */
return FNM_NOMATCH;
}
+#endif /* HAVE_FNMATCH */
#include <config.h>
+#ifndef HAVE_GETADDRINFO
+
#include <sys/types.h>
#include <sys/socket.h>
return 0;
}
}
+#endif /* HAVE_GETADDRINFO */
#include <config.h>
-#include <sys/param.h>
+#ifndef HAVE_GETCWD
+
+#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
(void)closedir(dir);
return NULL;
}
+#endif /* HAVE_GETCWD */
#include <config.h>
+#ifndef HAVE_GETGROUPLIST
+
#include <sys/types.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <strings.h>
#endif /* HAVE_STRINGS_H */
#include <grp.h>
+#ifdef HAVE_NSS_SEARCH
+# include <limits.h>
+# include <nsswitch.h>
+# ifdef HAVE_NSS_DBDEFS_H
+# include <nss_dbdefs.h>
+# else
+# include "compat/nss_dbdefs.h"
+# endif
+#endif
#include "missing.h"
rval = 0;
done:
- efree(grset);
+ free(grset);
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
return rval;
}
-#elif defined(HAVE__GETGROUPSBYMEMBER)
+#elif defined(HAVE_NSS_SEARCH)
+
+#ifndef GID_MAX
+# define GID_MAX UID_MAX
+#endif
+
+#ifndef ALIGNBYTES
+# define ALIGNBYTES (sizeof(long) - 1L)
+#endif
+#ifndef ALIGN
+# define ALIGN(p) (((unsigned long)(p) + ALIGNBYTES) & ~ALIGNBYTES)
+#endif
+
+extern void _nss_initf_group(nss_db_params_t *);
/*
- * BSD-compatible getgrouplist(3) using _getgroupsbymember(3)
+ * Convert a groups file string (instr) to a struct group (ent) using
+ * buf for storage.
*/
-int
-getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp)
+static int
+str2grp(const char *instr, int inlen, void *ent, char *buf, int buflen)
{
- int ngroups, grpsize = *ngroupsp;
- int rval = -1;
+ struct group *grp = ent;
+ char *cp, *ep, *fieldsep = buf;
+ char **gr_mem, **gr_end;
+ int yp = 0;
+ unsigned long gid;
+
+ /* Must at least have space to copy instr -> buf. */
+ if (inlen >= buflen)
+ return NSS_STR_PARSE_ERANGE;
+
+ /* Paranoia: buf and instr should be distinct. */
+ if (buf != instr) {
+ memmove(buf, instr, inlen);
+ buf[inlen] = '\0';
+ }
+
+ if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
+ return NSS_STR_PARSE_PARSE;
+ *fieldsep++ = '\0';
+ grp->gr_name = cp;
+
+ /* Check for YP inclusion/exclusion entries. */
+ if (*cp == '+' || *cp == '-') {
+ /* Only the name is required for YP inclusion/exclusion entries. */
+ grp->gr_passwd = "";
+ grp->gr_gid = 0;
+ grp->gr_mem = NULL;
+ yp = 1;
+ }
+
+ if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
+ return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
+ *fieldsep++ = '\0';
+ grp->gr_passwd = cp;
+
+ if ((fieldsep = strchr(cp = fieldsep, ':')) == NULL)
+ return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
+ *fieldsep++ = '\0';
+ gid = strtoul(cp, &ep, 10);
+ if (*cp == '\0' || *ep != '\0')
+ return yp ? NSS_STR_PARSE_SUCCESS : NSS_STR_PARSE_PARSE;
+#ifdef GID_NOBODY
+ if (*cp == '-' && gid != 0) {
+ /* Negative gids get mapped to nobody on Solaris. */
+ grp->gr_gid = GID_NOBODY;
+ } else
+#endif
+ if ((errno == ERANGE && gid == ULONG_MAX) ||
+ gid > GID_MAX || gid != (gid_t)gid) {
+ return NSS_STR_PARSE_ERANGE;
+ } else {
+ grp->gr_gid = (gid_t)gid;
+ }
+
+ /* Store group members, taking care to use proper alignment. */
+ grp->gr_mem = NULL;
+ if (*fieldsep != '\0') {
+ grp->gr_mem = gr_mem = (char **)ALIGN(buf + inlen + 1);
+ gr_end = (char **)((unsigned long)(buf + buflen) & ~ALIGNBYTES);
+ for (;;) {
+ if (gr_mem == gr_end)
+ return NSS_STR_PARSE_ERANGE; /* out of space! */
+ *gr_mem++ = cp;
+ if (fieldsep == NULL)
+ break;
+ if ((fieldsep = strchr(cp = fieldsep, ',')) != NULL)
+ *fieldsep++ = '\0';
+ }
+ *gr_mem = NULL;
+ }
+ return NSS_STR_PARSE_SUCCESS;
+}
+
+static nss_status_t
+process_cstr(const char *instr, int inlen, struct nss_groupsbymem *gbm)
+{
+ const char *user = gbm->username;
+ nss_status_t rval = NSS_NOTFOUND;
+ nss_XbyY_buf_t *buf;
+ struct group *grp;
+ char **gr_mem;
+ int error, i;
- if (grpsize > 0) {
- /* We support BSD semantics where the first element is the base gid */
- groups[0] = basegid;
+ buf = _nss_XbyY_buf_alloc(sizeof(struct group), NSS_BUFLEN_GROUP);
+ if (buf == NULL)
+ return NSS_UNAVAIL;
- /* The last arg is 1 because we already filled in the base gid. */
- ngroups = _getgroupsbymember(name, groups, grpsize, 1);
- if (ngroups != -1) {
- rval = 0;
- *ngroupsp = ngroups;
+ /* Parse groups file string -> struct group. */
+ grp = buf->result;
+ error = (*gbm->str2ent)(instr, inlen, grp, buf->buffer, buf->buflen);
+ if (error || grp->gr_mem == NULL)
+ goto done;
+
+ for (gr_mem = grp->gr_mem; *gr_mem != NULL; gr_mem++) {
+ if (strcmp(*gr_mem, user) == 0) {
+ /* Append to gid_array unless gr_gid is a dupe. */
+ for (i = 0; i < gbm->numgids; i++) {
+ if (gbm->gid_array[i] == grp->gr_gid)
+ goto done; /* already present */
+ }
+ /* Store gid if there is space. */
+ if (i < gbm->maxgids)
+ gbm->gid_array[i] = grp->gr_gid;
+ /* Always increment numgids so we can detect when out of space. */
+ gbm->numgids++;
+ goto done;
}
}
+done:
+ _nss_XbyY_buf_free(buf);
return rval;
}
+/*
+ * BSD-compatible getgrouplist(3) using nss_search(3)
+ */
+int
+getgrouplist(const char *name, gid_t basegid, gid_t *groups, int *ngroupsp)
+{
+ struct nss_groupsbymem gbm;
+ static DEFINE_NSS_DB_ROOT(db_root);
+
+ /* We support BSD semantics where the first element is the base gid */
+ if (*ngroupsp <= 0)
+ return -1;
+ groups[0] = basegid;
+
+ memset(&gbm, 0, sizeof(gbm));
+ gbm.username = name;
+ gbm.gid_array = groups;
+ gbm.maxgids = *ngroupsp;
+ gbm.numgids = 1; /* for basegid */
+ gbm.force_slow_way = 1;
+ gbm.str2ent = str2grp;
+ gbm.process_cstr = process_cstr;
+
+ /*
+ * Can't use nss_search return value since it may return NSS_UNAVAIL
+ * when no nsswitch.conf entry (e.g. compat mode).
+ */
+ (void)nss_search(&db_root, _nss_initf_group, NSS_DBOP_GROUP_BYMEMBER, &gbm);
+
+ if (gbm.numgids <= gbm.maxgids) {
+ *ngroupsp = gbm.numgids;
+ return 0;
+ }
+ *ngroupsp = gbm.maxgids;
+ return -1;
+}
+
#else /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
/*
return rval;
}
#endif /* !HAVE_GETGRSET && !HAVE__GETGROUPSBYMEMBER */
+#endif /* HAVE_GETGROUPLIST */
/*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2010, 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_GETLINE
+
#include <sys/types.h>
#include <stdio.h>
*bufsizep = bufsize;
return len;
}
-#endif
+#endif /* HAVE_FGETLN */
+#endif /* HAVE_GETLINE */
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
+
#include <sys/types.h>
#include <stdio.h>
{
return progname;
}
+#endif /* !HAVE_GETPROGNAME !HAVE___PROGNAME */
#include <config.h>
-#include <sys/param.h>
+#ifndef HAVE_GLOB
+
+#include <sys/types.h>
#include <sys/stat.h>
#include <stdio.h>
(void)printf("%c", ismeta(*p) ? '_' : ' ');
(void)printf("\n");
}
-#endif
+#endif /* DEBUG */
+#endif /* HAVE_GLOB */
/*
- * Copyright (c) 2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2008, 2010-2011, 2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_ISBLANK
+
#include <sys/types.h>
#include "missing.h"
{
return ch == ' ' || ch == '\t';
}
+#endif /* HAVE_ISBLANK */
/*
- * Copyright (c) 2007, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007, 2010-2011, 2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_MEMRCHR
+
#include <sys/types.h>
#include "missing.h"
}
return (void *)0;
}
+#endif /* HAVE_MEMRCHR */
/*
- * Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include "missing.h"
+__dso_public int main(int argc, char *argv[]);
+
int
main(int argc, char *argv[])
{
#include "missing.h"
+__dso_public int main(int argc, char *argv[]);
+
int
main(int argc, char *argv[])
{
/*
- * Copyright (c) 2001, 2003, 2004, 2008-2011
+ * Copyright (c) 2001, 2003, 2004, 2008-2011, 2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
+#if !defined(HAVE_MKSTEMPS) || !defined(HAVE_MKDTEMP)
+
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
return path;
}
#endif /* HAVE_MKDTEMP */
+#endif /* !HAVE_MKSTEMPS || !HAVE_MKDTEMP */
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_NANOSLEEP
+
#include <sys/types.h>
#include <sys/time.h>
#ifdef HAVE_SYS_SELECT_H
}
return rval;
}
+#endif /* HAVE_NANOSLEEP */
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _COMPAT_NSS_DBDEFS_H
+#define _COMPAT_NSS_DBDEFS_H
+
+/*
+ * Bits of nss_dbdefs.h and nss_common.h needed to implement
+ * getgrouplist(3) using nss_search(3).
+ *
+ * HP-UX does not ship those headers so we need this compatibility header.
+ * It may also work on other systems that use a Solaris-derived nsswitch
+ * API.
+ */
+
+#ifdef NEED_HPUX_MUTEX
+# include <synch.h>
+#endif
+
+typedef enum {
+ NSS_SUCCESS,
+ NSS_NOTFOUND,
+ NSS_UNAVAIL
+} nss_status_t;
+
+typedef struct nss_db_params {
+ const char *name;
+ const char *config_name;
+ const char *default_config;
+ unsigned int max_active_per_src;
+ unsigned int max_dormant_per_src;
+ int flags;
+ void *finders;
+ void *private;
+ void (*cleanup)(struct nss_db_params *);
+} nss_db_params_t;
+
+struct nss_groupsbymem {
+ const char *username;
+ gid_t *gid_array;
+ int maxgids;
+ int force_slow_way;
+ int (*str2ent)(const char *, int, void *, char *, int);
+ nss_status_t (*process_cstr)(const char *, int, struct nss_groupsbymem *);
+ int numgids;
+};
+
+typedef struct {
+ void *result; /* group struct to fill in. */
+ char *buffer; /* string buffer for above */
+ size_t buflen; /* string buffer size */
+} nss_XbyY_buf_t;
+
+typedef struct {
+ void *state; /* really struct nss_db_state * */
+#ifdef NEED_HPUX_MUTEX
+ lwp_mutex_t lock;
+#endif
+} nss_db_root_t;
+
+#ifdef NEED_HPUX_MUTEX
+# define NSS_DB_ROOT_INIT { 0, LWP_MUTEX_INITIALIZER }
+#else
+# define NSS_DB_ROOT_INIT { 0 }
+#endif
+# define DEFINE_NSS_DB_ROOT(name) nss_db_root_t name = NSS_DB_ROOT_INIT
+
+/* Backend function to find all groups a user belongs to for initgroups(). */
+#define NSS_DBOP_GROUP_BYMEMBER 6
+
+/* str2ent function return values */
+#define NSS_STR_PARSE_SUCCESS 0
+#define NSS_STR_PARSE_PARSE 1
+#define NSS_STR_PARSE_ERANGE 2
+
+/* Max length for an /etc/group file line. */
+#define NSS_BUFLEN_GROUP 8192
+
+/* HP-UX uses an extra underscore for these functions. */
+#ifdef HAVE___NSS_INITF_GROUP
+# define _nss_initf_group __nss_initf_group
+#endif
+#ifdef HAVE___NSS_XBYY_BUF_ALLOC
+# define _nss_XbyY_buf_alloc __nss_XbyY_buf_alloc
+# define _nss_XbyY_buf_free __nss_XbyY_buf_free
+#endif
+
+typedef void (*nss_db_initf_t)(nss_db_params_t *);
+extern nss_status_t nss_search(nss_db_root_t *, nss_db_initf_t, int, void *);
+extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int, int);
+extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *);
+
+#endif /* _COMPAT_NSS_DBDEFS_H */
/*
- * Copyright (c) 2000, 2002, 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2000, 2002, 2012-2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_PW_DUP
+
#include <sys/types.h>
#include <stdio.h>
return newpw;
}
+#endif /* HAVE_PW_DUP */
# include "compat/fnmatch.h"
#endif
+#include "missing.h"
+
+__dso_public int main(int argc, char *argv[]);
+
int
main(int argc, char *argv[])
{
};
int test_glob(struct gl_entry *);
+__dso_public int main(int argc, char *argv[]);
int
main(int argc, char **argv)
/*
- * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_SIG2STR
+
#include <sys/types.h>
#include <errno.h>
errno = EINVAL;
return -1;
}
+#endif /* HAVE_SIG2STR */
/*
- * Copyright (c) 1999-2005, 2008, 2010-2011
+ * Copyright (c) 1999-2005, 2008, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
#include <config.h>
+#if !defined(HAVE_VSNPRINTF) || !defined(HAVE_SNPRINTF) || !defined(HAVE_VASPRINTF) || !defined(HAVE_ASPRINTF)
+
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# endif
#endif /* STDC_HEADERS */
-#ifdef HAVE_STDINT_H
+#if defined(HAVE_STDINT_H)
# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
#endif
#ifdef HAVE_STRING_H
# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
#define LADJUST 0x004 /* left adjustment */
#define LONGDBL 0x008 /* long double; unimplemented */
#define LONGINT 0x010 /* long integer */
-#define QUADINT 0x020 /* quad integer */
+#define LLONGINT 0x020 /* quad integer */
#define SHORTINT 0x040 /* short integer */
#define ZEROPAD 0x080 /* zero (as opposed to blank) pad */
flags |= SHORTINT;
goto rflag;
case 'l':
- flags |= LONGINT;
+ if (*fmt == 'l') {
+ fmt++;
+ flags |= LLONGINT;
+ } else {
+ flags |= LONGINT;
+ }
goto rflag;
#ifdef HAVE_LONG_LONG_INT
case 'q':
- flags |= QUADINT;
+ flags |= LLONGINT;
goto rflag;
#endif /* HAVE_LONG_LONG_INT */
case 'c':
case 'd':
case 'i':
#ifdef HAVE_LONG_LONG_INT
- if (flags & QUADINT) {
+ if (flags & LLONGINT) {
uqval = va_arg(ap, long long);
if ((long long)uqval < 0) {
uqval = -uqval;
goto number;
case 'n':
#ifdef HAVE_LONG_LONG_INT
- if (flags & QUADINT)
+ if (flags & LLONGINT)
*va_arg(ap, long long *) = ret;
else
#endif /* HAVE_LONG_LONG_INT */
/*FALLTHROUGH*/
case 'o':
#ifdef HAVE_LONG_LONG_INT
- if (flags & QUADINT)
+ if (flags & LLONGINT)
uqval = va_arg(ap, unsigned long long);
else
#endif /* HAVE_LONG_LONG_INT */
ulval = (unsigned long)va_arg(ap, void *);
base = 16;
xdigs = "0123456789abcdef";
- flags = (flags & ~QUADINT) | HEXPREFIX;
+ flags = (flags & ~LLONGINT) | HEXPREFIX;
ch = 'x';
goto nosign;
case 's':
/*FALLTHROUGH*/
case 'u':
#ifdef HAVE_LONG_LONG_INT
- if (flags & QUADINT)
+ if (flags & LLONGINT)
uqval = va_arg(ap, unsigned long long);
else
#endif /* HAVE_LONG_LONG_INT */
xdigs = "0123456789abcdef";
hex:
#ifdef HAVE_LONG_LONG_INT
- if (flags & QUADINT)
+ if (flags & LLONGINT)
uqval = va_arg(ap, unsigned long long);
else
#endif /* HAVE_LONG_LONG_INT */
/* leading 0x/X only if non-zero */
if (flags & ALT &&
#ifdef HAVE_LONG_LONG_INT
- (flags & QUADINT ? uqval != 0 : ulval != 0))
+ (flags & LLONGINT ? uqval != 0 : ulval != 0))
#else
ulval != 0)
#endif /* HAVE_LONG_LONG_INT */
*/
cp = buf + BUF;
#ifdef HAVE_LONG_LONG_INT
- if (flags & QUADINT) {
+ if (flags & LLONGINT) {
if (uqval != 0 || prec != 0)
cp = __uqtoa(uqval, cp, base,
flags & ALT, xdigs);
return ret;
}
#endif /* HAVE_ASPRINTF */
+
+#endif /* !HAVE_VSNPRINTF || !HAVE_SNPRINTF || !HAVE_VASPRINTF || !HAVE_ASPRINTF */
/* $OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $ */
/*
- * Copyright (c) 1998, 2003-2005, 2010-2011
+ * Copyright (c) 1998, 2003-2005, 2010-2011, 2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
+#ifndef HAVE_STRLCAT
+
#include <sys/types.h>
#include <string.h>
return dlen + (s - src); /* count does not include NUL */
}
+#endif /* HAVE_STRLCAT */
/* $OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $ */
/*
- * Copyright (c) 1998, 2003-2005, 2010-2011
+ * Copyright (c) 1998, 2003-2005, 2010-2011, 2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
+#ifndef HAVE_STRLCPY
+
#include <sys/types.h>
#include "missing.h"
return s - src - 1; /* count does not include NUL */
}
+#endif /* HAVE_STRLCPY */
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
+#ifndef HAVE_STRSIGNAL
+
#include <sys/types.h>
#include <stdio.h>
/* XXX - should be "Unknown signal: %d" */
return _("Unknown signal");
}
+#endif /* HAVE_STRSIGNAL */
/*
- * Copyright (c) 2004-2005, 2007, 2010-2011
+ * Copyright (c) 2004-2005, 2007, 2010-2011, 2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
+#if !defined(HAVE_UTIMES) || (!defined(HAVE_FUTIMES) && !defined(HAVE_FUTIMESAT))
+
#include <sys/types.h>
#include <sys/time.h>
#include <stdio.h>
return futime(fd, NULL);
}
#endif /* HAVE_FUTIME */
+
+#endif /* !HAVE_UTIMES || (!HAVE_FUTIMES && !HAVE_FUTIMESAT) */
/* Define to 1 if the compiler supports the __visibility__ attribute. */
#undef HAVE_DSO_VISIBILITY
+/* Define to 1 if you have the <endian.h> header file. */
+#undef HAVE_ENDIAN_H
+
/* Define to 1 if your system has the F_CLOSEM fcntl. */
#undef HAVE_FCNTL_CLOSEM
#undef HAVE_GETADDRINFO
/* Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow
- passwords) */
+ passwords). */
#undef HAVE_GETAUTHUID
/* Define to 1 if you have the `getcwd' function. */
#undef HAVE_GETPROGNAME
/* Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow
- passwords) */
+ passwords). */
#undef HAVE_GETPRPWNAM
/* Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow
- passwords) */
+ passwords). */
#undef HAVE_GETPWANAM
/* Define to 1 if you have the `getresuid' function. */
#undef HAVE_GETRESUID
/* Define to 1 if you have the `getspnam' function (SVR4-style shadow
- passwords) */
+ passwords). */
#undef HAVE_GETSPNAM
/* Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow
- passwords) */
+ passwords). */
#undef HAVE_GETSPWUID
/* Define to 1 if you have the `getttyent' function. */
#undef HAVE_ISBLANK
/* Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for
- shadow enabled) */
+ shadow enabled). */
#undef HAVE_ISCOMSEC
/* Define to 1 if you have the `issecure' function. (SunOS 4.x check for
- shadow enabled) */
+ shadow enabled). */
#undef HAVE_ISSECURE
/* Define to 1 if you use Kerberos V. */
/* Define to 1 if you have the `krb5_verify_user' function. */
#undef HAVE_KRB5_VERIFY_USER
-/* Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not) */
+/* Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not). */
#undef HAVE_LBER_H
/* Define to 1 if you use LDAP for sudoers. */
/* Define to 1 if you have the `lrand48' function. */
#undef HAVE_LRAND48
+/* Define to 1 if you have the <machine/endian.h> header file. */
+#undef HAVE_MACHINE_ENDIAN_H
+
/* Define to 1 if you have the <maillock.h> header file. */
#undef HAVE_MAILLOCK_H
/* Define to 1 if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
-/* Define to 1 if you have the `mbr_check_membership' function. */
-#undef HAVE_MBR_CHECK_MEMBERSHIP
-
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define to 1 if you have the `nl_langinfo' function. */
#undef HAVE_NL_LANGINFO
+/* Define to 1 if you have the <nss_dbdefs.h> header file. */
+#undef HAVE_NSS_DBDEFS_H
+
+/* Define to 1 if you have the `nss_search' function. */
+#undef HAVE_NSS_SEARCH
+
/* Define to 1 if you have the `openpty' function. */
#undef HAVE_OPENPTY
/* Define to 1 if you have the <project.h> header file. */
#undef HAVE_PROJECT_H
+/* Define to 1 if you have the `pstat_getproc' function. */
+#undef HAVE_PSTAT_GETPROC
+
/* Define to 1 if you have the <pty.h> header file. */
#undef HAVE_PTY_H
#undef HAVE_REVOKE
/* Define to 1 if the skeychallenge() function is RFC1938-compliant and takes
- 4 arguments */
+ 4 arguments. */
#undef HAVE_RFC1938_SKEYCHALLENGE
/* Define to 1 if you have the <sasl.h> header file. */
/* Define to 1 if you have the `setkeycreatecon' function. */
#undef HAVE_SETKEYCREATECON
-/* Define to 1 if you have the `setlocale' function. */
-#undef HAVE_SETLOCALE
-
/* Define to 1 if you have the `setresuid' function. */
#undef HAVE_SETRESUID
/* Define to 1 if you have the `strsignal' function. */
#undef HAVE_STRSIGNAL
+/* Define to 1 if you have the `strtoll' function. */
+#undef HAVE_STRTOLL
+
/* Define to 1 if `d_type' is a member of `struct dirent'. */
#undef HAVE_STRUCT_DIRENT_D_TYPE
/* Define to 1 if `ut_user' is a member of `struct utmp'. */
#undef HAVE_STRUCT_UTMP_UT_USER
-/* Define to 1 if your struct stat has an st_mtim member */
+/* Define to 1 if your struct stat has an st_mtim member. */
#undef HAVE_ST_MTIM
-/* Define to 1 if your struct stat has an st_mtimespec member */
+/* Define to 1 if your struct stat has an st_mtimespec member. */
#undef HAVE_ST_MTIMESPEC
-/* Define to 1 if your struct stat uses an st__tim union */
+/* Define to 1 if your struct stat uses an st__tim union. */
#undef HAVE_ST__TIM
/* Define to 1 if you have the `sysconf' function. */
*/
#undef HAVE_SYS_DIR_H
+/* Define to 1 if you have the <sys/endian.h> header file. */
+#undef HAVE_SYS_ENDIAN_H
+
/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
*/
#undef HAVE_SYS_NDIR_H
/* Define to 1 if the system has the type `_Bool'. */
#undef HAVE__BOOL
-/* Define to 1 if you have the `_getgroupsbymember' function. */
-#undef HAVE__GETGROUPSBYMEMBER
-
/* Define to 1 if you have the `_getpty' function. */
#undef HAVE__GETPTY
/* Define to 1 if you have the `_innetgr' function. */
#undef HAVE__INNETGR
+/* Define to 1 if you have the `_nss_initf_group' function. */
+#undef HAVE__NSS_INITF_GROUP
+
+/* Define to 1 if you have the `_nss_XbyY_buf_alloc' function. */
+#undef HAVE__NSS_XBYY_BUF_ALLOC
+
/* Define to 1 if you have the `_ttyname_dev' function. */
#undef HAVE__TTYNAME_DEV
/* Define to 1 if the compiler supports the C99 __func__ variable. */
#undef HAVE___FUNC__
+/* Define to 1 if you have the `__nss_initf_group' function. */
+#undef HAVE___NSS_INITF_GROUP
+
+/* Define to 1 if you have the `__nss_XbyY_buf_alloc' function. */
+#undef HAVE___NSS_XBYY_BUF_ALLOC
+
/* Define to 1 if your crt0.o defines the __progname symbol for you. */
#undef HAVE___PROGNAME
/* Define to 1 if you want the hostname to be entered into the log file. */
#undef HOST_IN_LOG
-/* Define to 1 if you want to ignore '.' and empty PATH elements */
+/* Define to 1 if you want to ignore '.' and empty PATH elements. */
#undef IGNORE_DOT_PATH
/* The message given when a bad password is entered. */
sudo. */
#undef NO_LECTURE
-/* Define to 1 if you don't want to use sudo's PAM session support */
+/* Define to 1 if you don't want to use sudo's PAM session support. */
#undef NO_PAM_SESSION
/* Define to avoid runing the mailer as root. */
#undef SUDOERS_PLUGIN
/* An instance string to append to the username (separated by a slash) for
- Kerberos V authentication */
+ Kerberos V authentication. */
#undef SUDO_KRB5_INSTANCE
/* The umask that the sudo-run prog should use. */
/* Define for large files, on AIX-style hosts. */
#undef _LARGE_FILES
-/* Define to __FUNCTION__ if your compiler support __FUNCTION__ but not
+/* Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not
__func__ */
#undef __func__
/* Define to `int' if <sys/types.h> does not define. */
#undef mode_t
+/* Define to an OS-specific initialization function or `os_init_common'. */
+#undef os_init
+
/* Define to `int' if <signal.h> does not define. */
#undef sig_atomic_t
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef uint32_t
+
+/* Define to `unsigned long long' if <sys/types.h> does not define. */
+#undef uint64_t
+
+/* Define to `unsigned char' if <sys/types.h> does not define. */
+#undef uint8_t
+
/* Define to empty if the keyword `volatile' does not work. Warning: valid
code using `volatile' can become incorrect without. Disable with care. */
#undef volatile
# define ignore_result(x) (void)(x)
#endif
-/* Macros to set/clear/test flags. */
-#undef SET
-#define SET(t, f) ((t) |= (f))
-#undef CLR
-#define CLR(t, f) ((t) &= ~(f))
-#undef ISSET
-#define ISSET(t, f) ((t) & (f))
-
-/* ANSI-style OS defs for HP-UX and ConvexOS. */
-#if defined(hpux) && !defined(__hpux)
-# define __hpux 1
-#endif /* hpux */
-
-#if defined(convex) && !defined(__convex__)
-# define __convex__ 1
-#endif /* convex */
-
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for sudo 1.8.6p8.
+# Generated by GNU Autoconf 2.68 for sudo 1.8.7.
#
# Report bugs to <http://www.sudo.ws/bugs/>.
#
# Identity of this package.
PACKAGE_NAME='sudo'
PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.6p8'
-PACKAGE_STRING='sudo 1.8.6p8'
+PACKAGE_VERSION='1.8.7'
+PACKAGE_STRING='sudo 1.8.7'
PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
PACKAGE_URL=''
EXEEXT
ac_ct_CC
CC
+PLUGINDIR
+pam_session
editor
secure_path
netsvc_conf
PIE_LDFLAGS
CROSS_COMPILING
COMPAT_TEST_PROGS
+LOCALEDIR_SUFFIX
SUDO_NLS
LIBINTL
LT_STATIC
BSDAUTH_USAGE
DONT_LEAK_PATH_INFO
INSTALL_NOEXEC
+sesh_file
noexec_file
SOEXT
-PLUGINDIR
NOEXECDIR
NOEXECFILE
mansrcdir
enable_pie
enable_admin_flag
enable_nls
+enable_rpath
with_selinux
enable_gss_krb5_ccache_name
enable_shared
with_gnu_ld
with_sysroot
enable_libtool_lock
+with_libtool
with_noexec
with_netsvc
enable_sia
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures sudo 1.8.6p8 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of sudo 1.8.6p8:";;
+ short | recursive ) echo "Configuration of sudo 1.8.7:";;
esac
cat <<\_ACEOF
--enable-werror Whether to enable the -Werror compiler option
--disable-hardening Do not use compiler/linker exploit mitigation
options
- --disable-pie Do not build position independent executables, even
- if the compiler/linker supports them
+ --enable-pie Build sudo as a position independent executable.
--enable-admin-flag Whether to create a Ubuntu-style admin flag file
--disable-nls Disable natural language support using gettext
+ --disable-rpath Disable passing of -Rpath to the linker
--enable-gss-krb5-ccache-name
Use GSS-API to set the Kerberos V cred cache name
--enable-shared[=PKGS] build shared libraries [default=yes]
--with-alertmail deprecated
--with-devel add development options
--with-CC C compiler to use
- --with-rpath pass -R flag in addition to -L for lib paths
- --with-blibpath=PATH pass -blibpath flag to ld for additional lib paths
+ --with-rpath deprecated, use --disable-rpath
+ --with-blibpath=PATH deprecated
--with-bsm-audit enable BSM audit support
--with-linux-audit enable Linux audit support
--with-sssd enable SSSD support
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
--with-sysroot=DIR Search for dependent libraries within DIR
(or the compiler's sysroot if not specified).
+ --with-libtool=PATH specify path to libtool
--with-noexec=PATH fully qualified pathname of sudo_noexec.so
--with-netsvc[=PATH] path to netsvc.conf
--with-pam-login enable specific PAM session for sudo -i
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-sudo configure 1.8.6p8
+sudo configure 1.8.7
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by sudo $as_me 1.8.6p8, which was
+It was created by sudo $as_me 1.8.7, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
+
+
+
ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
-noexec_file=/usr/local/libexec/sudo_noexec.so
+noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
+sesh_file=/usr/local/libexec/sudo/sesh
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
+pam_session=on
+PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
AUTH_EXCL_DEF=
AUTH_DEF=passwd
SUDO_NLS=disabled
+LOCALEDIR_SUFFIX=
LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
LT_LDDEP="\$(shlib_exp)"
NO_VIZ="-DNO_VIZ"
+OS_INIT=os_init_common
CHECKSHADOW=true
shadow_defs=
+#
+# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
+# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
+# off an extraneous "/sudo" from libexecdir.
+#
+case "$libexecdir" in
+ */sudo)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&5
+$as_echo "$as_me: WARNING: libexecdir should not include the \"sudo\" subdirectory" >&2;}
+ libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
+ ;;
+esac
+
# Check whether --with-otp-only was given.
# Check whether --with-rpath was given.
if test "${with_rpath+set}" = set; then :
- withval=$with_rpath; case $with_rpath in
- yes|no) ;;
- *) as_fn_error $? "\"--with-rpath does not take an argument.\"" "$LINENO" 5
- ;;
-esac
+ withval=$with_rpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-rpath deprecated, rpath is now the default" >&5
+$as_echo "$as_me: WARNING: --with-rpath deprecated, rpath is now the default" >&2;}
fi
# Check whether --with-blibpath was given.
if test "${with_blibpath+set}" = set; then :
- withval=$with_blibpath; case $with_blibpath in
- yes|no) ;;
- *) { $as_echo "$as_me:${as_lineno-$LINENO}: will pass -blibpath:${with_blibpath} to the loader." >&5
-$as_echo "$as_me: will pass -blibpath:${with_blibpath} to the loader." >&6;}
- ;;
-esac
+ withval=$with_blibpath; { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-blibpath deprecated, use --with-libpath" >&5
+$as_echo "$as_me: WARNING: --with-blibpath deprecated, use --with-libpath" >&2;}
fi
*) { $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_incpath} to CPPFLAGS" >&5
$as_echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;}
for i in ${with_incpath}; do
- CPPFLAGS="${CPPFLAGS} -I${i}"
+
+ case "${CPPFLAGS}" in
+ *"-I${i}"|*"-I${i} ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${i}"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${i}"
+ fi
+ ;;
+ esac
+
done
;;
esac
yes) as_fn_error $? "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5
;;
no) ;;
- *) cat >>confdefs.h <<EOF
-#define _PATH_SUDO_ASKPASS "$with_askpass"
-EOF
-
- ;;
+ *) ;;
esac
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+
+ with_askpass=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
+
fi
+if test X"$with_askpass" != X"no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_ASKPASS "$with_askpass"
+EOF
+
+else
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_ASKPASS NULL
+EOF
+
+fi
# Check whether --with-plugindir was given.
*) ;;
esac
else
- with_plugindir="$libexecdir"
+ with_plugindir="$libexecdir/sudo"
fi
# Check whether --enable-pie was given.
if test "${enable_pie+set}" = set; then :
enableval=$enable_pie;
-else
- enable_pie=yes
fi
fi
+# Check whether --enable-rpath was given.
+if test "${enable_rpath+set}" = set; then :
+ enableval=$enable_rpath;
+else
+ enable_rpath=yes
+fi
+
+
# Check whether --with-selinux was given.
if test "${with_selinux+set}" = set; then :
*) as_fn_error $? "\"--with-selinux does not take an argument.\"" "$LINENO" 5
;;
esac
+else
+ with_selinux=no
fi
+
+# Check whether --with-libtool was given.
+if test "${with_libtool+set}" = set; then :
+ withval=$with_libtool; case $with_libtool in
+ yes|builtin) ;;
+ no) as_fn_error $? "\"--without-libtool not supported.\"" "$LINENO" 5
+ ;;
+ system) LIBTOOL=libtool
+ ;;
+ *) LIBTOOL="$with_libtool"
+ ;;
+esac
+fi
+
+
if test "$enable_shared" = "no"; then
with_noexec=no
enable_dlopen=no
lt_cv_dlopen=none
lt_cv_dlopen_libs=
ac_cv_func_dlopen=no
+ LT_LDFLAGS=-static
else
eval _shrext="$shrext_cmds"
# Darwin uses .dylib for libraries but .so for modules
# Check whether --with-noexec was given.
if test "${with_noexec+set}" = set; then :
withval=$with_noexec; case $with_noexec in
- yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ yes) with_noexec="$libexecdir/sudo/sudo_noexec.so"
;;
no) ;;
*) ;;
esac
else
- with_noexec="$libexecdir/sudo_noexec$_shrext"
+ with_noexec="$libexecdir/sudo/sudo_noexec.so"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5
$as_echo "$with_noexec" >&6; }
-NOEXECFILE="sudo_noexec$_shrext"
+NOEXECFILE="sudo_noexec.so"
NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([^}]*\)}:$(\1):' -e 's:^\(.*\)/[^/]*:\1:'`"
# Extract the first word of "uname", so it can be a program name with args.
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
- # For implementing getgrouplist()
- for ac_func in _getgroupsbymember
-do :
- ac_fn_c_check_func "$LINENO" "_getgroupsbymember" "ac_cv_func__getgroupsbymember"
-if test "x$ac_cv_func__getgroupsbymember" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE__GETGROUPSBYMEMBER 1
-_ACEOF
-
-fi
-done
-
+ # Solaris-specific initialization
+ OS_INIT=os_init_solaris
+ SUDO_OBJS="${SUDO_OBJS} solaris.o"
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
for ac_func in priv_set
do :
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
- if test X"$with_blibpath" != X"no"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if linker accepts -Wl,-blibpath" >&5
-$as_echo_n "checking if linker accepts -Wl,-blibpath... " >&6; }
- O_LDFLAGS="$LDFLAGS"
- LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-
- if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- blibpath="$with_blibpath"
- elif test -n "$GCC"; then
- blibpath="/usr/lib:/lib:/usr/local/lib"
- else
- blibpath="/usr/lib:/lib"
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- fi
- LDFLAGS="$O_LDFLAGS"
# On AIX 6 and higher default to PAM, else default to LAM
if test $OSMAJOR -ge 6; then
with_netsvc="/etc/netsvc.conf"
fi
- # For implementing getgrouplist()
- for ac_func in getgrset
-do :
- ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset"
-if test "x$ac_cv_func_getgrset" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_GETGRSET 1
-_ACEOF
-
-fi
-done
-
-
# LDR_PRELOAD is only supported in AIX 5.3 and later
if test $OSMAJOR -lt 5; then
with_noexec=no
fi
# AIX-specific functions
- for ac_func in getuserattr setauthdb
+ for ac_func in getuserattr setauthdb setrlimit64
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
;;
esac
- case "$host" in
- *-*-hpux[1-8].*)
+ case "$host_os" in
+ hpux[1-8].*)
$as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h
;;
- *-*-hpux9.*)
+ hpux9.*)
$as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h
# order of libs in 9.X is important. -lc_r must be last
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
- CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+
+ case "${CPPFLAGS}" in
+ *"-D_REENTRANT"|*"-D_REENTRANT ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-D_REENTRANT"
+ else
+ CPPFLAGS="${CPPFLAGS} -D_REENTRANT"
+ fi
+ ;;
+ esac
+
+
+ case "${CPPFLAGS}" in
+ *"-I/usr/include/reentrant"|*"-I/usr/include/reentrant ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I/usr/include/reentrant"
+ else
+ CPPFLAGS="${CPPFLAGS} -I/usr/include/reentrant"
+ fi
+ ;;
+ esac
+
fi
;;
- *-*-hpux10.*)
+ hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
# HP-UX 10.20 libc has an incompatible getline
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
+ for ac_func in pstat_getproc
+do :
+ ac_fn_c_check_func "$LINENO" "pstat_getproc" "ac_cv_func_pstat_getproc"
+if test "x$ac_cv_func_pstat_getproc" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PSTAT_GETPROC 1
+_ACEOF
+
+fi
+done
+
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
- CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+
+ case "${CPPFLAGS}" in
+ *"-I/usr/include"|*"-I/usr/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I/usr/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I/usr/include"
+ fi
+ ;;
+ esac
+
+
+ case "${CPPFLAGS}" in
+ *"-I/usr/include/bsd"|*"-I/usr/include/bsd ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I/usr/include/bsd"
+ else
+ CPPFLAGS="${CPPFLAGS} -I/usr/include/bsd"
+ fi
+ ;;
+ esac
+
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
- # PIE is broken on FreeBSD/ia64
- case "$host_cpu" in
- ia64*)
- enable_pie=no;;
- esac
;;
*-*-*openbsd*)
+ # OpenBSD-specific initialization
+ OS_INIT=os_init_openbsd
+ SUDO_OBJS="${SUDO_OBJS} openbsd.o"
+
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead.
SKIP_SETREUID=yes
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
if test -n "$with_libpath"; then
for i in ${with_libpath}; do
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L$i -Wl,+b,$i"
- ;;
- *) LDFLAGS="${LDFLAGS} -L$i -Wl,-R$i"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L$i"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:$i"
- fi
+ case "${LDFLAGS}" in
+ *"-L$i"|*"-L$i ")
+ ;;
+ *)
+ LDFLAGS="${LDFLAGS} -L$i"
+ if test X"$enable_rpath" = X"yes"; then
+ LDFLAGS_R="${LDFLAGS_R} -R$i"
+ fi
+ ;;
+ esac
done
fi
done
+for ac_header in endian.h sys/endian.h machine/endian.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
for ac_header in procfs.h sys/procfs.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
fi
fi
-case "$host" in
- *-*-hpux11.*)
+case "$host_os" in
+ hpux11.*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/types.h needs _XOPEN_SOURCE_EXTENDED" >&5
$as_echo_n "checking whether sys/types.h needs _XOPEN_SOURCE_EXTENDED... " >&6; }
if ${sudo_cv_xopen_source_extended+:} false; then :
fi
+if test X"$ac_cv_type_long_long_int" != X"yes"; then
+ as_fn_error $? "\"C compiler does not appear have required long long support\"" "$LINENO" 5
+fi
# The cast to long int works around a bug in the HP C Compiler
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
fi
+ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint8_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define uint8_t unsigned char
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint32_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define uint32_t unsigned int
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint64_t" = xyes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define uint64_t unsigned long long
+_ACEOF
+
+fi
+
ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "
$ac_includes_default
#include <sys/socket.h>
fi
LIBS=$ac_save_LIBS
-for ac_func in glob strrchr sysconf tzset strftime setenv \
- regcomp setlocale nl_langinfo mbr_check_membership \
- setrlimit64
+for ac_func in glob nl_langinfo regcomp setenv strftime strrchr strtoll \
+ sysconf tzset
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
fi
done
-ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist"
+for ac_func in getgrouplist
+do :
+ ac_fn_c_check_func "$LINENO" "getgrouplist" "ac_cv_func_getgrouplist"
if test "x$ac_cv_func_getgrouplist" = xyes; then :
- $as_echo "#define HAVE_GETGROUPLIST 1" >>confdefs.h
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETGROUPLIST 1
+_ACEOF
else
- case " $LIBOBJS " in
+
+ case "$host_os" in
+ aix*)
+ for ac_func in getgrset
+do :
+ ac_fn_c_check_func "$LINENO" "getgrset" "ac_cv_func_getgrset"
+if test "x$ac_cv_func_getgrset" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETGRSET 1
+_ACEOF
+
+fi
+done
+
+ ;;
+ *)
+ ac_fn_c_check_func "$LINENO" "nss_search" "ac_cv_func_nss_search"
+if test "x$ac_cv_func_nss_search" = xyes; then :
+
+ ac_fn_c_check_func "$LINENO" "_nss_XbyY_buf_alloc" "ac_cv_func__nss_XbyY_buf_alloc"
+if test "x$ac_cv_func__nss_XbyY_buf_alloc" = xyes; then :
+
+ # Solaris
+ ac_fn_c_check_func "$LINENO" "_nss_initf_group" "ac_cv_func__nss_initf_group"
+if test "x$ac_cv_func__nss_initf_group" = xyes; then :
+
+ for ac_header in nss_dbdefs.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default"
+if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_NSS_DBDEFS_H 1
+_ACEOF
+
+fi
+
+done
+
+ $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h
+
+ $as_echo "#define HAVE__NSS_XBYY_BUF_ALLOC 1" >>confdefs.h
+
+ $as_echo "#define HAVE__NSS_INITF_GROUP 1" >>confdefs.h
+
+
+fi
+
+
+else
+
+ # HP-UX
+ ac_fn_c_check_func "$LINENO" "__nss_XbyY_buf_alloc" "ac_cv_func___nss_XbyY_buf_alloc"
+if test "x$ac_cv_func___nss_XbyY_buf_alloc" = xyes; then :
+
+ ac_fn_c_check_func "$LINENO" "__nss_initf_group" "ac_cv_func___nss_initf_group"
+if test "x$ac_cv_func___nss_initf_group" = xyes; then :
+
+ for ac_header in nss_dbdefs.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "nss_dbdefs.h" "ac_cv_header_nss_dbdefs_h" "$ac_includes_default"
+if test "x$ac_cv_header_nss_dbdefs_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_NSS_DBDEFS_H 1
+_ACEOF
+
+fi
+
+done
+
+ $as_echo "#define HAVE_NSS_SEARCH 1" >>confdefs.h
+
+ $as_echo "#define HAVE___NSS_XBYY_BUF_ALLOC 1" >>confdefs.h
+
+ $as_echo "#define HAVE___NSS_INITF_GROUP 1" >>confdefs.h
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+ case " $LIBOBJS " in
*" getgrouplist.$ac_objext "* ) ;;
*) LIBOBJS="$LIBOBJS getgrouplist.$ac_objext"
;;
esac
-fi
+fi
+done
for ac_func in getline
do :
cat >>confdefs.h <<_ACEOF
#define HAVE_SETREUID 1
_ACEOF
- SKIP_SETEUID=yes
+
fi
done
fi
-if test -z "$SKIP_SETEUID"; then
- for ac_func in seteuid
+for ac_func in seteuid
do :
ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid"
if test "x$ac_cv_func_seteuid" = xyes; then :
fi
done
-fi
if test X"$with_interfaces" != X"no"; then
for ac_func in getifaddrs
do :
# make sure we use the gettext() that matches the include file.
if test "$enable_nls" != "no"; then
if test "$enable_nls" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L$enable_nls/lib -Wl,+b,$enable_nls/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L$enable_nls/lib -Wl,-R$enable_nls/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L$enable_nls/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:$enable_nls/lib"
- fi
+ case "${CPPFLAGS}" in
+ *"-I${enable_nls}/include"|*"-I${enable_nls}/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${enable_nls}/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
+ fi
+ ;;
+ esac
+
+
+ case "${LDFLAGS}" in
+ *"-L$enable_nls/lib"|*"-L$enable_nls/lib ")
+ ;;
+ *)
+ LDFLAGS="${LDFLAGS} -L$enable_nls/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ LDFLAGS_R="${LDFLAGS_R} -R$enable_nls/lib"
+ fi
+ ;;
+ esac
fi
OLIBS="$LIBS"
$as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h
SUDO_NLS=enabled
+ # For Solaris we need links from lang to lang.UTF-8 in localedir
+ case "$host_os" in
+ solaris2*) LOCALEDIR_SUFFIX=".UTF-8";;
+ esac
elif test "$sudo_cv_gettext_lintl" = "yes"; then
$as_echo "#define HAVE_LIBINTL_H 1" >>confdefs.h
*)
$as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h
- CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,+b,$enable_zlib/lib"
- ;;
- *) ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,-R$enable_zlib/lib"
- ;;
- esac
- else
- ZLIB="${ZLIB} -L$enable_zlib/lib"
- fi
- if test X"$blibpath" != X"" -a "ZLIB" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:$enable_zlib/lib"
- fi
+ case "${CPPFLAGS}" in
+ *"-I${enable_zlib}/include"|*"-I${enable_zlib}/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${enable_zlib}/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+ fi
+ ;;
+ esac
+
+
+ case "${ZLIB}" in
+ *"-L$enable_zlib/lib"|*"-L$enable_zlib/lib ")
+ ;;
+ *)
+ ZLIB="${ZLIB} -L$enable_zlib/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ ZLIB_R="${ZLIB_R} -R$enable_zlib/lib"
+ fi
+ ;;
+ esac
ZLIB="${ZLIB} -lz"
;;
yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
;;
- no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- $as_echo "#define NO_PAM_SESSION 1" >>confdefs.h
+ $as_echo "#define NO_PAM_SESSION 1" >>confdefs.h
- ;;
- *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ pam_session=off
+ ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5
$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&2;}
- ;;
+ ;;
esac
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk}"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_fwtk}"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${with_fwtk}"|*"-L${with_fwtk} ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_fwtk}"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_fwtk}"
+ fi
+ ;;
+ esac
+
+
+ case "${CPPFLAGS}" in
+ *"-I${with_fwtk}"|*"-I${with_fwtk} ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${with_fwtk}"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+ fi
+ ;;
+ esac
- CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
with_fwtk=yes
fi
SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
else
with_SecurID=/usr/ace
fi
- CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${with_SecurID}"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_SecurID}"
- fi
+ case "${CPPFLAGS}" in
+ *"-I${with_SecurID}"|*"-I${with_SecurID} ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${with_SecurID}"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
+ fi
+ ;;
+ esac
+
+
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${with_SecurID}"|*"-L${with_SecurID} ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID}"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_SecurID}"
+ fi
+ ;;
+ esac
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
AUTH_OBJS="$AUTH_OBJS securid5.lo";
fi
else
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_kerb5}/lib"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${with_kerb5}/lib"|*"-L${with_kerb5}/lib ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb5}/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_kerb5}/lib"
+ fi
+ ;;
+ esac
+
+
+ case "${CPPFLAGS}" in
+ *"-I${with_kerb5}/include"|*"-I${with_kerb5}/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${with_kerb5}/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_kerb5}/include"
+ fi
+ ;;
+ esac
- CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
for i in $AFSLIBDIRS; do
if test -d ${i}; then
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i -Wl,+b,$i"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i -Wl,-R$i"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:$i"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L$i"|*"-L$i ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L$i"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R$i"
+ fi
+ ;;
+ esac
FOUND_AFSLIBDIR=true
fi
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
- CPPFLAGS="${CPPFLAGS} -I${i}"
+
+ case "${CPPFLAGS}" in
+ *"-I${i}"|*"-I${i} ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${i}"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${i}"
+ fi
+ ;;
+ esac
+
FOUND_AFSINCDIR=true
fi
done
if test "${with_skey-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${with_skey}/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_skey}/lib"
- fi
+ case "${CPPFLAGS}" in
+ *"-I${with_skey}/include"|*"-I${with_skey}/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${with_skey}/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
+ fi
+ ;;
+ esac
+ LDFLAGS="$LDFLAGS -L${with_skey}/lib"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_skey}/lib"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${with_skey}/lib"|*"-L${with_skey}/lib ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_skey}/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_skey}/lib"
+ fi
+ ;;
+ esac
ac_fn_c_check_header_compile "$LINENO" "skey.h" "ac_cv_header_skey_h" "#include <stdio.h>
"
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
+ LDFLAGS="$LDFLAGS -L${dir}/lib"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${dir}/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${dir}/lib"
- fi
-
-
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${dir}/lib"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${dir}/lib"|*"-L${dir}/lib ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${dir}/lib"
+ fi
+ ;;
+ esac
fi
if test "$found" = "no"; then
if test "${with_opie-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${with_opie}/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_opie}/lib"
- fi
+ case "${CPPFLAGS}" in
+ *"-I${with_opie}/include"|*"-I${with_opie}/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${with_opie}/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
+ fi
+ ;;
+ esac
+ LDFLAGS="$LDFLAGS -L${with_opie}/lib"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_opie}/lib"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${with_opie}/lib"|*"-L${with_opie}/lib ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_opie}/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_opie}/lib"
+ fi
+ ;;
+ esac
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
+ LDFLAGS="$LDFLAGS -L${dir}/lib"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${dir}/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${dir}/lib"
- fi
-
-
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${dir}/lib"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${dir}/lib"|*"-L${dir}/lib ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${dir}/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${dir}/lib"
+ fi
+ ;;
+ esac
fi
if test "$found" = "no"; then
fi
if test ${with_ldap-'no'} != "no"; then
- _LDFLAGS="$LDFLAGS"
+ O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_ldap}/lib"
- fi
+ case "${SUDOERS_LDFLAGS}" in
+ *"-L${with_ldap}/lib"|*"-L${with_ldap}/lib ")
+ ;;
+ *)
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_ldap}/lib"
+ if test X"$enable_rpath" = X"yes"; then
+ SUDOERS_LDFLAGS_R="${SUDOERS_LDFLAGS_R} -R${with_ldap}/lib"
+ fi
+ ;;
+ esac
+ LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${with_ldap}/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_ldap}/lib"
- fi
+ case "${CPPFLAGS}" in
+ *"-I${with_ldap}/include"|*"-I${with_ldap}/include ")
+ ;;
+ *)
+ if test X"${CPPFLAGS}" = X""; then
+ CPPFLAGS="-I${with_ldap}/include"
+ else
+ CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+ fi
+ ;;
+ esac
- CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
LDAP=""
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LDAP libraries" >&5
-$as_echo_n "checking for LDAP libraries... " >&6; }
- LDAP_LIBS=""
_LIBS="$LIBS"
+ LDAP_LIBS=""
+ IBMLDAP_EXTRA=""
found=no
- for l in -lldap -llber '-lssl -lcrypto'; do
- LIBS="${LIBS} $l"
- LDAP_LIBS="${LDAP_LIBS} $l"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ # On HP-UX, libibmldap has a hidden dependency on libCsup
+ case "$host_os" in
+ hpux*) { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lCsup" >&5
+$as_echo_n "checking for main in -lCsup... " >&6; }
+if ${ac_cv_lib_Csup_main+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lCsup $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
- #include <lber.h>
- #include <ldap.h>
+
+
int
main ()
{
-(void)ldap_init(0, 0)
+return main ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
- found=yes; break
+ ac_cv_lib_Csup_main=yes
+else
+ ac_cv_lib_Csup_main=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
- done
- if test "$found" = "no"; then
- LDAP_LIBS=""
- LIBS="$_LIBS"
- for l in -libmldap -lidsldif; do
- LIBS="${LIBS} $l"
- LDAP_LIBS="${LDAP_LIBS} $l"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_Csup_main" >&5
+$as_echo "$ac_cv_lib_Csup_main" >&6; }
+if test "x$ac_cv_lib_Csup_main" = xyes; then :
+ IBMLDAP_EXTRA=" -lCsup"
+fi
+;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ldap_init" >&5
+$as_echo_n "checking for library containing ldap_init... " >&6; }
+if ${ac_cv_search_ldap_init+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
- #include <lber.h>
- #include <ldap.h>
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ldap_init ();
int
main ()
{
-(void)ldap_init(0, 0)
+return ldap_init ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- found=yes; break
+for ac_lib in '' "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}"; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_ldap_init=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
- done
- fi
- if test "$found" = "no"; then
- LIBS="${_LIBS} -lldap"
+ conftest$ac_exeext
+ if ${ac_cv_search_ldap_init+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_ldap_init+:} false; then :
+
+else
+ ac_cv_search_ldap_init=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ldap_init" >&5
+$as_echo "$ac_cv_search_ldap_init" >&6; }
+ac_res=$ac_cv_search_ldap_init
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+ test "$ac_res" != "none required" && LDAP_LIBS="$ac_res"
+ found=yes
+
+fi
+
+ # If nothing linked, try -lldap and hope for the best
+ if test "$found" = "no"; then
LDAP_LIBS="-lldap"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found, using -lldap" >&5
-$as_echo "not found, using -lldap" >&6; }
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDAP_LIBS" >&5
-$as_echo "$LDAP_LIBS" >&6; }
fi
+ LIBS="${_LIBS} ${LDAP_LIBS}"
OLIBS="$LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5
$as_echo_n "checking for library containing ber_set_option... " >&6; }
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
- for ac_func in ldap_sasl_interactive_bind_s
+
+ for ac_func in ldap_sasl_interactive_bind_s
do :
ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s"
if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes; then :
fi
done
-else
- break
+ break
+
fi
done
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
- LDFLAGS="$_LDFLAGS"
+ LDFLAGS="$O_LDFLAGS"
fi
#
dlopen)
$as_echo "#define HAVE_DLOPEN 1" >>confdefs.h
- SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
;;
shl_load)
$as_echo "#define HAVE_SHL_LOAD 1" >>confdefs.h
- SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
case " $LIBOBJS " in
*" dlopen.$ac_objext "* ) ;;
# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
# so always link against -lpthread on HP-UX if it is available.
# This check should go after all other libraries tests.
-case "$host" in
- *-*-hpux*)
+case "$host_os" in
+ hpux*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5
$as_echo_n "checking for main in -lpthread... " >&6; }
if ${ac_cv_lib_pthread_main+:} false; then :
SUDO_LIBS="${SUDO_LIBS} -lpthread"
fi
+ OSDEFS="${OSDEFS} -D_REENTRANT"
;;
esac
-if test -n "$blibpath"; then
- if test -n "$blibpath_add"; then
- SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
- elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
- fi
-fi
-
if test "$utmp_style" = "LEGACY"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for utmp file path" >&5
$as_echo_n "checking for utmp file path... " >&6; }
fi
else
- case "$host" in
- *-*-hpux*)
+ case "$host_os" in
+ hpux*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Bhidden_def" >&5
$as_echo_n "checking whether C compiler accepts -Bhidden_def... " >&6; }
if ${ax_cv_check_cflags___Bhidden_def+:} false; then :
fi
;;
- *-*-solaris2*)
+ solaris2*)
as_CACHEVAR=`$as_echo "ax_cv_check_cflags__-xldscope=hidden" | $as_tr_sh`
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -xldscope=hidden" >&5
$as_echo_n "checking whether C compiler accepts -xldscope=hidden... " >&6; }
$as_echo_n "(cached) " >&6
else
+ sudo_cv_var_gnu_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
-
- sudo_cv_var_gnu_ld_anon_map=yes
-
+ sudo_cv_var_gnu_ld_anon_map=yes
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
fi
else
- case "$host" in
- *-*-solaris2*)
+ case "$host_os" in
+ solaris2*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports anonymous map files" >&5
$as_echo_n "checking whether ld supports anonymous map files... " >&6; }
if ${sudo_cv_var_solaris_ld_anon_map+:} false; then :
$as_echo_n "(cached) " >&6
else
+ sudo_cv_var_solaris_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
-
- sudo_cv_var_solaris_ld_anon_map=yes
-
+ sudo_cv_var_solaris_ld_anon_map=yes
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
fi
;;
- *-*-hpux*)
+ hpux*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports controlling exported symbols" >&5
$as_echo_n "checking whether ld supports controlling exported symbols... " >&6; }
if ${sudo_cv_var_hpux_ld_symbol_export+:} false; then :
$as_echo_n "(cached) " >&6
else
+ sudo_cv_var_hpux_ld_symbol_export=no
echo "+e foo" > conftest.opt
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
-
- sudo_cv_var_hpux_ld_symbol_export=yes
-
+ sudo_cv_var_hpux_ld_symbol_export=yes
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
+ rm -f conftest.opt
fi
fi
fi
-if test "$enable_pie" != "no" -a -n "$GCC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5
+if test -n "$GCC"; then
+ if test -z "$enable_pie"; then
+ case "$host_os" in
+ linux*)
+ # Attempt to build with PIE support
+ enable_pie="maybe"
+ ;;
+ esac
+ fi
+ if test -n "$enable_pie"; then
+ if test "$enable_pie" = "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-pie" >&5
+$as_echo_n "checking whether C compiler accepts -fno-pie... " >&6; }
+if ${ax_cv_check_cflags___fno_pie+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$CFLAGS
+ CFLAGS="$CFLAGS -fno-pie"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ax_cv_check_cflags___fno_pie=yes
+else
+ ax_cv_check_cflags___fno_pie=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_pie" >&5
+$as_echo "$ax_cv_check_cflags___fno_pie" >&6; }
+if test x"$ax_cv_check_cflags___fno_pie" = xyes; then :
+
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-pie"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -nopie" >&5
+$as_echo_n "checking whether the linker accepts -nopie... " >&6; }
+if ${ax_cv_check_ldflags___nopie+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$LDFLAGS
+ LDFLAGS="$LDFLAGS -nopie"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ax_cv_check_ldflags___nopie=yes
+else
+ ax_cv_check_ldflags___nopie=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___nopie" >&5
+$as_echo "$ax_cv_check_ldflags___nopie" >&6; }
+if test x"$ax_cv_check_ldflags___nopie" = xyes; then :
+
+ PIE_CFLAGS="-fno-pie"
+ PIE_LDFLAGS="-nopie"
+
+else
+ :
+fi
+
+ CFLAGS="$_CFLAGS"
+
+else
+ :
+fi
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fPIE" >&5
$as_echo_n "checking whether C compiler accepts -fPIE... " >&6; }
if ${ax_cv_check_cflags___fPIE+:} false; then :
$as_echo_n "(cached) " >&6
$as_echo "$ax_cv_check_cflags___fPIE" >&6; }
if test x"$ax_cv_check_cflags___fPIE" = xyes; then :
- _CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fPIE"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fPIE"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -pie" >&5
$as_echo_n "checking whether the linker accepts -pie... " >&6; }
if ${ax_cv_check_ldflags___pie+:} false; then :
$as_echo_n "(cached) " >&6
$as_echo "$ax_cv_check_ldflags___pie" >&6; }
if test x"$ax_cv_check_ldflags___pie" = xyes; then :
- PIE_CFLAGS="-fPIE"
- PIE_LDFLAGS="-pie"
+ if test "$enable_pie" = "maybe"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working PIE support" >&5
+$as_echo_n "checking for working PIE support... " >&6; }
+if ${sudo_cv_working_pie+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f conftestdata; > conftestdata
+if test "$cross_compiling" = yes; then :
+ sudo_cv_working_pie=no
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+main() { char *p = malloc(1024); if (p == NULL) return 1; memset(p, 0, 1024); return 0; }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ sudo_cv_working_pie=yes
+else
+ sudo_cv_working_pie=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+rm -f core core.* *.core
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_working_pie" >&5
+$as_echo "$sudo_cv_working_pie" >&6; }
+if test $sudo_cv_working_pie = yes; then :
+ enable_pie=yes
+fi
+ fi
+ if test "$enable_pie" = "yes"; then
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-Wc,-fPIE -pie"
+ fi
else
:
fi
- CFLAGS="$_CFLAGS"
+ CFLAGS="$_CFLAGS"
else
:
fi
+ fi
+ fi
+fi
+if test "$enable_pie" != "yes"; then
+ # Solaris 11.1 and higher supports tagging binaries to use ASLR
+ case "$host_os" in
+ solaris2.1[1-9]|solaris2.[2-9][0-9])
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -Wl,-z,aslr" >&5
+$as_echo_n "checking whether the linker accepts -Wl,-z,aslr... " >&6; }
+if ${ax_cv_check_ldflags___Wl__z_aslr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ax_check_save_flags=$LDFLAGS
+ LDFLAGS="$LDFLAGS -Wl,-z,aslr"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ax_cv_check_ldflags___Wl__z_aslr=yes
+else
+ ax_cv_check_ldflags___Wl__z_aslr=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$ax_check_save_flags
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_ldflags___Wl__z_aslr" >&5
+$as_echo "$ax_cv_check_ldflags___Wl__z_aslr" >&6; }
+if test x"$ax_cv_check_ldflags___Wl__z_aslr" = xyes; then :
+ PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"
+else
+ :
+fi
+
+ ;;
+ esac
fi
if test "$enable_hardening" != "no"; then
done
fi
+
+cat >>confdefs.h <<_ACEOF
+#define os_init $OS_INIT
+_ACEOF
+
+
if test -n "$GCC"; then
if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
CFLAGS="${CFLAGS} -Wall"
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
-if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
fi
if test X"$with_selinux" != X"no"; then
- sesh_file="$libexecdir/sesh"
+ sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
EOF
fi
- PLUGINDIR="$with_plugindir"
- _PLUGINDIR=
- while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
- _PLUGINDIR="$PLUGINDIR"
- eval PLUGINDIR="$_PLUGINDIR"
- done
- cat >>confdefs.h <<EOF
+ if test X"$enable_shared" != X"no"; then
+ PLUGINDIR="$with_plugindir"
+ _PLUGINDIR=
+ while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
+ _PLUGINDIR="$PLUGINDIR"
+ eval PLUGINDIR="$_PLUGINDIR"
+ done
+ cat >>confdefs.h <<EOF
#define _PATH_SUDO_PLUGIN_DIR "$PLUGINDIR/"
EOF
- cat >>confdefs.h <<EOF
-#define SUDOERS_PLUGIN "sudoers${SOEXT}"
+ cat >>confdefs.h <<EOF
+#define SUDOERS_PLUGIN "sudoers.so"
EOF
+ fi
exec_prefix="$oexec_prefix"
fi
+if test X"$with_selinux" = X"no"; then
+ cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SESH NULL
+EOF
+
+fi
+
+if test X"$LDFLAGS_R" != X""; then
+ LDFLAGS="$LDFLAGS $LDFLAGS_R"
+fi
+if test X"$SUDOERS_LDFLAGS_R" != X""; then
+ SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R"
+fi
+if test X"$ZLIB_R" != X""; then
+ ZLIB="$ZLIB_R $ZLIB"
+fi
if test X"$prefix" = X"NONE"; then
test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
-ac_config_files="$ac_config_files Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers"
+ac_config_files="$ac_config_files Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by sudo $as_me 1.8.6p8, which was
+This file was extended by sudo $as_me 1.8.7, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-sudo config.status 1.8.6p8
+sudo config.status 1.8.7
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
"src/sudo_usage.h") CONFIG_FILES="$CONFIG_FILES src/sudo_usage.h" ;;
"src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
"plugins/sample/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample/Makefile" ;;
- "plugins/sample_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sample_group/Makefile" ;;
+ "plugins/group_file/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/group_file/Makefile" ;;
"plugins/system_group/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/system_group/Makefile" ;;
"plugins/sudoers/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/Makefile" ;;
"plugins/sudoers/sudoers") CONFIG_FILES="$CONFIG_FILES plugins/sudoers/sudoers" ;;
if test "$with_pam" = "yes"; then
- case $host in
- *-*-hpux*)
+ case $host_os in
+ hpux*)
if test -f /usr/lib/security/libpam_hpsec.so.1; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: You may wish to add the following line to /etc/pam.conf" >&5
$as_echo "$as_me: You may wish to add the following line to /etc/pam.conf" >&6;}
$as_echo "$as_me: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&6;}
fi
;;
- *-*-linux*)
+ linux*)
{ $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5
$as_echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;}
;;
+
+
+
+
+
dnl
dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.8.6p8], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.7], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
dnl
dnl Note: this must come after AC_INIT
AC_SUBST([mansrcdir])
AC_SUBST([NOEXECFILE])
AC_SUBST([NOEXECDIR])
-AC_SUBST([PLUGINDIR])
AC_SUBST([SOEXT])
AC_SUBST([noexec_file])
+AC_SUBST([sesh_file])
AC_SUBST([INSTALL_NOEXEC])
AC_SUBST([DONT_LEAK_PATH_INFO])
AC_SUBST([BSDAUTH_USAGE])
AC_SUBST([LT_STATIC])
AC_SUBST([LIBINTL])
AC_SUBST([SUDO_NLS])
+AC_SUBST([LOCALEDIR_SUFFIX])
AC_SUBST([COMPAT_TEST_PROGS])
AC_SUBST([CROSS_COMPILING])
AC_SUBST([PIE_LDFLAGS])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
AC_SUBST([editor])
+AC_SUBST([pam_session])
+AC_SUBST([PLUGINDIR])
#
# Begin initial values for man page substitution
#
ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
-noexec_file=/usr/local/libexec/sudo_noexec.so
+noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
+sesh_file=/usr/local/libexec/sudo/sesh
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
+pam_session=on
+PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
AUTH_EXCL_DEF=
AUTH_DEF=passwd
SUDO_NLS=disabled
+LOCALEDIR_SUFFIX=
LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
LT_LDDEP="\$(shlib_exp)"
NO_VIZ="-DNO_VIZ"
+OS_INIT=os_init_common
dnl
dnl Other vaiables
dnl
AC_CONFIG_LIBOBJ_DIR(compat)
+#
+# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
+# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
+# off an extraneous "/sudo" from libexecdir.
+#
+case "$libexecdir" in
+ */sudo)
+ AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
+ libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
+ ;;
+esac
+
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
;;
esac])
-AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
-[case $with_rpath in
- yes|no) ;;
- *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
- ;;
-esac])
+AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])],
+[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])])
-AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
-[case $with_blibpath in
- yes|no) ;;
- *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
- ;;
-esac])
+AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])],
+[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])])
dnl
dnl Handle BSM auditing support.
;;
*) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
for i in ${with_incpath}; do
- CPPFLAGS="${CPPFLAGS} -I${i}"
+ SUDO_APPEND_CPPFLAGS(-I${i})
done
;;
esac])
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
- *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
- ;;
-esac], AC_MSG_RESULT(no))
+ *) ;;
+esac], [
+ with_askpass=no
+ AC_MSG_RESULT(no)
+])
+if test X"$with_askpass" != X"no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass")
+else
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL)
+fi
AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
[case $with_plugindir in
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
;;
*) ;;
-esac], [with_plugindir="$libexecdir"])
+esac], [with_plugindir="$libexecdir/sudo"])
AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
[case $with_man in
[], [enable_hardening=yes])
AC_ARG_ENABLE(pie,
-[AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])],
-[], [enable_pie=yes])
+[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
AC_ARG_ENABLE(admin-flag,
[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
[], [enable_nls=yes])
+AC_ARG_ENABLE(rpath,
+[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])],
+[], [enable_rpath=yes])
+
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."])
;;
-esac])
+esac], [with_selinux=no])
dnl
dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
LT_PREREQ([2.2.6b])
LT_INIT([dlopen])
+dnl
+dnl Allow the user to specify an alternate libtool.
+dnl XXX - should be able to skip LT_INIT if we are using a different libtool
+dnl
+AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])],
+[case $with_libtool in
+ yes|builtin) ;;
+ no) AC_MSG_ERROR(["--without-libtool not supported."])
+ ;;
+ system) LIBTOOL=libtool
+ ;;
+ *) LIBTOOL="$with_libtool"
+ ;;
+esac])
+
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
lt_cv_dlopen=none
lt_cv_dlopen_libs=
ac_cv_func_dlopen=no
+ LT_LDFLAGS=-static
else
eval _shrext="$shrext_cmds"
# Darwin uses .dylib for libraries but .so for modules
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
[case $with_noexec in
- yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ yes) with_noexec="$libexecdir/sudo/sudo_noexec.so"
;;
no) ;;
*) ;;
-esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
+esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"])
AC_MSG_RESULT($with_noexec)
-NOEXECFILE="sudo_noexec$_shrext"
+NOEXECFILE="sudo_noexec.so"
NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
- # For implementing getgrouplist()
- AC_CHECK_FUNCS(_getgroupsbymember)
+ # Solaris-specific initialization
+ OS_INIT=os_init_solaris
+ SUDO_OBJS="${SUDO_OBJS} solaris.o"
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
AC_CHECK_FUNCS(priv_set, [PSMAN=1])
;;
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
- if test X"$with_blibpath" != X"no"; then
- AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
- O_LDFLAGS="$LDFLAGS"
- LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
- if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- blibpath="$with_blibpath"
- elif test -n "$GCC"; then
- blibpath="/usr/lib:/lib:/usr/local/lib"
- else
- blibpath="/usr/lib:/lib"
- fi
- AC_MSG_RESULT(yes)
- ], [AC_MSG_RESULT(no)])
- fi
- LDFLAGS="$O_LDFLAGS"
# On AIX 6 and higher default to PAM, else default to LAM
if test $OSMAJOR -ge 6; then
with_netsvc="/etc/netsvc.conf"
fi
- # For implementing getgrouplist()
- AC_CHECK_FUNCS(getgrset)
-
# LDR_PRELOAD is only supported in AIX 5.3 and later
if test $OSMAJOR -lt 5; then
with_noexec=no
fi
# AIX-specific functions
- AC_CHECK_FUNCS(getuserattr setauthdb)
+ AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64)
COMMON_OBJS="$COMMON_OBJS aix.lo"
;;
*-*-hiuxmpp*)
;;
esac
- case "$host" in
- *-*-hpux[[1-8]].*)
+ case "$host_os" in
+ hpux[[1-8]].*)
AC_DEFINE(BROKEN_SYSLOG)
;;
- *-*-hpux9.*)
+ hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
shadow_funcs="getspwuid"
# order of libs in 9.X is important. -lc_r must be last
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
- CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+ SUDO_APPEND_CPPFLAGS(-D_REENTRANT)
+ SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant)
fi
;;
- *-*-hpux10.*)
+ hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
# HP-UX 10.20 libc has an incompatible getline
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
+ AC_CHECK_FUNCS(pstat_getproc)
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
- CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+ SUDO_APPEND_CPPFLAGS(-I/usr/include)
+ SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd)
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
- # PIE is broken on FreeBSD/ia64
- case "$host_cpu" in
- ia64*)
- enable_pie=no;;
- esac
;;
*-*-*openbsd*)
+ # OpenBSD-specific initialization
+ OS_INIT=os_init_openbsd
+ SUDO_OBJS="${SUDO_OBJS} openbsd.o"
+
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead.
SKIP_SETREUID=yes
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
AC_HEADER_STDBOOL
AC_HEADER_MAJOR
AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
+AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break])
AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT
#ifdef HAVE_PROCFS_H
#include <procfs.h>
dnl when large files support is enabled so work around it.
dnl
AC_SYS_LARGEFILE
-case "$host" in
- *-*-hpux11.*)
+case "$host_os" in
+ hpux11.*)
AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
#include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
#include <netinet/in.h>])
AC_TYPE_LONG_LONG_INT
+if test X"$ac_cv_type_long_long_int" != X"yes"; then
+ AC_MSG_ERROR(["C compiler does not appear have required long long support"])
+fi
AC_CHECK_SIZEOF([long int])
AC_CHECK_TYPE(size_t, unsigned int)
AC_CHECK_TYPE(ssize_t, int)
AC_CHECK_TYPE(dev_t, int)
AC_CHECK_TYPE(ino_t, unsigned int)
+AC_CHECK_TYPE(uint8_t, unsigned char)
+AC_CHECK_TYPE(uint32_t, unsigned int)
+AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
AC_INCLUDES_DEFAULT
#include <sys/socket.h>])
dnl Function checks
dnl
AC_FUNC_GETGROUPS
-AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \
- regcomp setlocale nl_langinfo mbr_check_membership \
- setrlimit64)
-AC_REPLACE_FUNCS(getgrouplist)
+AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \
+ sysconf tzset)
+AC_CHECK_FUNCS(getgrouplist, [], [
+ case "$host_os" in
+ aix*)
+ AC_CHECK_FUNCS(getgrset)
+ ;;
+ *)
+ AC_CHECK_FUNC(nss_search, [
+ AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [
+ # Solaris
+ AC_CHECK_FUNC(_nss_initf_group, [
+ AC_CHECK_HEADERS(nss_dbdefs.h)
+ AC_DEFINE([HAVE_NSS_SEARCH])
+ AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
+ AC_DEFINE([HAVE__NSS_INITF_GROUP])
+ ])
+ ], [
+ # HP-UX
+ AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [
+ AC_CHECK_FUNC(__nss_initf_group, [
+ AC_CHECK_HEADERS(nss_dbdefs.h)
+ AC_DEFINE([HAVE_NSS_SEARCH])
+ AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC])
+ AC_DEFINE([HAVE___NSS_INITF_GROUP])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+ AC_LIBOBJ(getgrouplist)
+])
AC_CHECK_FUNCS(getline, [], [
AC_LIBOBJ(getline)
AC_CHECK_FUNCS(fgetln)
])
fi
if test -z "$SKIP_SETREUID"; then
- AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
-fi
-if test -z "$SKIP_SETEUID"; then
- AC_CHECK_FUNCS(seteuid)
+ AC_CHECK_FUNCS(setreuid)
fi
+AC_CHECK_FUNCS(seteuid)
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
fi
AC_MSG_RESULT($sudo_cv___FUNCTION__)
if test "$sudo_cv___FUNCTION__" = "yes"; then
AC_DEFINE(HAVE___FUNC__)
- AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__])
+ AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__])
fi
fi
# make sure we use the gettext() that matches the include file.
if test "$enable_nls" != "no"; then
if test "$enable_nls" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
+ SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include)
SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
fi
OLIBS="$LIBS"
if test "$sudo_cv_gettext" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
+ # For Solaris we need links from lang to lang.UTF-8 in localedir
+ case "$host_os" in
+ solaris2*) LOCALEDIR_SUFFIX=".UTF-8";;
+ esac
elif test "$sudo_cv_gettext_lintl" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
;;
*)
AC_DEFINE(HAVE_ZLIB_H)
- CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}"
+ SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include)
SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
ZLIB="${ZLIB} -lz"
;;
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
- no) AC_MSG_RESULT(no)
- AC_DEFINE(NO_PAM_SESSION)
- ;;
- *) AC_MSG_RESULT(no)
- AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
- ;;
+ no) AC_MSG_RESULT(no)
+ AC_DEFINE(NO_PAM_SESSION)
+ pam_session=off
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
+ ;;
esac], AC_MSG_RESULT(yes))
fi
fi
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
- CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+ SUDO_APPEND_CPPFLAGS(-I${with_fwtk})
with_fwtk=yes
fi
SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
else
with_SecurID=/usr/ace
fi
- CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
+ SUDO_APPEND_CPPFLAGS(-I${with_SecurID})
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
AUTH_OBJS="$AUTH_OBJS securid5.lo";
fi
else
dnl XXX - try to include krb5.h here too
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
- CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+ SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include)
fi
dnl
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
- CPPFLAGS="${CPPFLAGS} -I${i}"
+ SUDO_APPEND_CPPFLAGS(-I${i})
FOUND_AFSINCDIR=true
fi
done
if test "${with_skey-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
+ SUDO_APPEND_CPPFLAGS(-I${with_skey}/include)
+ LDFLAGS="$LDFLAGS -L${with_skey}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
else
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
- SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+ LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
if test "${with_opie-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
+ SUDO_APPEND_CPPFLAGS(-I${with_opie}/include)
+ LDFLAGS="$LDFLAGS -L${with_opie}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
else
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
- SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+ LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
dnl extra lib and .o file for LDAP support
dnl
if test ${with_ldap-'no'} != "no"; then
- _LDFLAGS="$LDFLAGS"
+ O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
- CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+ LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
+ SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include)
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
LDAP=""
- AC_MSG_CHECKING([for LDAP libraries])
- LDAP_LIBS=""
_LIBS="$LIBS"
+ LDAP_LIBS=""
+ IBMLDAP_EXTRA=""
found=no
- for l in -lldap -llber '-lssl -lcrypto'; do
- LIBS="${LIBS} $l"
- LDAP_LIBS="${LDAP_LIBS} $l"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
- #include <lber.h>
- #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
- done
- if test "$found" = "no"; then
- LDAP_LIBS=""
- LIBS="$_LIBS"
- for l in -libmldap -lidsldif; do
- LIBS="${LIBS} $l"
- LDAP_LIBS="${LDAP_LIBS} $l"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
- #include <lber.h>
- #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
- done
- fi
- dnl if nothing linked just try with -lldap
+ # On HP-UX, libibmldap has a hidden dependency on libCsup
+ case "$host_os" in
+ hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);;
+ esac
+ AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [
+ test "$ac_res" != "none required" && LDAP_LIBS="$ac_res"
+ found=yes
+ ])
+ # If nothing linked, try -lldap and hope for the best
if test "$found" = "no"; then
- LIBS="${_LIBS} -lldap"
LDAP_LIBS="-lldap"
- AC_MSG_RESULT([not found, using -lldap])
- else
- AC_MSG_RESULT([$LDAP_LIBS])
fi
+ LIBS="${_LIBS} ${LDAP_LIBS}"
dnl check if we need to link with -llber for ber_set_option
OLIBS="$LIBS"
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
+ AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
+ AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)
+ break
+ ])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np)
AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
- LDFLAGS="$_LDFLAGS"
+ LDFLAGS="$O_LDFLAGS"
fi
#
case "$lt_cv_dlopen" in
dlopen)
AC_DEFINE(HAVE_DLOPEN)
- SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
;;
shl_load)
AC_DEFINE(HAVE_SHL_LOAD)
- SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
AC_LIBOBJ(dlopen)
;;
# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
# so always link against -lpthread on HP-UX if it is available.
# This check should go after all other libraries tests.
-case "$host" in
- *-*-hpux*)
+case "$host_os" in
+ hpux*)
AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
+ OSDEFS="${OSDEFS} -D_REENTRANT"
;;
esac
-dnl
-dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
-dnl added -L dirpaths to SUDOERS_LDFLAGS.
-dnl
-if test -n "$blibpath"; then
- if test -n "$blibpath_add"; then
- SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
- elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
- fi
-fi
-
dnl
dnl Check for log file, timestamp and iolog locations
dnl
NO_VIZ=
])
else
- case "$host" in
- *-*-hpux*)
+ case "$host_os" in
+ hpux*)
AX_CHECK_COMPILE_FLAG([-Bhidden_def], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -Bhidden_def"
LT_LDDEP=
])
;;
- *-*-solaris2*)
+ solaris2*)
AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -xldscope=hidden"
AC_CACHE_CHECK([whether ld supports anonymous map files],
[sudo_cv_var_gnu_ld_anon_map],
[
+ sudo_cv_var_gnu_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map"
- AC_TRY_LINK([int foo;], [], [
- sudo_cv_var_gnu_ld_anon_map=yes
- ])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
+ [sudo_cv_var_gnu_ld_anon_map=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
]
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
fi
else
- case "$host" in
- *-*-solaris2*)
+ case "$host_os" in
+ solaris2*)
AC_CACHE_CHECK([whether ld supports anonymous map files],
[sudo_cv_var_solaris_ld_anon_map],
[
+ sudo_cv_var_solaris_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map"
- AC_TRY_LINK([int foo;], [], [
- sudo_cv_var_solaris_ld_anon_map=yes
- ])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
+ [sudo_cv_var_solaris_ld_anon_map=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
]
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
fi
;;
- *-*-hpux*)
+ hpux*)
AC_CACHE_CHECK([whether ld supports controlling exported symbols],
[sudo_cv_var_hpux_ld_symbol_export],
[
+ sudo_cv_var_hpux_ld_symbol_export=no
echo "+e foo" > conftest.opt
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
else
LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt"
fi
- AC_TRY_LINK([int foo;], [], [
- sudo_cv_var_hpux_ld_symbol_export=yes
- ])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
+ [sudo_cv_var_hpux_ld_symbol_export=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
+ rm -f conftest.opt
]
)
if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then
dnl Check for PIE executable support if using gcc.
dnl This test relies on AC_LANG_WERROR
dnl
-if test "$enable_pie" != "no" -a -n "$GCC"; then
- AX_CHECK_COMPILE_FLAG([-fPIE], [
- _CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fPIE"
- AX_CHECK_LINK_FLAG([-pie], [
- PIE_CFLAGS="-fPIE"
- PIE_LDFLAGS="-pie"
- ])
- CFLAGS="$_CFLAGS"
- ])
+if test -n "$GCC"; then
+ if test -z "$enable_pie"; then
+ case "$host_os" in
+ linux*)
+ # Attempt to build with PIE support
+ enable_pie="maybe"
+ ;;
+ esac
+ fi
+ if test -n "$enable_pie"; then
+ if test "$enable_pie" = "no"; then
+ AX_CHECK_COMPILE_FLAG([-fno-pie], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-pie"
+ AX_CHECK_LINK_FLAG([-nopie], [
+ PIE_CFLAGS="-fno-pie"
+ PIE_LDFLAGS="-nopie"
+ ])
+ CFLAGS="$_CFLAGS"
+ ])
+ else
+ AX_CHECK_COMPILE_FLAG([-fPIE], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fPIE"
+ AX_CHECK_LINK_FLAG([-pie], [
+ if test "$enable_pie" = "maybe"; then
+ SUDO_WORKING_PIE([enable_pie=yes], [])
+ fi
+ if test "$enable_pie" = "yes"; then
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-Wc,-fPIE -pie"
+ fi
+ ])
+ CFLAGS="$_CFLAGS"
+ ])
+ fi
+ fi
+fi
+if test "$enable_pie" != "yes"; then
+ # Solaris 11.1 and higher supports tagging binaries to use ASLR
+ case "$host_os" in
+ solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
+ AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"])
+ ;;
+ esac
fi
dnl
done
fi
+dnl
+dnl OS-specific initialization
+dnl
+AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.])
+
dnl
dnl We add -Wall and -Werror after all tests so they don't cause failures
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
-if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
- sesh_file="$libexecdir/sesh"
+ sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
eval sesh_file="$_sesh_file"
done
- SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file")
+ fi
+ if test X"$enable_shared" != X"no"; then
+ PLUGINDIR="$with_plugindir"
+ _PLUGINDIR=
+ while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
+ _PLUGINDIR="$PLUGINDIR"
+ eval PLUGINDIR="$_PLUGINDIR"
+ done
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
+ SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers.so")
fi
- PLUGINDIR="$with_plugindir"
- _PLUGINDIR=
- while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
- _PLUGINDIR="$PLUGINDIR"
- eval PLUGINDIR="$_PLUGINDIR"
- done
- SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
- SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
exec_prefix="$oexec_prefix"
fi
+if test X"$with_selinux" = X"no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL)
+fi
+
+dnl
+dnl Add -R options to LDFLAGS, etc.
+dnl
+if test X"$LDFLAGS_R" != X""; then
+ LDFLAGS="$LDFLAGS $LDFLAGS_R"
+fi
+if test X"$SUDOERS_LDFLAGS_R" != X""; then
+ SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R"
+fi
+if test X"$ZLIB_R" != X""; then
+ ZLIB="$ZLIB_R $ZLIB"
+fi
dnl
dnl Override default configure dirs for the Makefile
dnl
dnl Substitute into the Makefile and man pages
dnl
-AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
+AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT
dnl
dnl Spew any text the user needs to know about
dnl
if test "$with_pam" = "yes"; then
- case $host in
- *-*-hpux*)
+ case $host_os in
+ hpux*)
if test -f /usr/lib/security/libpam_hpsec.so.1; then
AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
fi
;;
- *-*-linux*)
+ linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
esac
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
-AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
-AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
-AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
-AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
-AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
+AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).])
+AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).])
+AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).])
+AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).])
+AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
-AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
-AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
+AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).])
+AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
-AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
+AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not).])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
-AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
-AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
-AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
-AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
+AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
+AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
+AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
-AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
+AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.])
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
-AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
+AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
-AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication])
+AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.])
+AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.])
+AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.])
+AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.])
+AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.])
+AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.])
dnl
dnl Bits to copy verbatim into config.h.in
# define ignore_result(x) (void)(x)
#endif
-/* Macros to set/clear/test flags. */
-#undef SET
-#define SET(t, f) ((t) |= (f))
-#undef CLR
-#define CLR(t, f) ((t) &= ~(f))
-#undef ISSET
-#define ISSET(t, f) ((t) & (f))
-
-/* ANSI-style OS defs for HP-UX and ConvexOS. */
-#if defined(hpux) && !defined(__hpux)
-# define __hpux 1
-#endif /* hpux */
-
-#if defined(convex) && !defined(__convex__)
-# define __convex__ 1
-#endif /* convex */
-
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
Elias Benali
Jamie Beverly
Spider Boardman
- Jakub Bogusz
P.J. Bostley
Keith Bowes
Keith Garry Boyce
Andreas Bussjaeger
Gary Calvin
Aaron Campbell
- Milo Casagrande
- Yuri Chornoivan
Vitezslav Cizek
Chris Coleman
Deven T. Corzine
Frank Cusack
+ Wei Dai
Theo de Raadt
- Francisco Dieguez
David Dill
Theo Van Dinter
Jeff Earickson
Jean-loup Gailly
Simon J. Gerraty
B. Guillory
- Joe Hansen
Randy M. Hayman
Joachim Henke
YOSHIFUJI Hideaki
Timo Juhani
Ayamura KIKUCHI
Kevin Kadow
- Jorma Karvonen
Stepan Kasal
Mike Kienenberger
Dale King
Jim Knoble
Tim Knox
Alek O. Komarnitsky
+ Nikolai Kondrashov
Daniel Kopecek
- Yuri Kozlov
- Jakob Kramer
Paul Kranenburg
David Krause
- Tomislav Krznar
Eric Lakin
Case Larsen
Dmitry V. Levin
Tom McLaughlin
Jeff Makey
Michael D. Marchionna
- Algimantas Margevicius
Paul Markham
Emin Martinian
- Pavel Maryanov
Michael Meskes
Todd C. Miller
Loic Minier
Dworkin Muller
Jeff Nieusma
Peter A. Nikitser
- Miroslav Nikolic
Ludwig Nussel
- Daniel Nylander
Eric Paquet
Chantal Paradis
Ted Percival
Diego Elio Petteno
Joel Pickett
Alex Plotnick
- Tran Ngoc Quan
Gudleik Rasch
+ Steve Reid
Matt Richards
Guido van Rossum
John P. Rouillard
Patrick Schoenfeld
Arno Schuring
Dougal Scott
- Abel Sendón
Nick Sieger
Thor Lancelot Simon
Marc Slemko
Russell Street
Tilo Stritzky
Michael Stroucken
- Yasuaki Taniguchi
Robert Tarrall
Matthew Thomas
Giles Todd
Chris Torek
Darren Tucker
Robert Uhl
- Mikel Olasagasti Uranga
Petr Uzel
Reznic Valery
Martynas Venckus
Klaus Wagner
Dan Walsh
- Wylmer Wang
John Warburton
Kirk Webb
Timm Wetzel
David Wood
Gustavo Zacarias
John Zolnowsky
+
+The following people have worked to translate sudo into other
+languages:
+
+ Jakub Bogusz
+ Milo Casagrande
+ Felipe Castro
+ Yuri Chornoivan
+ Francisco Dieguez
+ Volkan Gezer
+ Takeshi Hamasaki
+ P. Hamming
+ Joe Hansen
+ Jochen Hein
+ Damir Jerovsek
+ Jorma Karvonen
+ Klemen Kosir
+ Yuri Kozlov
+ Jakob Kramer
+ Tomislav Krznar
+ Algimantas Margevicius
+ Pavel Maryanov
+ Miroslav Nikolic
+ Daniel Nylander
+ Tran Ngoc Quan
+ Leandro Regueiro
+ Ozgur Sarier
+ Abel Sendón
+ Yasuaki Taniguchi
+ Mikel Olasagasti Uranga
+ Wylmer Wang
Sudo is distributed under the following license:
- Copyright (c) 1994-1996, 1998-2012
+ Copyright (c) 1994-1996, 1998-2013
Todd C. Miller <Todd.Miller@courtesan.com>
Permission to use, copy, modify, and distribute this software for any
#
-# Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
SHELL = @SHELL@
-DOCS = sudo.$(mantype) visudo.$(mantype) sudoers.$(mantype) \
- sudoers.ldap.$(mantype) sudoers.$(mantype) \
+DOCS = sudo.$(mantype) visudo.$(mantype) sudo.conf.$(mantype) \
+ sudoers.$(mantype) sudoers.ldap.$(mantype) sudoers.$(mantype) \
sudoreplay.$(mantype) sudo_plugin.$(mantype)
DEVDOCS = $(srcdir)/sudo.man.in $(srcdir)/sudo.cat \
$(srcdir)/visudo.man.in $(srcdir)/visudo.cat \
+ $(srcdir)/sudo.conf.man.in $(srcdir)/sudo.conf.cat \
$(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \
$(srcdir)/sudoers.ldap.man.in $(srcdir)/sudoers.ldap.cat \
$(srcdir)/sudoers.man.in $(srcdir)/sudoers.cat \
visudo.cat: $(srcdir)/visudo.cat
+$(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in
+ @if [ -n "$(DEVEL)" ]; then \
+ echo "Generating $@"; \
+ mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
+ mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
+ printf '.\\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!\n' > $@; \
+ printf '.\\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in\n' >> $@; \
+ $(SED) -n -e '/^.Dd/q' -e '/^\.\\/p' $(srcdir)/sudo.conf.mdoc.in >> $@; \
+ $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*"\)OpenBSD \(.*\)/\1"'$$mansectsu'"\2\3/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" >> $@; \
+ fi
+
+sudo.conf.man.sed: $(srcdir)/fixman.sh
+ $(SHELL) $(srcdir)/fixman.sh $@
+
+sudo.conf.man: $(srcdir)/sudo.conf.man.in sudo.conf.man.sed
+ (cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/$@.in | $(SED) -f $@.sed > $@
+
+sudo.conf.mdoc: $(srcdir)/sudo.conf.mdoc.in
+ (cd $(top_builddir) && $(SHELL) config.status --file=doc/$@)
+
+$(srcdir)/sudo.conf.cat: varsub $(srcdir)/sudo.conf.mdoc.in
+ @if [ -n "$(DEVEL)" ]; then \
+ echo "Generating $@"; \
+ $(SED) -f varsub $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -mdoc | $(SED) -e 's/ OpenBSD \([^ ].* \)/ \1 /' -e 's/(5)/(4)/g' -e 's/(8)/(1m)/g' > $@; \
+ fi
+
+sudo.conf.cat: $(srcdir)/sudo.conf.cat
+
$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in
@if [ -n "$(DEVEL)" ]; then \
echo "Generating $@"; \
$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudo_plugin.$(mantype) $(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu)
$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
+ $(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudo.conf.$(mantype) $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform)
$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
@LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -m 0644 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
@if test -n "$(MANCOMPRESS)"; then \
- for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \
+ for f in $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/sudo_plugin.$(mansectsu) $(mandirsu)/sudoreplay.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudo.conf.$(mansectform) $(mandirform)/sudoers.$(mansectform) $(mandirform)/sudoers.ldap.$(mansectform); do \
if test -f $(DESTDIR)$$f; then \
echo $(MANCOMPRESS) -f $(DESTDIR)$$f; \
$(MANCOMPRESS) -f $(DESTDIR)$$f; \
$(DESTDIR)$(mandirsu)/sudo_plugin.$(mansectsu) \
$(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu) \
$(DESTDIR)$(mandirsu)/visudo.$(mansectsu) \
+ $(DESTDIR)$(mandirform)/sudo.conf.$(mansectform) \
$(DESTDIR)$(mandirform)/sudoers.$(mansectform) \
$(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
mostlyclean: clean
distclean: clean
- -rm -rf Makefile config.log *.man
+ -rm -rf Makefile config.log *.man *.mdoc
clobber: distclean
its conf file. Also, remember that syslogd does *not* create
log files, you need to create the file before syslogd will log
to it (ie: touch /var/log/sudo).
- Note: the facility (e.g. "auth.debug") must be separated from the
+ Note: the facility (e.g. "auth.debug") must be separated from the
destination (e.g. "/var/log/auth" or "@loghost") by
tabs, *not* spaces. This is a common error.
#define HAVE_VSNPRINTF 1
and run make.
+Q) I built sudo on a Solaris 11 (or higher) machine but the resulting
+ binary doesn't work older Solaris versions. Why?
+
+A) Starting with Solaris 11, asprintf(3) is included in the standard
+ C library. To build a version of sudo on a Solaris 11 machine that
+ will run on an older Solaris release, edit config.h and comment out
+ the lines:
+ #define HAVE_ASPRINTF 1
+ #define HAVE_VASPRINTF 1
+ and run make.
+
Q) When I run "visudo" it says "sudoers file busy, try again later."
and doesn't do anything.
A) Someone else is currently editing the sudoers file with visudo.
Enter new password: <return>
Re-enter password: <return>
+Q) On HP-UX, when I run command via sudo it displays information
+ about the last successful login and last authentication failure
+ for every command. How can I fix this?
+A) This output comes from /usr/lib/security/libpam_hpsec.so.1.
+ To suppress it, add a line like the following to /etc/pam.conf:
+ sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login
+
+Q) On HP-UX, the umask setting in sudoers has no effect.
+A) If your /etc/pam.conf file has the libpam_hpsec.so.1 session module
+ enabled, you may need to a add line like the following to pam.conf:
+ sudo session required libpam_hpsec.so.1 bypass_umask
+
Q) When I run sudo on AIX I get the following error:
setuidx(ID_EFFECTIVE|ID_REAL|ID_SAVED, ROOT_UID): Operation not permitted.
A) AIX's Enhanced RBAC is preventing sudo from running. To fix
innateprivs = PV_DAC_GID,PV_DAC_O,PV_DAC_R,PV_DAC_UID,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_ENV,PV_PROC_PRIO,PV_PROC_RAC
secflags = FSF_EPS
+Q) Sudo configures and builds without error but when I run it I get
+ a Segmentation fault.
+A) If you are on a Linux system, the first thing to try is to run
+ configure with the --disable-pie option, then "make clean" and
+ "make". If that fixes the problem then your operating system
+ does not properly support position independent executables.
+ Please send a message to sudo@sudo.ws with system details such
+ as the Linux distro, kernel version and CPU architecture.
+
Q) When I run configure I get the following error:
dlopen present but libtool doesn't appear to support your platform.
A) Libtool doesn't know how to support dynamic linking on the operating
Notes on upgrading from an older release
========================================
+o Upgrading from a version prior to 1.8.7:
+
+ Sudo now stores its libexec files in a "sudo" sub-directory
+ instead of in libexec itself. For backwards compatibility, if
+ the plugin is not found in the default plugin directory, sudo
+ will check the parent directory default directory ends in "/sudo".
+
+ The default sudo plugins now all use the .so extension, regardless
+ of the extension used by native shared libraries. For backwards
+ compatibility, sudo on HP-UX will also search for a plugin with
+ an .sl extension if the .so version is not found.
+
+ Handling of users belonging to a large number of groups has
+ changed. Previously, sudo would only use the group list from
+ the kernel unless the system_group plugin was enabled in sudoers.
+ Now, sudo will query the groups database if the user belongs
+ to the maximum number of groups supported by the kernel. See
+ the group_source and max_groups settings in the sudo.conf manual
+ for details.
+
o Upgrading from a version prior to 1.8.2:
When matching Unix groups in the sudoers file, sudo will now
match based on the name of the group as it appears in sudoers
instead of the group ID. This can substantially reduce the
number of group lookups for sudoers files that contain a large
- nummber of groups. There are a few side effects of this change.
+ number of groups. There are a few side effects of this change.
1) Unix groups with different names but the same group ID are
- can no longer be used interchangably. Sudo will look up all
+ can no longer be used interchangeably. Sudo will look up all
of a user's groups by group ID and use the resulting group
names when matching sudoers entries. If there are multiple
groups with the same ID, the group name returned by the
group ID.
When sudo is build with LDAP support the /etc/nsswitch.conf file is
- now used to determine the sudoers seach order. sudo will default to
+ now used to determine the sudoers sea ch order. sudo will default to
only using /etc/sudoers unless /etc/nsswitch.conf says otherwise.
This can be changed with an nsswitch.conf line, e.g.:
sudoers: ldap files
Environment variable handling has changed significantly in sudo
1.6.9. Prior to version 1.6.9, sudo would preserve the user's
environment, pruning out potentially dangerous variables.
- Beginning with sudo 1.6.9, the envionment is reset to a default
+ Beginning with sudo 1.6.9, the environment is reset to a default
set of values with only a small number of "safe" variables
preserved. To preserve specific environment variables, add
them to the "env_keep" list in sudoers. E.g.
also preserved in the env_reset case, provided that they do not
contain a '/' or '%' character. Note that it is not necessary
to also list a variable in env_keep--having it in env_check is
- sufficent.
+ sufficient.
The default lists of variables to be preserved and/or checked
are displayed when sudo is run by root with the -V flag.
a command as a certain user did not override a previous entry
allowing the same command. This has been fixed in sudo 1.6.8
such that the last match is now used (as it is documented).
- Hopefully no one was depending on the previous (buggy) beghavior.
+ Hopefully no one was depending on the previous (buggy) behavior.
o Upgrading from a version prior to 1.6:
command. In other words, the "(root)" sets the default runas
user to root for the rest of the list. If we wanted to require
a password for /bin/ls and /sbin/dump the line could be written
- thusly:
+ as:
millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \
(root) PASSWD:/bin/ls, /sbin/dump
#!/bin/sh
+#
+# Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
OUTFILE="$1"
rm -f "$OUTFILE"
#!/bin/sh
+#
+# Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
OUTFILE="$1"
rm -f "$OUTFILE"
if [ X"$SEMAN" != X"1" ]; then
SE_FLAG='/^.*\n\.Op Fl r Ar role/{;N;/^.*\n\.Ek$/d;};/^.*\n\.Op Fl t Ar type/{;N;/^.*\n\.Ek$/d;};'
cat >>"$OUTFILE" <<-'EOF'
- /^\.It Fl r Ar role/,/newline character\.$/ {
+ /^\.It Fl r Ar role/,/^\.Ar role \.$/ {
d
}
/^\.It Fl t Ar type/,/specified role\.$/ {
#
# An askpass helper program may be specified to provide a graphical
# password prompt for "sudo -A" support. Sudo does not ship with its
-# own passpass program but can use the OpenSSH askpass.
+# own askpass program but can use the OpenSSH askpass.
#
# Use the OpenSSH askpass
#Path askpass /usr/X11R6/bin/ssh-askpass
# dumps by setting "disable_coredump" to false.
#
#Set disable_coredump false
+
+#
+# User groups:
+#
+# Sudo passes the user's group list to the policy plugin.
+# If the user is a member of the maximum number of groups (usually 16),
+# sudo will query the group database directly to be sure to include
+# the full list of groups.
+#
+# On some systems, this can be expensive so the behavior is configurable.
+# The "group_source" setting has three possible values:
+# static - use the user's list of groups returned by the kernel.
+# dynamic - query the group database to find the list of groups.
+# adaptive - if user is in less than the maximum number of groups.
+# use the kernel list, else query the group database.
+#
+#Set group_source static
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
- /usr/sbin/rrestore, /usr/bin/mt
+ /usr/sbin/rrestore, /usr/bin/mt, \
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
input/output logging. Third parties can develop and distribute their own
policy and I/O logging plugins to work seamlessly with the s\bsu\bud\bdo\bo front
end. The default security policy is _\bs_\bu_\bd_\bo_\be_\br_\bs, which is configured via the
- file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs, or via LDAP. See the _\bP_\bL_\bU_\bG_\bI_\bN_\bS section for more
+ file _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs, or via LDAP. See the _\bP_\bl_\bu_\bg_\bi_\bn_\bs section for more
information.
The security policy determines what privileges, if any, a user has to run
to read the user's password and output the password to the
standard output. If the SUDO_ASKPASS environment variable is
set, it specifies the path to the helper program. Otherwise,
- if _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf contains a line specifying the askpass
+ if sudo.conf(4) contains a line specifying the askpass
program, that value will be used. For example:
# Path to askpass helper program
C\bCO\bOM\bMM\bMA\bAN\bND\bD E\bEX\bXE\bEC\bCU\bUT\bTI\bIO\bON\bN
When s\bsu\bud\bdo\bo executes a command, the security policy specifies the execution
- envionment for the command. Typically, the real and effective uid and
+ environment for the command. Typically, the real and effective uid and
gid are set to match those of the target user, as specified in the
password database, and the group vector is initialized based on the group
database (unless the -\b-P\bP option was specified).
environment as described above, and calls the execve system call in the
child process. The main s\bsu\bud\bdo\bo process waits until the command has
completed, then passes the command's exit status to the security policy's
- close method and exits. If an I/O logging plugin is configured, a new
- pseudo-terminal (``pty'') is created and a second s\bsu\bud\bdo\bo process is used to
- relay job control signals between the user's existing pty and the new pty
- the command is being run in. This extra process makes it possible to,
- for example, suspend and resume the command. Without it, the command
- would be in what POSIX terms an ``orphaned process group'' and it would
- not receive any job control signals.
+ close function and exits. If an I/O logging plugin is configured or if
+ the security policy explicitly requests it, a new pseudo-terminal
+ (``pty'') is created and a second s\bsu\bud\bdo\bo process is used to relay job
+ control signals between the user's existing pty and the new pty the
+ command is being run in. This extra process makes it possible to, for
+ example, suspend and resume the command. Without it, the command would
+ be in what POSIX terms an ``orphaned process group'' and it would not
+ receive any job control signals. As a special case, if the policy plugin
+ does not define a close function and no pty is required, s\bsu\bud\bdo\bo will
+ execute the command directly instead of calling fork(2) first.
S\bSi\big\bgn\bna\bal\bl h\bha\ban\bnd\bdl\bli\bin\bng\bg
Because the command is run as a child of the s\bsu\bud\bdo\bo process, s\bsu\bud\bdo\bo will
As a special case, s\bsu\bud\bdo\bo will not relay signals that were sent by the
command it is running. This prevents the command from accidentally
killing itself. On some systems, the reboot(1m) command sends SIGTERM to
- all non-system processes other than itself before rebooting the systyem.
+ all non-system processes other than itself before rebooting the system.
This prevents s\bsu\bud\bdo\bo from relaying the SIGTERM signal it received back to
reboot(1m), which might then exit before the system was actually rebooted,
leaving it in a half-dead state similar to single user mode. Note,
run using the e\bex\bxe\bec\bc() family of functions instead of s\bsy\bys\bst\bte\bem\bm() (which
interposes a shell between the command and the calling process).
-P\bPL\bLU\bUG\bGI\bIN\bNS\bS
- Plugins are dynamically loaded based on the contents of the
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file. If no _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file is present, or it
- contains no Plugin lines, s\bsu\bud\bdo\bo will use the traditional _\bs_\bu_\bd_\bo_\be_\br_\bs security
- policy and I/O logging, which corresponds to the following _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
- file.
-
- #
- # Default /etc/sudo.conf file
- #
- # Format:
- # Plugin plugin_name plugin_path plugin_options ...
- # Path askpass /path/to/askpass
- # Path noexec /path/to/sudo_noexec.so
- # Debug sudo /var/log/sudo_debug all@warn
- # Set disable_coredump true
- #
- # The plugin_path is relative to /usr/local/libexec unless
- # fully qualified.
- # The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface structure.
- # The plugin_options are optional.
- #
- Plugin policy_plugin sudoers.so
- Plugin io_plugin sudoers.so
+ If no I/O logging plugins are loaded and the policy plugin has not
+ defined a c\bcl\blo\bos\bse\be() function, set a command timeout or required that the
+ command be run in a new pty, s\bsu\bud\bdo\bo may execute the command directly
+ instead of running it as a child process.
- A Plugin line consists of the Plugin keyword, followed by the _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
- and the _\bp_\ba_\bt_\bh to the shared object containing the plugin. The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
- is the name of the struct policy_plugin or struct io_plugin in the plugin
- shared object. The _\bp_\ba_\bt_\bh may be fully qualified or relative. If not
- fully qualified it is relative to the _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any
- additional parameters after the _\bp_\ba_\bt_\bh are passed as arguments to the
- plugin's _\bo_\bp_\be_\bn function. Lines that don't begin with Plugin, Path, Debug,
- or Set are silently ignored.
-
- For more information, see the sudo_plugin(1m) manual.
-
-P\bPA\bAT\bTH\bHS\bS
- A Path line consists of the Path keyword, followed by the name of the
- path to set and its value. E.g.
-
- Path noexec /usr/local/libexec/sudo_noexec.so
- Path askpass /usr/X11R6/bin/ssh-askpass
-
- The following plugin-agnostic paths may be set in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
- file:
-
- askpass The fully qualified path to a helper program used to read the
- user's password when no terminal is available. This may be the
- case when s\bsu\bud\bdo\bo is executed from a graphical (as opposed to
- text-based) application. The program specified by _\ba_\bs_\bk_\bp_\ba_\bs_\bs
- should display the argument passed to it as the prompt and
- write the user's password to the standard output. The value of
- _\ba_\bs_\bk_\bp_\ba_\bs_\bs may be overridden by the SUDO_ASKPASS environment
- variable.
-
- noexec The fully-qualified path to a shared library containing dummy
- versions of the e\bex\bxe\bec\bcv\bv(), e\bex\bxe\bec\bcv\bve\be() and f\bfe\bex\bxe\bec\bcv\bve\be() library
- functions that just return an error. This is used to implement
- the _\bn_\bo_\be_\bx_\be_\bc functionality on systems that support LD_PRELOAD or
- its equivalent. Defaults to _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
-
-D\bDE\bEB\bBU\bUG\bG F\bFL\bLA\bAG\bGS\bS
- s\bsu\bud\bdo\bo versions 1.8.4 and higher support a flexible debugging framework
- that can help track down what s\bsu\bud\bdo\bo is doing internally if there is a
- problem.
-
- A Debug line consists of the Debug keyword, followed by the name of the
- program to debug (s\bsu\bud\bdo\bo, v\bvi\bis\bsu\bud\bdo\bo, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by), the debug file name and a
- comma-separated list of debug flags. The debug flag syntax used by s\bsu\bud\bdo\bo
- and the _\bs_\bu_\bd_\bo_\be_\br_\bs plugin is _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by but the plugin is free to
- use a different format so long as it does not include a comma (`,').
-
- For instance:
-
- Debug sudo /var/log/sudo_debug all@warn,plugin@info
-
- would log all debugging statements at the _\bw_\ba_\br_\bn level and higher in
- addition to those at the _\bi_\bn_\bf_\bo level for the plugin subsystem.
-
- Currently, only one Debug entry per program is supported. The s\bsu\bud\bdo\bo Debug
- entry is shared by the s\bsu\bud\bdo\bo front end, s\bsu\bud\bdo\boe\bed\bdi\bit\bt and the plugins. A
- future release may add support for per-plugin Debug lines and/or support
- for multiple debugging files for a single program.
-
- The priorities used by the s\bsu\bud\bdo\bo front end, in order of decreasing
- severity, are: _\bc_\br_\bi_\bt, _\be_\br_\br, _\bw_\ba_\br_\bn, _\bn_\bo_\bt_\bi_\bc_\be, _\bd_\bi_\ba_\bg, _\bi_\bn_\bf_\bo, _\bt_\br_\ba_\bc_\be and _\bd_\be_\bb_\bu_\bg.
- Each priority, when specified, also includes all priorities higher than
- it. For example, a priority of _\bn_\bo_\bt_\bi_\bc_\be would include debug messages
- logged at _\bn_\bo_\bt_\bi_\bc_\be and higher.
-
- The following subsystems are used by the s\bsu\bud\bdo\bo front-end:
-
- _\ba_\bl_\bl matches every subsystem
-
- _\ba_\br_\bg_\bs command line argument processing
-
- _\bc_\bo_\bn_\bv user conversation
-
- _\be_\bd_\bi_\bt sudoedit
-
- _\be_\bx_\be_\bc command execution
-
- _\bm_\ba_\bi_\bn s\bsu\bud\bdo\bo main function
-
- _\bn_\be_\bt_\bi_\bf network interface handling
-
- _\bp_\bc_\bo_\bm_\bm communication with the plugin
-
- _\bp_\bl_\bu_\bg_\bi_\bn plugin configuration
-
- _\bp_\bt_\by pseudo-tty related code
-
- _\bs_\be_\bl_\bi_\bn_\bu_\bx SELinux-specific handling
-
- _\bu_\bt_\bi_\bl utility functions
-
- _\bu_\bt_\bm_\bp utmp handling
+ P\bPl\blu\bug\bgi\bin\bns\bs
+ Plugins are dynamically loaded based on the contents of the sudo.conf(4)
+ file. If no sudo.conf(4) file is present, or it contains no Plugin
+ lines, s\bsu\bud\bdo\bo will use the traditional _\bs_\bu_\bd_\bo_\be_\br_\bs security policy and I/O
+ logging. See the sudo.conf(4) manual for details of the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
+ file and the sudo_plugin(1m) manual for more information about the s\bsu\bud\bdo\bo
+ plugin architecture.
E\bEX\bXI\bIT\bT V\bVA\bAL\bLU\bUE\bE
Upon successful execution of a program, the exit status from _\bs_\bu_\bd_\bo will
disables core dumps by default while it is executing (they are re-enabled
for the command that is run). To aid in debugging s\bsu\bud\bdo\bo crashes, you may
wish to re-enable core dumps by setting ``disable_coredump'' to false in
- the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file as follows:
+ the sudo.conf(4) file as follows:
Set disable_coredump false
- Note that by default, most operating systems disable core dumps from
- setuid programs, which includes s\bsu\bud\bdo\bo. To actually get a s\bsu\bud\bdo\bo core file
- you may need to enable core dumps for setuid processes. On BSD and Linux
- systems this is accomplished via the sysctl command, on Solaris the
- coreadm command can be used.
+ See the sudo.conf(4) manual for more information.
E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
s\bsu\bud\bdo\bo utilizes the following environment variables. The security policy
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- grep(1), su(1), stat(2), login_cap(3), passwd(4), sudoers(4),
+ su(1), stat(2), login_cap(3), passwd(4), sudo.conf(4), sudoers(4),
sudo_plugin(1m), sudoreplay(1m), visudo(1m)
H\bHI\bIS\bST\bTO\bOR\bRY\bY
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 10, 2012 Sudo 1.8.6
+Sudo 1.8.7 March 13, 2013 Sudo 1.8.7
--- /dev/null
+SUDO(4) Programmer's Manual SUDO(4)
+
+N\bNA\bAM\bME\bE
+ s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf - configuration for sudo front end
+
+D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
+ The s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf file is used to configure the s\bsu\bud\bdo\bo front end. It specifies
+ the security policy and I/O logging plugins, debug flags as well as
+ plugin-agnostic path names and settings.
+
+ The s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf file supports the following directives, described in detail
+ below.
+
+ Plugin a security policy or I/O logging plugin
+
+ Path a plugin-agnostic path
+
+ Set a front end setting, such as _\bd_\bi_\bs_\ba_\bb_\bl_\be_\b__\bc_\bo_\br_\be_\bd_\bu_\bm_\bp or _\bg_\br_\bo_\bu_\bp_\b__\bs_\bo_\bu_\br_\bc_\be
+
+ Debug debug flags to aid in debugging s\bsu\bud\bdo\bo, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by, v\bvi\bis\bsu\bud\bdo\bo, and
+ the s\bsu\bud\bdo\boe\ber\brs\bs plugin.
+
+ The pound sign (`#') is used to indicate a comment. Both the comment
+ character and any text after it, up to the end of the line, are ignored.
+
+ Long lines can be continued with a backslash (`\') as the last character
+ on the line. Note that leading white space is removed from the beginning
+ of lines even when the continuation character is used.
+
+ Non-comment lines that don't begin with Plugin, Path, Debug, or Set are
+ silently ignored.
+
+ The s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf file is always parsed in the ``C'' locale.
+
+ P\bPl\blu\bug\bgi\bin\bn c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn
+ s\bsu\bud\bdo\bo supports a plugin architecture for security policies and
+ input/output logging. Third parties can develop and distribute their own
+ policy and I/O logging plugins to work seamlessly with the s\bsu\bud\bdo\bo front
+ end. Plugins are dynamically loaded based on the contents of s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf.
+
+ A Plugin line consists of the Plugin keyword, followed by the _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
+ and the _\bp_\ba_\bt_\bh to the shared object containing the plugin. The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
+ is the name of the struct policy_plugin or struct io_plugin in the plugin
+ shared object. The _\bp_\ba_\bt_\bh may be fully qualified or relative. If not
+ fully qualified, it is relative to the _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo directory.
+ In other words:
+
+ Plugin sudoers_policy sudoers.so
+
+ is equivalent to:
+
+ Plugin sudoers_policy /usr/local/libexec/sudo/sudoers.so
+
+ Starting with s\bsu\bud\bdo\bo 1.8.5, any additional parameters after the _\bp_\ba_\bt_\bh are
+ passed as arguments to the plugin's _\bo_\bp_\be_\bn function. For example, to
+ override the compile-time default sudoers file mode:
+
+ Plugin sudoers_policy sudoers.so sudoers_mode=0440
+
+ The same shared object may contain multiple plugins, each with a
+ different symbol name. The shared object file must be owned by uid 0 and
+ only writable by its owner. Because of ambiguities that arise from
+ composite policies, only a single policy plugin may be specified. This
+ limitation does not apply to I/O plugins.
+
+ If no s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf file is present, or if it contains no Plugin lines, the
+ s\bsu\bud\bdo\boe\ber\brs\bs plugin will be used as the default security policy and for I/O
+ logging (if enabled by the policy). This is equivalent to the following:
+
+ Plugin sudoers_policy sudoers.so
+ Plugin sudoers_io sudoers.so
+
+ For more information on the s\bsu\bud\bdo\bo plugin architecture, see the
+ sudo_plugin(1m) manual.
+
+ P\bPa\bat\bth\bh s\bse\bet\btt\bti\bin\bng\bgs\bs
+ A Path line consists of the Path keyword, followed by the name of the
+ path to set and its value. For example:
+
+ Path noexec /usr/local/libexec/sudo/sudo_noexec.so
+ Path askpass /usr/X11R6/bin/ssh-askpass
+
+ The following plugin-agnostic paths may be set in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
+ file:
+
+ askpass The fully qualified path to a helper program used to read the
+ user's password when no terminal is available. This may be the
+ case when s\bsu\bud\bdo\bo is executed from a graphical (as opposed to
+ text-based) application. The program specified by _\ba_\bs_\bk_\bp_\ba_\bs_\bs
+ should display the argument passed to it as the prompt and
+ write the user's password to the standard output. The value of
+ _\ba_\bs_\bk_\bp_\ba_\bs_\bs may be overridden by the SUDO_ASKPASS environment
+ variable.
+
+ noexec The fully-qualified path to a shared library containing dummy
+ versions of the e\bex\bxe\bec\bcv\bv(), e\bex\bxe\bec\bcv\bve\be() and f\bfe\bex\bxe\bec\bcv\bve\be() library
+ functions that just return an error. This is used to implement
+ the _\bn_\bo_\be_\bx_\be_\bc functionality on systems that support LD_PRELOAD or
+ its equivalent. The default value is:
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b/_\bs_\bu_\bd_\bo_\b__\bn_\bo_\be_\bx_\be_\bc_\b._\bs_\bo.
+
+ sesh The fully-qualified path to the s\bse\bes\bsh\bh binary. This setting is
+ only used when s\bsu\bud\bdo\bo is built with SELinux support. The default
+ value is _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo_\b/_\bs_\be_\bs_\bh.
+
+ O\bOt\bth\bhe\ber\br s\bse\bet\btt\bti\bin\bng\bgs\bs
+ The s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf file also supports the following front end settings:
+
+ disable_coredump
+ Core dumps of s\bsu\bud\bdo\bo itself are disabled by default. To aid in
+ debugging s\bsu\bud\bdo\bo crashes, you may wish to re-enable core dumps by
+ setting ``disable_coredump'' to false in s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf as follows:
+
+ Set disable_coredump false
+
+ Note that most operating systems disable core dumps from setuid
+ programs, including s\bsu\bud\bdo\bo. To actually get a s\bsu\bud\bdo\bo core file you
+ will likely need to enable core dumps for setuid processes. On
+ BSD and Linux systems this is accomplished in the sysctl
+ command. On Solaris, the coreadm command is used to configure
+ core dump behavior.
+
+ This setting is only available in s\bsu\bud\bdo\bo version 1.8.4 and
+ higher.
+
+ group_source
+ s\bsu\bud\bdo\bo passes the invoking user's group list to the policy and
+ I/O plugins. On most systems, there is an upper limit to the
+ number of groups that a user may belong to simultaneously
+ (typically 16 for compatibility with NFS). On systems with the
+ getconf(1) utility, running:
+ getconf NGROUPS_MAX
+ will return the maximum number of groups.
+
+ However, it is still possible to be a member of a larger number
+ of groups--they simply won't be included in the group list
+ returned by the kernel for the user. Starting with s\bsu\bud\bdo\bo
+ version 1.8.7, if the user's kernel group list has the maximum
+ number of entries, s\bsu\bud\bdo\bo will consult the group database
+ directly to determine the group list. This makes it possible
+ for the security policy to perform matching by group name even
+ when the user is a member of more than the maximum number of
+ groups.
+
+ The _\bg_\br_\bo_\bu_\bp_\b__\bs_\bo_\bu_\br_\bc_\be setting allows the administrator to change
+ this default behavior. Supported values for _\bg_\br_\bo_\bu_\bp_\b__\bs_\bo_\bu_\br_\bc_\be are:
+
+ static Use the static group list that the kernel returns.
+ Retrieving the group list this way is very fast but
+ it is subject to an upper limit as described above.
+ It is ``static'' in that it does not reflect changes
+ to the group database made after the user logs in.
+ This was the default behavior prior to s\bsu\bud\bdo\bo 1.8.7.
+
+ dynamic Always query the group database directly. It is
+ ``dynamic'' in that changes made to the group
+ database after the user logs in will be reflected in
+ the group list. On some systems, querying the group
+ database for all of a user's groups can be time
+ consuming when querying a network-based group
+ database. Most operating systems provide an
+ efficient method of performing such queries.
+ Currently, s\bsu\bud\bdo\bo supports efficient group queries on
+ AIX, BSD, HP-UX, Linux and Solaris.
+
+ adaptive Only query the group database if the static group
+ list returned by the kernel has the maximum number of
+ entries. This is the default behavior in s\bsu\bud\bdo\bo 1.8.7
+ and higher.
+
+ For example, to cause s\bsu\bud\bdo\bo to only use the kernel's static list
+ of groups for the user:
+
+ Set group_source static
+
+ This setting is only available in s\bsu\bud\bdo\bo version 1.8.7 and
+ higher.
+
+ max_groups
+ The maximum number of user groups to retrieve from the group
+ database. This setting is only used when querying the group
+ database directly. It is intended to be used on systems where
+ it is not possible to detect when the array to be populated
+ with group entries is not sufficiently large. By default, s\bsu\bud\bdo\bo
+ will allocate four times the system's maximum number of groups
+ (see above) and retry with double that number if the group
+ database query fails. However, some systems just return as
+ many entries as will fit and do not indicate an error when
+ there is a lack of space.
+
+ This setting is only available in s\bsu\bud\bdo\bo version 1.8.7 and
+ higher.
+
+ D\bDe\beb\bbu\bug\bg f\bfl\bla\bag\bgs\bs
+ s\bsu\bud\bdo\bo versions 1.8.4 and higher support a flexible debugging framework
+ that can help track down what s\bsu\bud\bdo\bo is doing internally if there is a
+ problem.
+
+ A Debug line consists of the Debug keyword, followed by the name of the
+ program (or plugin) to debug (s\bsu\bud\bdo\bo, v\bvi\bis\bsu\bud\bdo\bo, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by, s\bsu\bud\bdo\boe\ber\brs\bs), the
+ debug file name and a comma-separated list of debug flags. The debug
+ flag syntax used by s\bsu\bud\bdo\bo and the s\bsu\bud\bdo\boe\ber\brs\bs plugin is _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by but
+ a plugin is free to use a different format so long as it does not include
+ a comma (`,').
+
+ For example:
+
+ Debug sudo /var/log/sudo_debug all@warn,plugin@info
+
+ would log all debugging statements at the _\bw_\ba_\br_\bn level and higher in
+ addition to those at the _\bi_\bn_\bf_\bo level for the plugin subsystem.
+
+ Currently, only one Debug entry per program is supported. The s\bsu\bud\bdo\bo Debug
+ entry is shared by the s\bsu\bud\bdo\bo front end, s\bsu\bud\bdo\boe\bed\bdi\bit\bt and the plugins. A
+ future release may add support for per-plugin Debug lines and/or support
+ for multiple debugging files for a single program.
+
+ The priorities used by the s\bsu\bud\bdo\bo front end, in order of decreasing
+ severity, are: _\bc_\br_\bi_\bt, _\be_\br_\br, _\bw_\ba_\br_\bn, _\bn_\bo_\bt_\bi_\bc_\be, _\bd_\bi_\ba_\bg, _\bi_\bn_\bf_\bo, _\bt_\br_\ba_\bc_\be and _\bd_\be_\bb_\bu_\bg.
+ Each priority, when specified, also includes all priorities higher than
+ it. For example, a priority of _\bn_\bo_\bt_\bi_\bc_\be would include debug messages
+ logged at _\bn_\bo_\bt_\bi_\bc_\be and higher.
+
+ The following subsystems are used by the s\bsu\bud\bdo\bo front-end:
+
+ _\ba_\bl_\bl matches every subsystem
+
+ _\ba_\br_\bg_\bs command line argument processing
+
+ _\bc_\bo_\bn_\bv user conversation
+
+ _\be_\bd_\bi_\bt sudoedit
+
+ _\be_\bx_\be_\bc command execution
+
+ _\bm_\ba_\bi_\bn s\bsu\bud\bdo\bo main function
+
+ _\bn_\be_\bt_\bi_\bf network interface handling
+
+ _\bp_\bc_\bo_\bm_\bm communication with the plugin
+
+ _\bp_\bl_\bu_\bg_\bi_\bn plugin configuration
+
+ _\bp_\bt_\by pseudo-tty related code
+
+ _\bs_\be_\bl_\bi_\bn_\bu_\bx SELinux-specific handling
+
+ _\bu_\bt_\bi_\bl utility functions
+
+ _\bu_\bt_\bm_\bp utmp handling
+
+ The sudoers(4) plugin includes support for additional subsystems.
+
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf s\bsu\bud\bdo\bo front end configuration
+
+E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
+ #
+ # Default /etc/sudo.conf file
+ #
+ # Format:
+ # Plugin plugin_name plugin_path plugin_options ...
+ # Path askpass /path/to/askpass
+ # Path noexec /path/to/sudo_noexec.so
+ # Debug sudo /var/log/sudo_debug all@warn
+ # Set disable_coredump true
+ #
+ # The plugin_path is relative to /usr/local/libexec/sudo unless
+ # fully qualified.
+ # The plugin_name corresponds to a global symbol in the plugin
+ # that contains the plugin interface structure.
+ # The plugin_options are optional.
+ #
+ # The sudoers plugin is used by default if no Plugin lines are
+ # present.
+ Plugin sudoers_policy sudoers.so
+ Plugin sudoers_io sudoers.so
+
+ #
+ # Sudo askpass:
+ #
+ # An askpass helper program may be specified to provide a graphical
+ # password prompt for "sudo -A" support. Sudo does not ship with
+ # its own askpass program but can use the OpenSSH askpass.
+ #
+ # Use the OpenSSH askpass
+ #Path askpass /usr/X11R6/bin/ssh-askpass
+ #
+ # Use the Gnome OpenSSH askpass
+ #Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+ #
+ # Sudo noexec:
+ #
+ # Path to a shared library containing dummy versions of the execv(),
+ # execve() and fexecve() library functions that just return an error.
+ # This is used to implement the "noexec" functionality on systems that
+ # support C<LD_PRELOAD> or its equivalent.
+ # The compiled-in value is usually sufficient and should only be
+ # changed if you rename or move the sudo_noexec.so file.
+ #
+ #Path noexec /usr/local/libexec/sudo/sudo_noexec.so
+
+ #
+ # Core dumps:
+ #
+ # By default, sudo disables core dumps while it is executing
+ # (they are re-enabled for the command that is run).
+ # To aid in debugging sudo problems, you may wish to enable core
+ # dumps by setting "disable_coredump" to false.
+ #
+ #Set disable_coredump false
+
+ #
+ # User groups:
+ #
+ # Sudo passes the user's group list to the policy plugin.
+ # If the user is a member of the maximum number of groups (usually 16),
+ # sudo will query the group database directly to be sure to include
+ # the full list of groups.
+ #
+ # On some systems, this can be expensive so the behavior is configurable.
+ # The "group_source" setting has three possible values:
+ # static - use the user's list of groups returned by the kernel.
+ # dynamic - query the group database to find the list of groups.
+ # adaptive - if user is in less than the maximum number of groups.
+ # use the kernel list, else query the group database.
+ #
+ #Set group_source static
+
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ sudoers(4), sudo(1m), sudo_plugin(1m)
+
+H\bHI\bIS\bST\bTO\bOR\bRY\bY
+ See the HISTORY file in the s\bsu\bud\bdo\bo distribution
+ (http://www.sudo.ws/sudo/history.html) for a brief history of sudo.
+
+A\bAU\bUT\bTH\bHO\bOR\bRS\bS
+ Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists of
+ code written primarily by:
+
+ Todd C. Miller
+
+ See the CONTRIBUTORS file in the s\bsu\bud\bdo\bo distribution
+ (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
+ people who have contributed to s\bsu\bud\bdo\bo.
+
+B\bBU\bUG\bGS\bS
+ If you feel you have found a bug in s\bsu\bud\bdo\bo, please submit a bug report at
+ http://www.sudo.ws/sudo/bugs/
+
+S\bSU\bUP\bPP\bPO\bOR\bRT\bT
+ Limited free support is available via the sudo-users mailing list, see
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
+ archives.
+
+D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
+ s\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
+ including, but not limited to, the implied warranties of merchantability
+ and fitness for a particular purpose are disclaimed. See the LICENSE
+ file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
+ complete details.
+
+Sudo 1.8.7 March 14, 2013 Sudo 1.8.7
--- /dev/null
+.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
+.\" IT IS GENERATED AUTOMATICALLY FROM sudo.conf.mdoc.in
+.\"
+.\" Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.TH "SUDO" "5" "March 14, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.nh
+.if n .ad l
+.SH "NAME"
+\fBsudo.conf\fR
+\- configuration for sudo front end
+.SH "DESCRIPTION"
+The
+\fBsudo.conf\fR
+file is used to configure the
+\fBsudo\fR
+front end.
+It specifies the security policy and I/O logging plugins, debug flags
+as well as plugin-agnostic path names and settings.
+.PP
+The
+\fBsudo.conf\fR
+file supports the following directives, described in detail below.
+.TP 10n
+Plugin
+a security policy or I/O logging plugin
+.TP 10n
+Path
+a plugin-agnostic path
+.TP 10n
+Set
+a front end setting, such as
+\fIdisable_coredump\fR
+or
+\fIgroup_source\fR
+.TP 10n
+Debug
+debug flags to aid in debugging
+\fBsudo\fR,
+\fBsudoreplay\fR,
+\fBvisudo\fR,
+and the
+\fBsudoers\fR
+plugin.
+.PP
+The pound sign
+(`#')
+is used to indicate a comment.
+Both the comment character and any text after it, up to the end of
+the line, are ignored.
+.PP
+Long lines can be continued with a backslash
+(`\e')
+as the last character on the line.
+Note that leading white space is removed from the beginning of lines
+even when the continuation character is used.
+.PP
+Non-comment lines that don't begin with
+\fRPlugin\fR,
+\fRPath\fR,
+\fRDebug\fR,
+or
+\fRSet\fR
+are silently ignored.
+.PP
+The
+\fBsudo.conf\fR
+file is always parsed in the
+``\fRC\fR''
+locale.
+.SS "Plugin configuration"
+\fBsudo\fR
+supports a plugin architecture for security policies and input/output
+logging.
+Third parties can develop and distribute their own policy and I/O
+logging plugins to work seamlessly with the
+\fBsudo\fR
+front end.
+Plugins are dynamically loaded based on the contents of
+\fBsudo.conf\fR.
+.PP
+A
+\fRPlugin\fR
+line consists of the
+\fRPlugin\fR
+keyword, followed by the
+\fIsymbol_name\fR
+and the
+\fIpath\fR
+to the shared object containing the plugin.
+The
+\fIsymbol_name\fR
+is the name of the
+\fRstruct policy_plugin\fR
+or
+\fRstruct io_plugin\fR
+in the plugin shared object.
+The
+\fIpath\fR
+may be fully qualified or relative.
+If not fully qualified, it is relative to the
+\fI@PLUGINDIR@\fR
+directory.
+In other words:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so
+.RE
+.fi
+.PP
+is equivalent to:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy @PLUGINDIR@/sudoers.so
+.RE
+.fi
+.PP
+Starting with
+\fBsudo\fR
+1.8.5, any additional parameters after the
+\fIpath\fR
+are passed as arguments to the plugin's
+\fIopen\fR
+function.
+For example, to override the compile-time default sudoers file mode:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so sudoers_mode=0440
+.RE
+.fi
+.PP
+The same shared object may contain multiple plugins, each with a
+different symbol name.
+The shared object file must be owned by uid 0 and only writable by its owner.
+Because of ambiguities that arise from composite policies, only a single
+policy plugin may be specified.
+This limitation does not apply to I/O plugins.
+.PP
+If no
+\fBsudo.conf\fR
+file is present, or if it contains no
+\fRPlugin\fR
+lines, the
+\fBsudoers\fR
+plugin will be used as the default security policy and for I/O logging
+(if enabled by the policy).
+This is equivalent to the following:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+.RE
+.fi
+.PP
+For more information on the
+\fBsudo\fR
+plugin architecture, see the
+sudo_plugin(@mansectsu@)
+manual.
+.SS "Path settings"
+A
+\fRPath\fR
+line consists of the
+\fRPath\fR
+keyword, followed by the name of the path to set and its value.
+For example:
+.nf
+.sp
+.RS 6n
+Path noexec @noexec_file@
+Path askpass /usr/X11R6/bin/ssh-askpass
+.RE
+.fi
+.PP
+The following plugin-agnostic paths may be set in the
+\fI@sysconfdir@/sudo.conf\fR
+file:
+.TP 10n
+askpass
+The fully qualified path to a helper program used to read the user's
+password when no terminal is available.
+This may be the case when
+\fBsudo\fR
+is executed from a graphical (as opposed to text-based) application.
+The program specified by
+\fIaskpass\fR
+should display the argument passed to it as the prompt and write
+the user's password to the standard output.
+The value of
+\fIaskpass\fR
+may be overridden by the
+\fRSUDO_ASKPASS\fR
+environment variable.
+.TP 10n
+noexec
+The fully-qualified path to a shared library containing dummy
+versions of the
+\fBexecv\fR(),
+\fBexecve\fR()
+and
+\fBfexecve\fR()
+library functions that just return an error.
+This is used to implement the
+\fInoexec\fR
+functionality on systems that support
+\fRLD_PRELOAD\fR
+or its equivalent.
+The default value is:
+\fI@noexec_file@\fR.
+.TP 10n
+sesh
+The fully-qualified path to the
+\fBsesh\fR
+binary.
+This setting is only used when
+\fBsudo\fR
+is built with SELinux support.
+The default value is
+\fI@sesh_file@\fR.
+.SS "Other settings"
+The
+\fBsudo.conf\fR
+file also supports the following front end settings:
+.TP 10n
+disable_coredump
+Core dumps of
+\fBsudo\fR
+itself are disabled by default.
+To aid in debugging
+\fBsudo\fR
+crashes, you may wish to re-enable core dumps by setting
+``disable_coredump''
+to false in
+\fBsudo.conf\fR
+as follows:
+.RS
+.nf
+.sp
+.RS 6n
+Set disable_coredump false
+.RE
+.fi
+.sp
+Note that most operating systems disable core dumps from setuid programs,
+including
+\fBsudo\fR.
+To actually get a
+\fBsudo\fR
+core file you will likely need to enable core dumps for setuid processes.
+On BSD and Linux systems this is accomplished in the
+sysctl
+command.
+On Solaris, the
+coreadm
+command is used to configure core dump behavior.
+.sp
+This setting is only available in
+\fBsudo\fR
+version 1.8.4 and higher.
+.PP
+.RE
+.PD 0
+.TP 10n
+group_source
+\fBsudo\fR
+passes the invoking user's group list to the policy and I/O plugins.
+On most systems, there is an upper limit to the number of groups that
+a user may belong to simultaneously (typically 16 for compatibility
+with NFS).
+On systems with the
+getconf(1)
+utility, running:
+.RS 6n
+getconf NGROUPS_MAX
+.RE
+will return the maximum number of groups.
+.sp
+However, it is still possible to be a member of a larger number of
+groups--they simply won't be included in the group list returned
+by the kernel for the user.
+Starting with
+\fBsudo\fR
+version 1.8.7, if the user's kernel group list has the maximum number
+of entries,
+\fBsudo\fR
+will consult the group database directly to determine the group list.
+This makes it possible for the security policy to perform matching by group
+name even when the user is a member of more than the maximum number of groups.
+.sp
+The
+\fIgroup_source\fR
+setting allows the administrator to change this default behavior.
+Supported values for
+\fIgroup_source\fR
+are:
+.RS
+.PD
+.TP 10n
+static
+Use the static group list that the kernel returns.
+Retrieving the group list this way is very fast but it is subject
+to an upper limit as described above.
+It is
+``static''
+in that it does not reflect changes to the group database made
+after the user logs in.
+This was the default behavior prior to
+\fBsudo\fR
+1.8.7.
+.TP 10n
+dynamic
+Always query the group database directly.
+It is
+``dynamic''
+in that changes made to the group database after the user logs in
+will be reflected in the group list.
+On some systems, querying the group database for all of a user's
+groups can be time consuming when querying a network-based group
+database.
+Most operating systems provide an efficient method of performing
+such queries.
+Currently,
+\fBsudo\fR
+supports efficient group queries on AIX, BSD, HP-UX, Linux and
+Solaris.
+.TP 10n
+adaptive
+Only query the group database if the static group list returned
+by the kernel has the maximum number of entries.
+This is the default behavior in
+\fBsudo\fR
+1.8.7 and higher.
+.PP
+For example, to cause
+\fBsudo\fR
+to only use the kernel's static list of groups for the user:
+.nf
+.sp
+.RS 6n
+Set group_source static
+.RE
+.fi
+.sp
+This setting is only available in
+\fBsudo\fR
+version 1.8.7 and higher.
+.PP
+.RE
+.PD 0
+.TP 10n
+max_groups
+The maximum number of user groups to retrieve from the group database.
+This setting is only used when querying the group database directly.
+It is intended to be used on systems where it is not possible to detect
+when the array to be populated with group entries is not sufficiently large.
+By default,
+\fBsudo\fR
+will allocate four times the system's maximum number of groups (see above)
+and retry with double that number if the group database query fails.
+However, some systems just return as many entries as will fit and
+do not indicate an error when there is a lack of space.
+.sp
+This setting is only available in
+\fBsudo\fR
+version 1.8.7 and higher.
+.PD
+.SS "Debug flags"
+\fBsudo\fR
+versions 1.8.4 and higher support a flexible debugging framework
+that can help track down what
+\fBsudo\fR
+is doing internally if there is a problem.
+.PP
+A
+\fRDebug\fR
+line consists of the
+\fRDebug\fR
+keyword, followed by the name of the program (or plugin) to debug
+(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR, \fBsudoers\fR),
+the debug file name and a comma-separated list of debug flags. The
+debug flag syntax used by
+\fBsudo\fR
+and the
+\fBsudoers\fR
+plugin is
+\fIsubsystem\fR@\fIpriority\fR
+but a plugin is free to use a different format so long as it does
+not include a comma
+(`\&,').
+.PP
+For example:
+.nf
+.sp
+.RS 6n
+Debug sudo /var/log/sudo_debug all@warn,plugin@info
+.RE
+.fi
+.PP
+would log all debugging statements at the
+\fIwarn\fR
+level and higher in addition to those at the
+\fIinfo\fR
+level for the plugin subsystem.
+.PP
+Currently, only one
+\fRDebug\fR
+entry per program is supported. The
+\fBsudo\fR
+\fRDebug\fR
+entry is shared by the
+\fBsudo\fR
+front end,
+\fBsudoedit\fR
+and the plugins. A future release may add support for per-plugin
+\fRDebug\fR
+lines and/or support for multiple debugging files for a single
+program.
+.PP
+The priorities used by the
+\fBsudo\fR
+front end, in order of decreasing severity, are:
+\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
+and
+\fIdebug\fR.
+Each priority, when specified, also includes all priorities higher
+than it. For example, a priority of
+\fInotice\fR
+would include debug messages logged at
+\fInotice\fR
+and higher.
+.PP
+The following subsystems are used by the
+\fBsudo\fR
+front-end:
+.TP 12n
+\fIall\fR
+matches every subsystem
+.TP 12n
+\fIargs\fR
+command line argument processing
+.TP 12n
+\fIconv\fR
+user conversation
+.TP 12n
+\fIedit\fR
+sudoedit
+.TP 12n
+\fIexec\fR
+command execution
+.TP 12n
+\fImain\fR
+\fBsudo\fR
+main function
+.TP 12n
+\fInetif\fR
+network interface handling
+.TP 12n
+\fIpcomm\fR
+communication with the plugin
+.TP 12n
+\fIplugin\fR
+plugin configuration
+.TP 12n
+\fIpty\fR
+pseudo-tty related code
+.TP 12n
+\fIselinux\fR
+SELinux-specific handling
+.TP 12n
+\fIutil\fR
+utility functions
+.TP 12n
+\fIutmp\fR
+utmp handling
+.PP
+The
+sudoers(@mansectform@)
+plugin includes support for additional subsystems.
+.SH "FILES"
+.TP 26n
+\fI@sysconfdir@/sudo.conf\fR
+\fBsudo\fR
+front end configuration
+.SH "EXAMPLES"
+.nf
+.RS 0n
+#
+# Default @sysconfdir@/sudo.conf file
+#
+# Format:
+# Plugin plugin_name plugin_path plugin_options ...
+# Path askpass /path/to/askpass
+# Path noexec /path/to/sudo_noexec.so
+# Debug sudo /var/log/sudo_debug all@warn
+# Set disable_coredump true
+#
+# The plugin_path is relative to @PLUGINDIR@ unless
+# fully qualified.
+# The plugin_name corresponds to a global symbol in the plugin
+# that contains the plugin interface structure.
+# The plugin_options are optional.
+#
+# The sudoers plugin is used by default if no Plugin lines are
+# present.
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+
+#
+# Sudo askpass:
+#
+# An askpass helper program may be specified to provide a graphical
+# password prompt for "sudo -A" support. Sudo does not ship with
+# its own askpass program but can use the OpenSSH askpass.
+#
+# Use the OpenSSH askpass
+#Path askpass /usr/X11R6/bin/ssh-askpass
+#
+# Use the Gnome OpenSSH askpass
+#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+#
+# Sudo noexec:
+#
+# Path to a shared library containing dummy versions of the execv(),
+# execve() and fexecve() library functions that just return an error.
+# This is used to implement the "noexec" functionality on systems that
+# support C<LD_PRELOAD> or its equivalent.
+# The compiled-in value is usually sufficient and should only be
+# changed if you rename or move the sudo_noexec.so file.
+#
+#Path noexec @noexec_file@
+
+#
+# Core dumps:
+#
+# By default, sudo disables core dumps while it is executing
+# (they are re-enabled for the command that is run).
+# To aid in debugging sudo problems, you may wish to enable core
+# dumps by setting "disable_coredump" to false.
+#
+#Set disable_coredump false
+
+#
+# User groups:
+#
+# Sudo passes the user's group list to the policy plugin.
+# If the user is a member of the maximum number of groups (usually 16),
+# sudo will query the group database directly to be sure to include
+# the full list of groups.
+#
+# On some systems, this can be expensive so the behavior is configurable.
+# The "group_source" setting has three possible values:
+# static - use the user's list of groups returned by the kernel.
+# dynamic - query the group database to find the list of groups.
+# adaptive - if user is in less than the maximum number of groups.
+# use the kernel list, else query the group database.
+#
+#Set group_source static
+.RE
+.fi
+.SH "SEE ALSO"
+sudoers(@mansectform@),
+sudo(@mansectsu@),
+sudo_plugin(@mansectsu@)
+.SH "HISTORY"
+See the HISTORY file in the
+\fBsudo\fR
+distribution (http://www.sudo.ws/sudo/history.html) for a brief
+history of sudo.
+.SH "AUTHORS"
+Many people have worked on
+\fBsudo\fR
+over the years; this version consists of code written primarily by:
+.sp
+.RS 6n
+Todd C. Miller
+.RE
+.PP
+See the CONTRIBUTORS file in the
+\fBsudo\fR
+distribution (http://www.sudo.ws/sudo/contributors.html) for an
+exhaustive list of people who have contributed to
+\fBsudo\fR.
+.SH "BUGS"
+If you feel you have found a bug in
+\fBsudo\fR,
+please submit a bug report at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+\fBsudo\fR
+is provided
+``AS IS''
+and any express or implied warranties, including, but not limited
+to, the implied warranties of merchantability and fitness for a
+particular purpose are disclaimed.
+See the LICENSE file distributed with
+\fBsudo\fR
+or http://www.sudo.ws/sudo/license.html for complete details.
--- /dev/null
+.\"
+.\" Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd March 14, 2013
+.Dt SUDO @mansectform@
+.Os Sudo @PACKAGE_VERSION@
+.Sh NAME
+.Nm sudo.conf
+.Nd configuration for sudo front end
+.Sh DESCRIPTION
+The
+.Nm sudo.conf
+file is used to configure the
+.Nm sudo
+front end.
+It specifies the security policy and I/O logging plugins, debug flags
+as well as plugin-agnostic path names and settings.
+.Pp
+The
+.Nm sudo.conf
+file supports the following directives, described in detail below.
+.Bl -tag -width 8n
+.It Plugin
+a security policy or I/O logging plugin
+.It Path
+a plugin-agnostic path
+.It Set
+a front end setting, such as
+.Em disable_coredump
+or
+.Em group_source
+.It Debug
+debug flags to aid in debugging
+.Nm sudo ,
+.Nm sudoreplay ,
+.Nm visudo ,
+and the
+.Nm sudoers
+plugin.
+.El
+.Pp
+The pound sign
+.Pq Ql #
+is used to indicate a comment.
+Both the comment character and any text after it, up to the end of
+the line, are ignored.
+.Pp
+Long lines can be continued with a backslash
+.Pq Ql \e
+as the last character on the line.
+Note that leading white space is removed from the beginning of lines
+even when the continuation character is used.
+.Pp
+Non-comment lines that don't begin with
+.Li Plugin ,
+.Li Path ,
+.Li Debug ,
+or
+.Li Set
+are silently ignored.
+.Pp
+The
+.Nm sudo.conf
+file is always parsed in the
+.Dq Li C
+locale.
+.Ss Plugin configuration
+.Nm sudo
+supports a plugin architecture for security policies and input/output
+logging.
+Third parties can develop and distribute their own policy and I/O
+logging plugins to work seamlessly with the
+.Nm sudo
+front end.
+Plugins are dynamically loaded based on the contents of
+.Nm sudo.conf .
+.Pp
+A
+.Li Plugin
+line consists of the
+.Li Plugin
+keyword, followed by the
+.Em symbol_name
+and the
+.Em path
+to the shared object containing the plugin.
+The
+.Em symbol_name
+is the name of the
+.Li struct policy_plugin
+or
+.Li struct io_plugin
+in the plugin shared object.
+The
+.Em path
+may be fully qualified or relative.
+If not fully qualified, it is relative to the
+.Pa @PLUGINDIR@
+directory.
+In other words:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so
+.Ed
+.Pp
+is equivalent to:
+.Bd -literal -offset indent
+Plugin sudoers_policy @PLUGINDIR@/sudoers.so
+.Ed
+.Pp
+Starting with
+.Nm sudo
+1.8.5, any additional parameters after the
+.Em path
+are passed as arguments to the plugin's
+.Em open
+function.
+For example, to override the compile-time default sudoers file mode:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so sudoers_mode=0440
+.Ed
+.Pp
+The same shared object may contain multiple plugins, each with a
+different symbol name.
+The shared object file must be owned by uid 0 and only writable by its owner.
+Because of ambiguities that arise from composite policies, only a single
+policy plugin may be specified.
+This limitation does not apply to I/O plugins.
+.Pp
+If no
+.Nm sudo.conf
+file is present, or if it contains no
+.Li Plugin
+lines, the
+.Nm sudoers
+plugin will be used as the default security policy and for I/O logging
+(if enabled by the policy).
+This is equivalent to the following:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+.Ed
+.Pp
+For more information on the
+.Nm sudo
+plugin architecture, see the
+.Xr sudo_plugin @mansectsu@
+manual.
+.Ss Path settings
+A
+.Li Path
+line consists of the
+.Li Path
+keyword, followed by the name of the path to set and its value.
+For example:
+.Bd -literal -offset indent
+Path noexec @noexec_file@
+Path askpass /usr/X11R6/bin/ssh-askpass
+.Ed
+.Pp
+The following plugin-agnostic paths may be set in the
+.Pa @sysconfdir@/sudo.conf
+file:
+.Bl -tag -width 8n
+.It askpass
+The fully qualified path to a helper program used to read the user's
+password when no terminal is available.
+This may be the case when
+.Nm sudo
+is executed from a graphical (as opposed to text-based) application.
+The program specified by
+.Em askpass
+should display the argument passed to it as the prompt and write
+the user's password to the standard output.
+The value of
+.Em askpass
+may be overridden by the
+.Ev SUDO_ASKPASS
+environment variable.
+.It noexec
+The fully-qualified path to a shared library containing dummy
+versions of the
+.Fn execv ,
+.Fn execve
+and
+.Fn fexecve
+library functions that just return an error.
+This is used to implement the
+.Em noexec
+functionality on systems that support
+.Ev LD_PRELOAD
+or its equivalent.
+The default value is:
+.Pa @noexec_file@ .
+.It sesh
+The fully-qualified path to the
+.Nm sesh
+binary.
+This setting is only used when
+.Nm sudo
+is built with SELinux support.
+The default value is
+.Pa @sesh_file@ .
+.El
+.Ss Other settings
+The
+.Nm sudo.conf
+file also supports the following front end settings:
+.Bl -tag -width 8n
+.It disable_coredump
+Core dumps of
+.Nm sudo
+itself are disabled by default.
+To aid in debugging
+.Nm sudo
+crashes, you may wish to re-enable core dumps by setting
+.Dq disable_coredump
+to false in
+.Nm sudo.conf
+as follows:
+.Bd -literal -offset indent
+Set disable_coredump false
+.Ed
+.Pp
+Note that most operating systems disable core dumps from setuid programs,
+including
+.Nm sudo .
+To actually get a
+.Nm sudo
+core file you will likely need to enable core dumps for setuid processes.
+On BSD and Linux systems this is accomplished in the
+.Xr sysctl
+command.
+On Solaris, the
+.Xr coreadm
+command is used to configure core dump behavior.
+.Pp
+This setting is only available in
+.Nm sudo
+version 1.8.4 and higher.
+.It group_source
+.Nm sudo
+passes the invoking user's group list to the policy and I/O plugins.
+On most systems, there is an upper limit to the number of groups that
+a user may belong to simultaneously (typically 16 for compatibility
+with NFS).
+On systems with the
+.Xr getconf 1
+utility, running:
+.Dl getconf NGROUPS_MAX
+will return the maximum number of groups.
+.Pp
+However, it is still possible to be a member of a larger number of
+groups--they simply won't be included in the group list returned
+by the kernel for the user.
+Starting with
+.Nm sudo
+version 1.8.7, if the user's kernel group list has the maximum number
+of entries,
+.Nm sudo
+will consult the group database directly to determine the group list.
+This makes it possible for the security policy to perform matching by group
+name even when the user is a member of more than the maximum number of groups.
+.Pp
+The
+.Em group_source
+setting allows the administrator to change this default behavior.
+Supported values for
+.Em group_source
+are:
+.Bl -tag -width 8n
+.It static
+Use the static group list that the kernel returns.
+Retrieving the group list this way is very fast but it is subject
+to an upper limit as described above.
+It is
+.Dq static
+in that it does not reflect changes to the group database made
+after the user logs in.
+This was the default behavior prior to
+.Nm sudo
+1.8.7.
+.It dynamic
+Always query the group database directly.
+It is
+.Dq dynamic
+in that changes made to the group database after the user logs in
+will be reflected in the group list.
+On some systems, querying the group database for all of a user's
+groups can be time consuming when querying a network-based group
+database.
+Most operating systems provide an efficient method of performing
+such queries.
+Currently,
+.Nm sudo
+supports efficient group queries on AIX, BSD, HP-UX, Linux and
+Solaris.
+.It adaptive
+Only query the group database if the static group list returned
+by the kernel has the maximum number of entries.
+This is the default behavior in
+.Nm sudo
+1.8.7 and higher.
+.El
+.Pp
+For example, to cause
+.Nm sudo
+to only use the kernel's static list of groups for the user:
+.Bd -literal -offset indent
+Set group_source static
+.Ed
+.Pp
+This setting is only available in
+.Nm sudo
+version 1.8.7 and higher.
+.It max_groups
+The maximum number of user groups to retrieve from the group database.
+This setting is only used when querying the group database directly.
+It is intended to be used on systems where it is not possible to detect
+when the array to be populated with group entries is not sufficiently large.
+By default,
+.Nm sudo
+will allocate four times the system's maximum number of groups (see above)
+and retry with double that number if the group database query fails.
+However, some systems just return as many entries as will fit and
+do not indicate an error when there is a lack of space.
+.Pp
+This setting is only available in
+.Nm sudo
+version 1.8.7 and higher.
+.El
+.Ss Debug flags
+.Nm sudo
+versions 1.8.4 and higher support a flexible debugging framework
+that can help track down what
+.Nm sudo
+is doing internally if there is a problem.
+.Pp
+A
+.Li Debug
+line consists of the
+.Li Debug
+keyword, followed by the name of the program (or plugin) to debug
+.Pq Nm sudo , Nm visudo , Nm sudoreplay , Nm sudoers ,
+the debug file name and a comma-separated list of debug flags. The
+debug flag syntax used by
+.Nm sudo
+and the
+.Nm sudoers
+plugin is
+.Em subsystem Ns No @ Ns Em priority
+but a plugin is free to use a different format so long as it does
+not include a comma
+.Pq Ql \&, .
+.Pp
+For example:
+.Bd -literal -offset indent
+Debug sudo /var/log/sudo_debug all@warn,plugin@info
+.Ed
+.Pp
+would log all debugging statements at the
+.Em warn
+level and higher in addition to those at the
+.Em info
+level for the plugin subsystem.
+.Pp
+Currently, only one
+.Li Debug
+entry per program is supported. The
+.Nm sudo
+.Li Debug
+entry is shared by the
+.Nm sudo
+front end,
+.Nm sudoedit
+and the plugins. A future release may add support for per-plugin
+.Li Debug
+lines and/or support for multiple debugging files for a single
+program.
+.Pp
+The priorities used by the
+.Nm sudo
+front end, in order of decreasing severity, are:
+.Em crit , err , warn , notice , diag , info , trace
+and
+.Em debug .
+Each priority, when specified, also includes all priorities higher
+than it. For example, a priority of
+.Em notice
+would include debug messages logged at
+.Em notice
+and higher.
+.Pp
+The following subsystems are used by the
+.Nm sudo
+front-end:
+.Bl -tag -width Fl
+.It Em all
+matches every subsystem
+.It Em args
+command line argument processing
+.It Em conv
+user conversation
+.It Em edit
+sudoedit
+.It Em exec
+command execution
+.It Em main
+.Nm sudo
+main function
+.It Em netif
+network interface handling
+.It Em pcomm
+communication with the plugin
+.It Em plugin
+plugin configuration
+.It Em pty
+pseudo-tty related code
+.It Em selinux
+SELinux-specific handling
+.It Em util
+utility functions
+.It Em utmp
+utmp handling
+.El
+.Pp
+The
+.Xr sudoers @mansectform@
+plugin includes support for additional subsystems.
+.Sh FILES
+.Bl -tag -width 24n
+.It Pa @sysconfdir@/sudo.conf
+.Nm sudo
+front end configuration
+.El
+.Sh EXAMPLES
+.Bd -literal
+#
+# Default @sysconfdir@/sudo.conf file
+#
+# Format:
+# Plugin plugin_name plugin_path plugin_options ...
+# Path askpass /path/to/askpass
+# Path noexec /path/to/sudo_noexec.so
+# Debug sudo /var/log/sudo_debug all@warn
+# Set disable_coredump true
+#
+# The plugin_path is relative to @PLUGINDIR@ unless
+# fully qualified.
+# The plugin_name corresponds to a global symbol in the plugin
+# that contains the plugin interface structure.
+# The plugin_options are optional.
+#
+# The sudoers plugin is used by default if no Plugin lines are
+# present.
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+
+#
+# Sudo askpass:
+#
+# An askpass helper program may be specified to provide a graphical
+# password prompt for "sudo -A" support. Sudo does not ship with
+# its own askpass program but can use the OpenSSH askpass.
+#
+# Use the OpenSSH askpass
+#Path askpass /usr/X11R6/bin/ssh-askpass
+#
+# Use the Gnome OpenSSH askpass
+#Path askpass /usr/libexec/openssh/gnome-ssh-askpass
+
+#
+# Sudo noexec:
+#
+# Path to a shared library containing dummy versions of the execv(),
+# execve() and fexecve() library functions that just return an error.
+# This is used to implement the "noexec" functionality on systems that
+# support C<LD_PRELOAD> or its equivalent.
+# The compiled-in value is usually sufficient and should only be
+# changed if you rename or move the sudo_noexec.so file.
+#
+#Path noexec @noexec_file@
+
+#
+# Core dumps:
+#
+# By default, sudo disables core dumps while it is executing
+# (they are re-enabled for the command that is run).
+# To aid in debugging sudo problems, you may wish to enable core
+# dumps by setting "disable_coredump" to false.
+#
+#Set disable_coredump false
+
+#
+# User groups:
+#
+# Sudo passes the user's group list to the policy plugin.
+# If the user is a member of the maximum number of groups (usually 16),
+# sudo will query the group database directly to be sure to include
+# the full list of groups.
+#
+# On some systems, this can be expensive so the behavior is configurable.
+# The "group_source" setting has three possible values:
+# static - use the user's list of groups returned by the kernel.
+# dynamic - query the group database to find the list of groups.
+# adaptive - if user is in less than the maximum number of groups.
+# use the kernel list, else query the group database.
+#
+#Set group_source static
+.Ed
+.Sh SEE ALSO
+.Xr sudoers @mansectform@ ,
+.Xr sudo @mansectsu@ ,
+.Xr sudo_plugin @mansectsu@
+.Sh HISTORY
+See the HISTORY file in the
+.Nm sudo
+distribution (http://www.sudo.ws/sudo/history.html) for a brief
+history of sudo.
+.Sh AUTHORS
+Many people have worked on
+.Nm sudo
+over the years; this version consists of code written primarily by:
+.Bd -ragged -offset indent
+Todd C. Miller
+.Ed
+.Pp
+See the CONTRIBUTORS file in the
+.Nm sudo
+distribution (http://www.sudo.ws/sudo/contributors.html) for an
+exhaustive list of people who have contributed to
+.Nm sudo .
+.Sh BUGS
+If you feel you have found a bug in
+.Nm sudo ,
+please submit a bug report at http://www.sudo.ws/sudo/bugs/
+.Sh SUPPORT
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+.Sh DISCLAIMER
+.Nm sudo
+is provided
+.Dq AS IS
+and any express or implied warranties, including, but not limited
+to, the implied warranties of merchantability and fitness for a
+particular purpose are disclaimed.
+See the LICENSE file distributed with
+.Nm sudo
+or http://www.sudo.ws/sudo/license.html for complete details.
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudo.mdoc.in
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDO" "@mansectsu@" "July 10, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "March 13, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fI@sysconfdir@/sudoers\fR,
or via LDAP.
See the
-\fIPLUGINS\fR
+\fIPlugins\fR
section for more information.
.PP
The security policy determines what privileges, if any, a user has
environment variable is set, it specifies the path to the helper
program.
Otherwise, if
-\fI@sysconfdir@/sudo.conf\fR
+sudo.conf(@mansectform@)
contains a line specifying the askpass program, that value will be
used.
For example:
When
\fBsudo\fR
executes a command, the security policy specifies the execution
-envionment for the command.
+environment for the command.
Typically, the real and effective uid and gid are set to
match those of the target user, as specified in the password database,
and the group vector is initialized based on the group database
The main
\fBsudo\fR
process waits until the command has completed, then passes the
-command's exit status to the security policy's close method and exits.
-If an I/O logging plugin is configured, a new pseudo-terminal
+command's exit status to the security policy's close function and exits.
+If an I/O logging plugin is configured or if the security policy
+explicitly requests it, a new pseudo-terminal
(``pty'')
is created and a second
\fBsudo\fR
Without it, the command would be in what POSIX terms an
``orphaned process group''
and it would not receive any job control signals.
+As a special case, if the policy plugin does not define a close
+function and no pty is required,
+\fBsudo\fR
+will execute the command directly instead of calling
+fork(2)
+first.
.SS "Signal handling"
Because the command is run as a child of the
\fBsudo\fR
command sends
\fRSIGTERM\fR
to all non-system processes other than itself before rebooting
-the systyem.
+the system.
This prevents
\fBsudo\fR
from relaying the
family of functions instead of
\fBsystem\fR()
(which interposes a shell between the command and the calling process).
-.SH "PLUGINS"
+.PP
+If no I/O logging plugins are loaded and the policy plugin has not
+defined a
+\fBclose\fR()
+function, set a command timeout or required that the command be
+run in a new pty,
+\fBsudo\fR
+may execute the command directly instead of running it as a child process.
+.SS "Plugins"
Plugins are dynamically loaded based on the contents of the
-\fI@sysconfdir@/sudo.conf\fR
+sudo.conf(@mansectform@)
file.
If no
-\fI@sysconfdir@/sudo.conf\fR
+sudo.conf(@mansectform@)
file is present, or it contains no
\fRPlugin\fR
lines,
\fBsudo\fR
will use the traditional
\fIsudoers\fR
-security policy and I/O logging, which corresponds to the following
+security policy and I/O logging.
+See the
+sudo.conf(@mansectform@)
+manual for details of the
\fI@sysconfdir@/sudo.conf\fR
-file.
-.nf
-.sp
-.RS 0n
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
-.RE
-.fi
-.PP
-A
-\fRPlugin\fR
-line consists of the
-\fRPlugin\fR
-keyword, followed by the
-\fIsymbol_name\fR
-and the
-\fIpath\fR
-to the shared object containing the plugin.
-The
-\fIsymbol_name\fR
-is the name of the
-\fRstruct policy_plugin\fR
-or
-\fRstruct io_plugin\fR
-in the plugin shared object.
-The
-\fIpath\fR
-may be fully qualified or relative.
-If not fully qualified it is relative to the
-\fI@prefix@/libexec\fR
-directory.
-Any additional parameters after the
-\fIpath\fR
-are passed as arguments to the plugin's
-\fIopen\fR
-function.
-Lines that don't begin with
-\fRPlugin\fR,
-\fRPath\fR,
-\fRDebug\fR,
-or
-\fRSet\fR
-are silently ignored.
-.PP
-For more information, see the
+file and the
sudo_plugin(@mansectsu@)
-manual.
-.SH "PATHS"
-A
-\fRPath\fR
-line consists of the
-\fRPath\fR
-keyword, followed by the name of the path to set and its value.
-E.g.
-.nf
-.sp
-.RS 6n
-Path noexec @noexec_file@
-Path askpass /usr/X11R6/bin/ssh-askpass
-.RE
-.fi
-.PP
-The following plugin-agnostic paths may be set in the
-\fI@sysconfdir@/sudo.conf\fR
-file:
-.TP 10n
-askpass
-The fully qualified path to a helper program used to read the user's
-password when no terminal is available.
-This may be the case when
-\fBsudo\fR
-is executed from a graphical (as opposed to text-based) application.
-The program specified by
-\fIaskpass\fR
-should display the argument passed to it as the prompt and write
-the user's password to the standard output.
-The value of
-\fIaskpass\fR
-may be overridden by the
-\fRSUDO_ASKPASS\fR
-environment variable.
-.TP 10n
-noexec
-The fully-qualified path to a shared library containing dummy
-versions of the
-\fBexecv\fR(),
-\fBexecve\fR()
-and
-\fBfexecve\fR()
-library functions that just return an error.
-This is used to implement the
-\fInoexec\fR
-functionality on systems that support
-\fRLD_PRELOAD\fR
-or its equivalent.
-Defaults to
-\fI@noexec_file@\fR.
-.SH "DEBUG FLAGS"
-\fBsudo\fR
-versions 1.8.4 and higher support a flexible debugging framework
-that can help track down what
+manual for more information about the
\fBsudo\fR
-is doing internally if there is a problem.
-.PP
-A
-\fRDebug\fR
-line consists of the
-\fRDebug\fR
-keyword, followed by the name of the program to debug
-(\fBsudo\fR, \fBvisudo\fR, \fBsudoreplay\fR),
-the debug file name and a comma-separated list of debug flags.
-The debug flag syntax used by
-\fBsudo\fR
-and the
-\fIsudoers\fR
-plugin is
-\fIsubsystem\fR@\fIpriority\fR
-but the plugin is free to use a different format so long as it does
-not include a comma
-(`\&,').
-.PP
-For instance:
-.nf
-.sp
-.RS 6n
-Debug sudo /var/log/sudo_debug all@warn,plugin@info
-.RE
-.fi
-.PP
-would log all debugging statements at the
-\fIwarn\fR
-level and higher in addition to those at the
-\fIinfo\fR
-level for the plugin subsystem.
-.PP
-Currently, only one
-\fRDebug\fR
-entry per program is supported.
-The
-\fBsudo\fR
-\fRDebug\fR
-entry is shared by the
-\fBsudo\fR
-front end,
-\fBsudoedit\fR
-and the plugins.
-A future release may add support for per-plugin
-\fRDebug\fR
-lines and/or support for multiple debugging files for a single
-program.
-.PP
-The priorities used by the
-\fBsudo\fR
-front end, in order of decreasing severity, are:
-\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
-and
-\fIdebug\fR.
-Each priority, when specified, also includes all priorities higher
-than it.
-For example, a priority of
-\fInotice\fR
-would include debug messages logged at
-\fInotice\fR
-and higher.
-.PP
-The following subsystems are used by the
-\fBsudo\fR
-front-end:
-.TP 12n
-\fIall\fR
-matches every subsystem
-.TP 12n
-\fIargs\fR
-command line argument processing
-.TP 12n
-\fIconv\fR
-user conversation
-.TP 12n
-\fIedit\fR
-sudoedit
-.TP 12n
-\fIexec\fR
-command execution
-.TP 12n
-\fImain\fR
-\fBsudo\fR
-main function
-.TP 12n
-\fInetif\fR
-network interface handling
-.TP 12n
-\fIpcomm\fR
-communication with the plugin
-.TP 12n
-\fIplugin\fR
-plugin configuration
-.TP 12n
-\fIpty\fR
-pseudo-tty related code
-.TP 12n
-\fIselinux\fR
-SELinux-specific handling
-.TP 12n
-\fIutil\fR
-utility functions
-.TP 12n
-\fIutmp\fR
-utmp handling
+plugin architecture.
.SH "EXIT VALUE"
Upon successful execution of a program, the exit status from
\fIsudo\fR
crashes, you may wish to re-enable core dumps by setting
``disable_coredump''
to false in the
-\fI@sysconfdir@/sudo.conf\fR
+sudo.conf(@mansectform@)
file as follows:
.nf
.sp
.RE
.fi
.PP
-Note that by default, most operating systems disable core dumps
-from setuid programs, which includes
-\fBsudo\fR.
-To actually get a
-\fBsudo\fR
-core file you may need to enable core dumps for setuid processes.
-On BSD and Linux systems this is accomplished via the sysctl command,
-on Solaris the coreadm command can be used.
+See the
+sudo.conf(@mansectform@)
+manual for more information.
.SH "ENVIRONMENT"
\fBsudo\fR
utilizes the following environment variables.
.RE
.fi
.SH "SEE ALSO"
-grep(1),
su(1),
stat(2),
login_cap(3),
passwd(@mansectform@),
+sudo.conf(@mansectform@),
sudoers(@mansectform@),
sudo_plugin(@mansectsu@),
sudoreplay(@mansectsu@),
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013
.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd July 10, 2012
+.Dd March 13, 2013
.Dt SUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Pa @sysconfdir@/sudoers ,
or via LDAP.
See the
-.Sx PLUGINS
+.Sx Plugins
section for more information.
.Pp
The security policy determines what privileges, if any, a user has
environment variable is set, it specifies the path to the helper
program.
Otherwise, if
-.Pa @sysconfdir@/sudo.conf
+.Xr sudo.conf @mansectform@
contains a line specifying the askpass program, that value will be
used.
For example:
When
.Nm sudo
executes a command, the security policy specifies the execution
-envionment for the command.
+environment for the command.
Typically, the real and effective uid and gid are set to
match those of the target user, as specified in the password database,
and the group vector is initialized based on the group database
.Nm sudo
runs a command, it calls
.Xr fork 2 ,
-sets up the execution environment as described above, and calls the
+sets up the execution environment as described above, and calls the
.Xr execve
system call in the child process.
The main
.Nm sudo
process waits until the command has completed, then passes the
-command's exit status to the security policy's close method and exits.
-If an I/O logging plugin is configured, a new pseudo-terminal
+command's exit status to the security policy's close function and exits.
+If an I/O logging plugin is configured or if the security policy
+explicitly requests it, a new pseudo-terminal
.Pq Dq pty
is created and a second
.Nm sudo
Without it, the command would be in what POSIX terms an
.Dq orphaned process group
and it would not receive any job control signals.
+As a special case, if the policy plugin does not define a close
+function and no pty is required,
+.Nm sudo
+will execute the command directly instead of calling
+.Xr fork 2
+first.
.Ss Signal handling
Because the command is run as a child of the
.Nm sudo
command sends
.Dv SIGTERM
to all non-system processes other than itself before rebooting
-the systyem.
+the system.
This prevents
.Nm sudo
from relaying the
family of functions instead of
.Fn system
(which interposes a shell between the command and the calling process).
-.Sh PLUGINS
+.Pp
+If no I/O logging plugins are loaded and the policy plugin has not
+defined a
+.Fn close
+function, set a command timeout or required that the command be
+run in a new pty,
+.Nm sudo
+may execute the command directly instead of running it as a child process.
+.Ss Plugins
Plugins are dynamically loaded based on the contents of the
-.Pa @sysconfdir@/sudo.conf
+.Xr sudo.conf @mansectform@
file.
If no
-.Pa @sysconfdir@/sudo.conf
+.Xr sudo.conf @mansectform@
file is present, or it contains no
.Li Plugin
lines,
.Nm sudo
will use the traditional
.Em sudoers
-security policy and I/O logging, which corresponds to the following
+security policy and I/O logging.
+See the
+.Xr sudo.conf @mansectform@
+manual for details of the
.Pa @sysconfdir@/sudo.conf
-file.
-.Bd -literal
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
-.Ed
-.Pp
-A
-.Li Plugin
-line consists of the
-.Li Plugin
-keyword, followed by the
-.Em symbol_name
-and the
-.Em path
-to the shared object containing the plugin.
-The
-.Em symbol_name
-is the name of the
-.Li struct policy_plugin
-or
-.Li struct io_plugin
-in the plugin shared object.
-The
-.Em path
-may be fully qualified or relative.
-If not fully qualified it is relative to the
-.Pa @prefix@/libexec
-directory.
-Any additional parameters after the
-.Em path
-are passed as arguments to the plugin's
-.Em open
-function.
-Lines that don't begin with
-.Li Plugin ,
-.Li Path ,
-.Li Debug ,
-or
-.Li Set
-are silently ignored.
-.Pp
-For more information, see the
+file and the
.Xr sudo_plugin @mansectsu@
-manual.
-.Sh PATHS
-A
-.Li Path
-line consists of the
-.Li Path
-keyword, followed by the name of the path to set and its value.
-E.g.
-.Bd -literal -offset indent
-Path noexec @noexec_file@
-Path askpass /usr/X11R6/bin/ssh-askpass
-.Ed
-.Pp
-The following plugin-agnostic paths may be set in the
-.Pa @sysconfdir@/sudo.conf
-file:
-.Bl -tag -width 8n
-.It askpass
-The fully qualified path to a helper program used to read the user's
-password when no terminal is available.
-This may be the case when
-.Nm sudo
-is executed from a graphical (as opposed to text-based) application.
-The program specified by
-.Em askpass
-should display the argument passed to it as the prompt and write
-the user's password to the standard output.
-The value of
-.Em askpass
-may be overridden by the
-.Ev SUDO_ASKPASS
-environment variable.
-.It noexec
-The fully-qualified path to a shared library containing dummy
-versions of the
-.Fn execv ,
-.Fn execve
-and
-.Fn fexecve
-library functions that just return an error.
-This is used to implement the
-.Em noexec
-functionality on systems that support
-.Ev LD_PRELOAD
-or its equivalent.
-Defaults to
-.Pa @noexec_file@ .
-.El
-.Sh DEBUG FLAGS
+manual for more information about the
.Nm sudo
-versions 1.8.4 and higher support a flexible debugging framework
-that can help track down what
-.Nm sudo
-is doing internally if there is a problem.
-.Pp
-A
-.Li Debug
-line consists of the
-.Li Debug
-keyword, followed by the name of the program to debug
-.Pq Nm sudo , Nm visudo , Nm sudoreplay ,
-the debug file name and a comma-separated list of debug flags.
-The debug flag syntax used by
-.Nm sudo
-and the
-.Em sudoers
-plugin is
-.Em subsystem Ns No @ Ns Em priority
-but the plugin is free to use a different format so long as it does
-not include a comma
-.Pq Ql \&, .
-.Pp
-For instance:
-.Bd -literal -offset indent
-Debug sudo /var/log/sudo_debug all@warn,plugin@info
-.Ed
-.Pp
-would log all debugging statements at the
-.Em warn
-level and higher in addition to those at the
-.Em info
-level for the plugin subsystem.
-.Pp
-Currently, only one
-.Li Debug
-entry per program is supported.
-The
-.Nm sudo
-.Li Debug
-entry is shared by the
-.Nm sudo
-front end,
-.Nm sudoedit
-and the plugins.
-A future release may add support for per-plugin
-.Li Debug
-lines and/or support for multiple debugging files for a single
-program.
-.Pp
-The priorities used by the
-.Nm sudo
-front end, in order of decreasing severity, are:
-.Em crit , err , warn , notice , diag , info , trace
-and
-.Em debug .
-Each priority, when specified, also includes all priorities higher
-than it.
-For example, a priority of
-.Em notice
-would include debug messages logged at
-.Em notice
-and higher.
-.Pp
-The following subsystems are used by the
-.Nm sudo
-front-end:
-.Bl -tag -width Fl
-.It Em all
-matches every subsystem
-.It Em args
-command line argument processing
-.It Em conv
-user conversation
-.It Em edit
-sudoedit
-.It Em exec
-command execution
-.It Em main
-.Nm sudo
-main function
-.It Em netif
-network interface handling
-.It Em pcomm
-communication with the plugin
-.It Em plugin
-plugin configuration
-.It Em pty
-pseudo-tty related code
-.It Em selinux
-SELinux-specific handling
-.It Em util
-utility functions
-.It Em utmp
-utmp handling
-.El
+plugin architecture.
.Sh EXIT VALUE
Upon successful execution of a program, the exit status from
.Em sudo
crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump
to false in the
-.Pa @sysconfdir@/sudo.conf
+.Xr sudo.conf @mansectform@
file as follows:
.Bd -literal -offset indent
Set disable_coredump false
.Ed
.Pp
-Note that by default, most operating systems disable core dumps
-from setuid programs, which includes
-.Nm sudo .
-To actually get a
-.Nm sudo
-core file you may need to enable core dumps for setuid processes.
-On BSD and Linux systems this is accomplished via the sysctl command,
-on Solaris the coreadm command can be used.
+See the
+.Xr sudo.conf @mansectform@
+manual for more information.
.Sh ENVIRONMENT
.Nm sudo
utilizes the following environment variables.
$ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
.Ed
.Sh SEE ALSO
-.Xr grep 1 ,
.Xr su 1 ,
.Xr stat 2 ,
.Xr login_cap 3 ,
.Xr passwd @mansectform@ ,
+.Xr sudo.conf @mansectform@ ,
.Xr sudoers @mansectform@ ,
.Xr sudo_plugin @mansectsu@ ,
.Xr sudoreplay @mansectsu@ ,
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
Starting with version 1.8, s\bsu\bud\bdo\bo supports a plugin API for policy and
- session logging. By default, the _\bs_\bu_\bd_\bo_\be_\br_\bs policy plugin and an associated
+ session logging. By default, the s\bsu\bud\bdo\boe\ber\brs\bs policy plugin and an associated
I/O logging plugin are used. Via the plugin API, s\bsu\bud\bdo\bo can be configured
to use alternate policy and/or I/O logging plugins provided by third
- parties. The plugins to be used are specified via the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
- file.
+ parties. The plugins to be used are specified in the sudo.conf(4) file.
The API is versioned with a major and minor number. The minor version
number is incremented when additions are made. The major number is
The plugin API is defined by the sudo_plugin.h header file.
- T\bTh\bhe\be s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf f\bfi\bil\ble\be
- The _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file contains plugin configuration directives. The
- primary keyword is the Plugin directive, which causes a plugin to be
- loaded.
-
- A Plugin line consists of the Plugin keyword, followed by the _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
- and the _\bp_\ba_\bt_\bh to the shared object containing the plugin. The _\bs_\by_\bm_\bb_\bo_\bl_\b__\bn_\ba_\bm_\be
- is the name of the struct policy_plugin or struct io_plugin in the plugin
- shared object. The _\bp_\ba_\bt_\bh may be fully qualified or relative. If not
- fully qualified it is relative to the _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory. Any
- additional parameters after the _\bp_\ba_\bt_\bh are passed as options to the
- plugin's o\bop\bpe\ben\bn() function. Lines that don't begin with Plugin, Path,
- Debug or Set are silently ignored.
-
- The same shared object may contain multiple plugins, each with a
- different symbol name. The shared object file must be owned by uid 0 and
- only writable by its owner. Because of ambiguities that arise from
- composite policies, only a single policy plugin may be specified. This
- limitation does not apply to I/O plugins.
-
- #
- # Default /etc/sudo.conf file
- #
- # Format:
- # Plugin plugin_name plugin_path plugin_options ...
- # Path askpass /path/to/askpass
- # Path noexec /path/to/sudo_noexec.so
- # Debug sudo /var/log/sudo_debug all@warn
- # Set disable_coredump true
- #
- # The plugin_path is relative to /usr/local/libexec unless
- # fully qualified.
- # The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface structure.
- # The plugin_options are optional.
- #
- Plugin sudoers_policy sudoers.so
- Plugin sudoers_io sudoers.so
-
P\bPo\bol\bli\bic\bcy\by p\bpl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
A policy plugin must declare and populate a policy_plugin struct in the
global scope. This structure contains pointers to the functions that
implement the s\bsu\bud\bdo\bo policy checks. The name of the symbol should be
- specified in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf along with a path to the plugin so that s\bsu\bud\bdo\bo
+ specified in sudo.conf(4) along with a path to the plugin so that s\bsu\bud\bdo\bo
can load it.
struct policy_plugin {
equal sign (`=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
+ bsdauth_type=string
+ Authentication type, if specified by the -\b-a\ba flag, to
+ use on systems where BSD authentication is supported.
+
+ closefrom=number
+ If specified, the user has requested via the -\b-C\bC flag
+ that s\bsu\bud\bdo\bo close all files descriptors with a value of
+ _\bn_\bu_\bm_\bb_\be_\br or higher. The plugin may optionally pass this,
+ or another value, back in the _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
+
debug_flags=string
A comma-separated list of debug flags that correspond
- to s\bsu\bud\bdo\bo's Debug entry in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf, if there is
- one. The flags are passed to the plugin as they appear
- in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf. The syntax used by s\bsu\bud\bdo\bo and the
- _\bs_\bu_\bd_\bo_\be_\br_\bs plugin is _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by but the plugin is
- free to use a different format so long as it does not
- include a comma (`,').
-
- For reference, the priorities supported by the s\bsu\bud\bdo\bo
- front end and _\bs_\bu_\bd_\bo_\be_\br_\bs are: _\bc_\br_\bi_\bt, _\be_\br_\br, _\bw_\ba_\br_\bn, _\bn_\bo_\bt_\bi_\bc_\be,
- _\bd_\bi_\ba_\bg, _\bi_\bn_\bf_\bo, _\bt_\br_\ba_\bc_\be and _\bd_\be_\bb_\bu_\bg.
-
- The following subsystems are defined: _\bm_\ba_\bi_\bn, _\bm_\be_\bm_\bo_\br_\by,
- _\ba_\br_\bg_\bs, _\be_\bx_\be_\bc, _\bp_\bt_\by, _\bu_\bt_\bm_\bp, _\bc_\bo_\bn_\bv, _\bp_\bc_\bo_\bm_\bm, _\bu_\bt_\bi_\bl, _\bl_\bi_\bs_\bt, _\bn_\be_\bt_\bi_\bf,
- _\ba_\bu_\bd_\bi_\bt, _\be_\bd_\bi_\bt, _\bs_\be_\bl_\bi_\bn_\bu_\bx, _\bl_\bd_\ba_\bp, _\bm_\ba_\bt_\bc_\bh, _\bp_\ba_\br_\bs_\be_\br, _\ba_\bl_\bi_\ba_\bs,
- _\bd_\be_\bf_\ba_\bu_\bl_\bt_\bs, _\ba_\bu_\bt_\bh, _\be_\bn_\bv, _\bl_\bo_\bg_\bg_\bi_\bn_\bg, _\bn_\bs_\bs, _\br_\bb_\bt_\br_\be_\be, _\bp_\be_\br_\bm_\bs,
- _\bp_\bl_\bu_\bg_\bi_\bn. The subsystem _\ba_\bl_\bl includes every subsystem.
-
- There is not currently a way to specify a set of debug
- flags specific to the plugin--the flags are shared by
- s\bsu\bud\bdo\bo and the plugin.
+ to s\bsu\bud\bdo\bo's Debug entry in sudo.conf(4), if there is one.
+ The flags are passed to the plugin as they appear in
+ sudo.conf(4). The syntax used by s\bsu\bud\bdo\bo and the s\bsu\bud\bdo\boe\ber\brs\bs
+ plugin is _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by but the plugin is free to
+ use a different format so long as it does not include a
+ comma (`,'). There is not currently a way to specify a
+ set of debug flags specific to the plugin--the flags
+ are shared by s\bsu\bud\bdo\bo and the plugin.
debug_level=number
This setting has been deprecated in favor of
_\bd_\be_\bb_\bu_\bg_\b__\bf_\bl_\ba_\bg_\bs.
- runas_user=string
- The user name or uid to to run the command as, if
- specified via the -\b-u\bu flag.
+ ignore_ticket=bool
+ Set to true if the user specified the -\b-k\bk flag along
+ with a command, indicating that the user wishes to
+ ignore any cached authentication credentials.
+ _\bi_\bm_\bp_\bl_\bi_\be_\bd_\b__\bs_\bh_\be_\bl_\bl to true. This allows s\bsu\bud\bdo\bo with no
+ arguments to be used similarly to su(1). If the plugin
+ does not to support this usage, it may return a value
+ of -2 from the c\bch\bhe\bec\bck\bk_\b_p\bpo\bol\bli\bic\bcy\by() function, which will
+ cause s\bsu\bud\bdo\bo to print a usage message and exit.
- runas_group=string
- The group name or gid to to run the command as, if
- specified via the -\b-g\bg flag.
+ implied_shell=bool
+ If the user does not specify a program on the command
+ line, s\bsu\bud\bdo\bo will pass the plugin the path to the user's
+ shell and set
- prompt=string
- The prompt to use when requesting a password, if
- specified via the -\b-p\bp flag.
+ login_class=string
+ BSD login class to use when setting resource limits and
+ nice value, if specified by the -\b-c\bc flag.
- set_home=bool
- Set to true if the user specified the -\b-H\bH flag. If
- true, set the HOME environment variable to the target
- user's home directory.
+ login_shell=bool
+ Set to true if the user specified the -\b-i\bi flag,
+ indicating that the user wishes to run a login shell.
+
+ max_groups=int
+ The maximum number of groups a user may belong to.
+ This will only be present if there is a corresponding
+ setting in sudo.conf(4).
+
+ network_addrs=list
+ A space-separated list of IP network addresses and
+ netmasks in the form ``addr/netmask'', e.g.
+ ``192.168.1.2/255.255.255.0''. The address and netmask
+ pairs may be either IPv4 or IPv6, depending on what the
+ operating system supports. If the address contains a
+ colon (`:'), it is an IPv6 address, else it is IPv4.
+
+ noninteractive=bool
+ Set to true if the user specified the -\b-n\bn flag,
+ indicating that s\bsu\bud\bdo\bo should operate in non-interactive
+ mode. The plugin may reject a command run in non-
+ interactive mode if user interaction is required.
+
+ plugin_dir=string
+ The default plugin directory used by the s\bsu\bud\bdo\bo front
+ end. This is the default directory set at compile time
+ and may not correspond to the directory the running
+ plugin was loaded from. It may be used by a plugin to
+ locate support files.
preserve_environment=bool
Set to true if the user specified the -\b-E\bE flag,
indicating that the user wishes to preserve the
environment.
- run_shell=bool
- Set to true if the user specified the -\b-s\bs flag,
- indicating that the user wishes to run a shell.
-
- login_shell=bool
- Set to true if the user specified the -\b-i\bi flag,
- indicating that the user wishes to run a login shell.
-
- implied_shell=bool
- If the user does not specify a program on the command
- line, s\bsu\bud\bdo\bo will pass the plugin the path to the user's
- shell and set _\bi_\bm_\bp_\bl_\bi_\be_\bd_\b__\bs_\bh_\be_\bl_\bl to true. This allows s\bsu\bud\bdo\bo
- with no arguments to be used similarly to su(1). If
- the plugin does not to support this usage, it may
- return a value of -2 from the c\bch\bhe\bec\bck\bk_\b_p\bpo\bol\bli\bic\bcy\by() function,
- which will cause s\bsu\bud\bdo\bo to print a usage message and
- exit.
-
preserve_groups=bool
Set to true if the user specified the -\b-P\bP flag,
indicating that the user wishes to preserve the group
vector instead of setting it based on the runas user.
- ignore_ticket=bool
- Set to true if the user specified the -\b-k\bk flag along
- with a command, indicating that the user wishes to
- ignore any cached authentication credentials.
+ progname=string
+ The command name that sudo was run as, typically
+ ``sudo'' or ``sudoedit''.
- noninteractive=bool
- Set to true if the user specified the -\b-n\bn flag,
- indicating that s\bsu\bud\bdo\bo should operate in non-interactive
- mode. The plugin may reject a command run in non-
- interactive mode if user interaction is required.
+ prompt=string
+ The prompt to use when requesting a password, if
+ specified via the -\b-p\bp flag.
- login_class=string
- BSD login class to use when setting resource limits and
- nice value, if specified by the -\b-c\bc flag.
+ run_shell=bool
+ Set to true if the user specified the -\b-s\bs flag,
+ indicating that the user wishes to run a shell.
+
+ runas_group=string
+ The group name or gid to to run the command as, if
+ specified via the -\b-g\bg flag.
+
+ runas_user=string
+ The user name or uid to to run the command as, if
+ specified via the -\b-u\bu flag.
selinux_role=string
SELinux role to use when executing the command, if
SELinux type to use when executing the command, if
specified by the -\b-t\bt flag.
- bsdauth_type=string
- Authentication type, if specified by the -\b-a\ba flag, to
- use on systems where BSD authentication is supported.
-
- network_addrs=list
- A space-separated list of IP network addresses and
- netmasks in the form ``addr/netmask'', e.g.
- ``192.168.1.2/255.255.255.0''. The address and netmask
- pairs may be either IPv4 or IPv6, depending on what the
- operating system supports. If the address contains a
- colon (`:'), it is an IPv6 address, else it is IPv4.
-
- progname=string
- The command name that sudo was run as, typically
- ``sudo'' or ``sudoedit''.
+ set_home=bool
+ Set to true if the user specified the -\b-H\bH flag. If
+ true, set the HOME environment variable to the target
+ user's home directory.
sudoedit=bool
Set to true when the -\b-e\be flag is is specified or if
support _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt. For more information, see the
_\bc_\bh_\be_\bc_\bk_\b__\bp_\bo_\bl_\bi_\bc_\by section.
- closefrom=number
- If specified, the user has requested via the -\b-C\bC flag
- that s\bsu\bud\bdo\bo close all files descriptors with a value of
- _\bn_\bu_\bm_\bb_\be_\br or higher. The plugin may optionally pass this,
- or another value, back in the _\bc_\bo_\bm_\bm_\ba_\bn_\bd_\b__\bi_\bn_\bf_\bo list.
-
Additional settings may be added in the future so the plugin
should silently ignore settings that it does not recognize.
equal sign (`=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
- pid=int
- The process ID of the running s\bsu\bud\bdo\bo process. Only
- available starting with API version 1.2
-
- ppid=int
- The parent process ID of the running s\bsu\bud\bdo\bo process.
- Only available starting with API version 1.2
-
- sid=int
- The session ID of the running s\bsu\bud\bdo\bo process or 0 if s\bsu\bud\bdo\bo
- is not part of a POSIX job control session. Only
- available starting with API version 1.2
-
- pgid=int
- The ID of the process group that the running s\bsu\bud\bdo\bo
- process belongs to. Only available starting with API
- version 1.2
+ cols=int
+ The number of columns the user's terminal supports. If
+ there is no terminal device available, a default value
+ of 80 is used.
- tcpgid=int
- The ID of the forground process group associated with
- the terminal device associcated with the s\bsu\bud\bdo\bo process
- or -1 if there is no terminal present. Only available
- starting with API version 1.2
+ cwd=string
+ The user's current working directory.
- user=string
- The name of the user invoking s\bsu\bud\bdo\bo.
+ egid=gid_t
+ The effective group ID of the user invoking s\bsu\bud\bdo\bo.
euid=uid_t
The effective user ID of the user invoking s\bsu\bud\bdo\bo.
- uid=uid_t
- The real user ID of the user invoking s\bsu\bud\bdo\bo.
-
- egid=gid_t
- The effective group ID of the user invoking s\bsu\bud\bdo\bo.
-
gid=gid_t
The real group ID of the user invoking s\bsu\bud\bdo\bo.
The user's supplementary group list formatted as a
string of comma-separated group IDs.
- cwd=string
- The user's current working directory.
-
- tty=string
- The path to the user's terminal device. If the user
- has no terminal device associated with the session, the
- value will be empty, as in ``tty=''.
-
host=string
The local machine's hostname as returned by the
gethostname(2) system call.
there is no terminal device available, a default value
of 24 is used.
- cols=int
- The number of columns the user's terminal supports. If
- there is no terminal device available, a default value
- of 80 is used.
+ pgid=int
+ The ID of the process group that the running s\bsu\bud\bdo\bo
+ process is a member of. Only available starting with
+ API version 1.2
+
+ pid=int
+ The process ID of the running s\bsu\bud\bdo\bo process. Only
+ available starting with API version 1.2
+
+ plugin_options
+ Any (non-comment) strings immediately after the plugin
+ path are passed as arguments to the plugin. These
+ arguments are split on a white space boundary and are
+ passed to the plugin in the form of a NULL-terminated
+ array of strings. If no arguments were specified,
+ _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bo_\bp_\bt_\bi_\bo_\bn_\bs will be the NULL pointer.
+
+ NOTE: the _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bo_\bp_\bt_\bi_\bo_\bn_\bs parameter is only available
+ starting with API version 1.2. A plugin m\bmu\bus\bst\bt check the
+ API version specified by the s\bsu\bud\bdo\bo front end before
+ using _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bo_\bp_\bt_\bi_\bo_\bn_\bs. Failure to do so may result in a
+ crash.
+
+ ppid=int
+ The parent process ID of the running s\bsu\bud\bdo\bo process.
+ Only available starting with API version 1.2
+
+ sid=int
+ The session ID of the running s\bsu\bud\bdo\bo process or 0 if s\bsu\bud\bdo\bo
+ is not part of a POSIX job control session. Only
+ available starting with API version 1.2
+
+ tcpgid=int
+ The ID of the foreground process group associated with
+ the terminal device associated with the s\bsu\bud\bdo\bo process or
+ -1 if there is no terminal present. Only available
+ starting with API version 1.2
+
+ tty=string
+ The path to the user's terminal device. If the user
+ has no terminal device associated with the session, the
+ value will be empty, as in ``tty=''.
+
+ uid=uid_t
+ The real user ID of the user invoking s\bsu\bud\bdo\bo.
+
+ user=string
+ The name of the user invoking s\bsu\bud\bdo\bo.
user_env
The user's environment in the form of a NULL-terminated
equal sign (`=') since the _\bn_\ba_\bm_\be field will never include one
itself but the _\bv_\ba_\bl_\bu_\be might.
- plugin_options
- Any (non-comment) strings immediately after the plugin path
- are treated as arguments to the plugin. These arguments are
- split on a white space boundary and are passed to the plugin
- in the form of a NULL-terminated array of strings. If no
- arguments were specified, _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bo_\bp_\bt_\bi_\bo_\bn_\bs will be the NULL
- pointer.
-
- NOTE: the _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bo_\bp_\bt_\bi_\bo_\bn_\bs parameter is only available starting
- with API version 1.2. A plugin m\bmu\bus\bst\bt check the API version
- specified by the s\bsu\bud\bdo\bo front end before using _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bo_\bp_\bt_\bi_\bo_\bn_\bs.
- Failure to do so may result in a crash.
-
close
void (*close)(int exit_status, int error);
c\bco\bon\bnv\bve\ber\brs\bsa\bat\bti\bio\bon\bn() or p\bpl\blu\bug\bgi\bin\bn_\b_p\bpr\bri\bin\bnt\btf\bf() function. If the command
was successfully executed, the value of error is 0.
+ If no c\bcl\blo\bos\bse\be() function is defined, no I/O logging plugins are
+ loaded, and neither the _\bt_\bi_\bm_\be_\bo_\bu_\bt not _\bu_\bs_\be_\b__\bp_\bt_\by options are set in the
+ command_info list, the s\bsu\bud\bdo\bo front end may execute the command
+ directly instead of running it as a child process.
+
show_version
int (*show_version)(int verbose);
must be terminated with a NULL pointer. The following values
are recognized by s\bsu\bud\bdo\bo:
- command=string
- Fully qualified path to the command to be executed.
-
- runas_uid=uid
- User ID to run the command as.
-
- runas_euid=uid
- Effective user ID to run the command as. If not
- specified, the value of _\br_\bu_\bn_\ba_\bs_\b__\bu_\bi_\bd is used.
-
- runas_gid=gid
- Group ID to run the command as.
-
- runas_egid=gid
- Effective group ID to run the command as. If not
- specified, the value of _\br_\bu_\bn_\ba_\bs_\b__\bg_\bi_\bd is used.
-
- runas_groups=list
- The supplementary group vector to use for the command
- in the form of a comma-separated list of group IDs. If
- _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, this option is ignored.
+ chroot=string
+ The root directory to use when running the command.
- login_class=string
- BSD login class to use when setting resource limits and
- nice value (optional). This option is only set on
- systems that support login classes.
+ closefrom=number
+ If specified, s\bsu\bud\bdo\bo will close all files descriptors
+ with a value of _\bn_\bu_\bm_\bb_\be_\br or higher.
- preserve_groups=bool
- If set, s\bsu\bud\bdo\bo will preserve the user's group vector
- instead of initializing the group vector based on
- runas_user.
+ command=string
+ Fully qualified path to the command to be executed.
cwd=string
The current working directory to change to when
executing the command.
- noexec=bool
- If set, prevent the command from executing other
- programs.
-
- chroot=string
- The root directory to use when running the command.
-
- nice=int
- Nice value (priority) to use when executing the
- command. The nice value, if specified, overrides the
- priority associated with the _\bl_\bo_\bg_\bi_\bn_\b__\bc_\bl_\ba_\bs_\bs on BSD
- systems.
-
- umask=octal
- The file creation mask to use when executing the
- command.
-
- selinux_role=string
- SELinux role to use when executing the command.
-
- selinux_type=string
- SELinux type to use when executing the command.
-
- timeout=int
- Command timeout. If non-zero then when the timeout
- expires the command will be killed.
-
- sudoedit=bool
- Set to true when in _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt mode. The plugin may
- enable _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt mode even if s\bsu\bud\bdo\bo was not invoked as
- s\bsu\bud\bdo\boe\bed\bdi\bit\bt. This allows the plugin to perform command
- substitution and transparently enable _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt when the
- user attempts to run an editor.
-
- closefrom=number
- If specified, s\bsu\bud\bdo\bo will close all files descriptors
- with a value of _\bn_\bu_\bm_\bb_\be_\br or higher.
+ exec_background=bool
+ By default, s\bsu\bud\bdo\bo runs a command as the foreground
+ process as long as s\bsu\bud\bdo\bo itself is running in the
+ foreground. When _\be_\bx_\be_\bc_\b__\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd is enabled and the
+ command is being run in a pty (due to I/O logging or
+ the _\bu_\bs_\be_\b__\bp_\bt_\by setting), the command will be run as a
+ background process. Attempts to read from the
+ controlling terminal (or to change terminal settings)
+ will result in the command being suspended with the
+ SIGTTIN signal (or SIGTTOU in the case of terminal
+ settings). If this happens when s\bsu\bud\bdo\bo is a foreground
+ process, the command will be granted the controlling
+ terminal and resumed in the foreground with no user
+ intervention required. The advantage of initially
+ running the command in the background is that s\bsu\bud\bdo\bo need
+ not read from the terminal unless the command
+ explicitly requests it. Otherwise, any terminal input
+ must be passed to the command, whether it has required
+ it or not (the kernel buffers terminals so it is not
+ possible to tell whether the command really wants the
+ input). This is different from historic _\bs_\bu_\bd_\bo behavior
+ or when the command is not being run in a pty.
+
+ For this to work seamlessly, the operating system must
+ support the automatic restarting of system calls.
+ Unfortunately, not all operating systems do this by
+ default, and even those that do may have bugs. For
+ example, Mac OS X fails to restart the t\btc\bcg\bge\bet\bta\bat\btt\btr\br() and
+ t\btc\bcs\bse\bet\bta\bat\btt\btr\br() system calls (this is a bug in Mac OS X).
+ Furthermore, because this behavior depends on the
+ command stopping with the SIGTTIN or SIGTTOU signals,
+ programs that catch these signals and suspend
+ themselves with a different signal (usually SIGTOP)
+ will not be automatically foregrounded. Some versions
+ of the linux su(1) command behave this way. Because of
+ this, a plugin should not set _\be_\bx_\be_\bc_\b__\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd unless it
+ is explicitly enabled by the administrator and there
+ should be a way to enabled or disable it on a per-
+ command basis.
+
+ This setting has no effect unless I/O logging is
+ enabled or _\bu_\bs_\be_\b__\bp_\bt_\by is enabled.
iolog_compress=bool
Set to true if the I/O logging plugins, if any, should
hint to the I/O logging plugin which may choose to
ignore it.
- use_pty=bool
- Allocate a pseudo-tty to run the command in, regardless
- of whether or not I/O logging is in use. By default,
- s\bsu\bud\bdo\bo will only run the command in a pty when an I/O log
- plugin is loaded.
+ login_class=string
+ BSD login class to use when setting resource limits and
+ nice value (optional). This option is only set on
+ systems that support login classes.
+
+ nice=int
+ Nice value (priority) to use when executing the
+ command. The nice value, if specified, overrides the
+ priority associated with the _\bl_\bo_\bg_\bi_\bn_\b__\bc_\bl_\ba_\bs_\bs on BSD
+ systems.
+
+ noexec=bool
+ If set, prevent the command from executing other
+ programs.
+
+ preserve_groups=bool
+ If set, s\bsu\bud\bdo\bo will preserve the user's group vector
+ instead of initializing the group vector based on
+ runas_user.
+
+ runas_egid=gid
+ Effective group ID to run the command as. If not
+ specified, the value of _\br_\bu_\bn_\ba_\bs_\b__\bg_\bi_\bd is used.
+
+ runas_euid=uid
+ Effective user ID to run the command as. If not
+ specified, the value of _\br_\bu_\bn_\ba_\bs_\b__\bu_\bi_\bd is used.
+
+ runas_gid=gid
+ Group ID to run the command as.
+
+ runas_groups=list
+ The supplementary group vector to use for the command
+ in the form of a comma-separated list of group IDs. If
+ _\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, this option is ignored.
+
+ runas_uid=uid
+ User ID to run the command as.
+
+ selinux_role=string
+ SELinux role to use when executing the command.
+
+ selinux_type=string
+ SELinux type to use when executing the command.
set_utmp=bool
Create a utmp (or utmpx) entry when a pseudo-tty is
the user's existing utmp entry (if any), with the tty,
time, type and pid fields updated.
+ sudoedit=bool
+ Set to true when in _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt mode. The plugin may
+ enable _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt mode even if s\bsu\bud\bdo\bo was not invoked as
+ s\bsu\bud\bdo\boe\bed\bdi\bit\bt. This allows the plugin to perform command
+ substitution and transparently enable _\bs_\bu_\bd_\bo_\be_\bd_\bi_\bt when the
+ user attempts to run an editor.
+
+ timeout=int
+ Command timeout. If non-zero then when the timeout
+ expires the command will be killed.
+
+ umask=octal
+ The file creation mask to use when executing the
+ command.
+
+ use_pty=bool
+ Allocate a pseudo-tty to run the command in, regardless
+ of whether or not I/O logging is in use. By default,
+ s\bsu\bud\bdo\bo will only run the command in a pty when an I/O log
+ plugin is loaded.
+
utmp_user=string
User name to use when constructing a new utmp (or
utmpx) entry when _\bs_\be_\bt_\b__\bu_\bt_\bm_\bp is enabled. This option can
int (*validate)(void);
The v\bva\bal\bli\bid\bda\bat\bte\be() function is called when s\bsu\bud\bdo\bo is run with the -\b-v\bv
- flag. For policy plugins such as _\bs_\bu_\bd_\bo_\be_\br_\bs that cache authentication
+ flag. For policy plugins such as s\bsu\bud\bdo\boe\ber\brs\bs that cache authentication
credentials, this function will validate and cache the credentials.
The v\bva\bal\bli\bid\bda\bat\bte\be() function should be NULL if the plugin does not
void (*invalidate)(int remove);
The i\bin\bnv\bva\bal\bli\bid\bda\bat\bte\be() function is called when s\bsu\bud\bdo\bo is called with the -\b-k\bk
- or -\b-K\bK flag. For policy plugins such as _\bs_\bu_\bd_\bo_\be_\br_\bs that cache
+ or -\b-K\bK flag. For policy plugins such as s\bsu\bud\bdo\boe\ber\brs\bs that cache
authentication credentials, this function will invalidate the
credentials. If the _\br_\be_\bm_\bo_\bv_\be flag is set, the plugin may remove the
credentials instead of simply invalidating them.
#define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
- int (*open)(unsigned int version, sudo_conv_t conversation
+ int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
- char * const user_info[], int argc, char * const argv[],
- char * const user_env[], char * const plugin_options[]);
+ char * const user_info[], char * const command_info[],
+ int argc, char * const argv[], char * const user_env[],
+ char * const plugin_options[]);
void (*close)(int exit_status, int error); /* wait status or error */
int (*show_version)(int verbose);
int (*log_ttyin)(const char *buf, unsigned int len);
against.
open
- int (*open)(unsigned int version, sudo_conv_t conversation
+ int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
char * const user_env[], char * const plugin_options[]);
Same as for the _\bP_\bo_\bl_\bi_\bc_\by _\bp_\bl_\bu_\bg_\bi_\bn _\bA_\bP_\bI.
+ S\bSi\big\bgn\bna\bal\bl h\bha\ban\bnd\bdl\ble\ber\brs\bs
+ The s\bsu\bud\bdo\bo front end installs default signal handlers to trap common
+ signals while the plugin functions are run. The following signals are
+ trapped by default before the command is executed:
+
+ o\bo SIGALRM
+ o\bo SIGHUP
+ o\bo SIGINT
+ o\bo SIGQUIT
+ o\bo SIGTERM
+ o\bo SIGTSTP
+ o\bo SIGUSR1
+ o\bo SIGUSR2
+
+ If a fatal signal is received before the command is executed, s\bsu\bud\bdo\bo will
+ call the plugin's c\bcl\blo\bos\bse\be() function with an exit status of 128 plus the
+ value of the signal that was received. This allows for consistent
+ logging of commands killed by a signal for plugins that log such
+ information in their c\bcl\blo\bos\bse\be() function.
+
+ A plugin may temporarily install its own signal handlers but must restore
+ the original handler before the plugin function returns.
+
H\bHo\boo\bok\bk f\bfu\bun\bnc\bct\bti\bio\bon\bn A\bAP\bPI\bI
Beginning with plugin API version 1.2, it is possible to install hooks
for certain functions called by the s\bsu\bud\bdo\bo front end.
Unlike, SUDO_CONV_INFO_MSG and Dv SUDO_CONV_ERROR_MSG , messages sent
with the SUDO_CONV_DEBUG_MSG _\bm_\bs_\bg_\b__\bt_\by_\bp_\be are not directly user-visible.
Instead, they are logged to the file specified in the Debug statement (if
- any) in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
-
- file. This allows a plugin to log debugging information and is intended
- to be used in conjunction with the _\bd_\be_\bb_\bu_\bg_\b__\bf_\bl_\ba_\bg_\bs setting.
+ any) in the sudo.conf(4). file. This allows a plugin to log debugging
+ information and is intended to be used in conjunction with the
+ _\bd_\be_\bb_\bu_\bg_\b__\bf_\bl_\ba_\bg_\bs setting.
See the sample plugin for an example of the c\bco\bon\bnv\bve\ber\brs\bsa\bat\bti\bio\bon\bn() function
usage.
S\bSu\bud\bdo\boe\ber\brs\bs g\bgr\bro\bou\bup\bp p\bpl\blu\bug\bgi\bin\bn A\bAP\bPI\bI
- The _\bs_\bu_\bd_\bo_\be_\br_\bs module supports a plugin interface to allow non-Unix group
- lookups. This can be used to query a group source other than the
- standard Unix group database. A sample group plugin is bundled with s\bsu\bud\bdo\bo
- that implements file-based lookups. Third party group plugins include a
- QAS AD plugin available from Quest Software.
+ The s\bsu\bud\bdo\boe\ber\brs\bs plugin supports its own plugin interface to allow non-Unix
+ group lookups. This can be used to query a group source other than the
+ standard Unix group database. Two sample group plugins are bundled with
+ s\bsu\bud\bdo\bo, _\bg_\br_\bo_\bu_\bp_\b__\bf_\bi_\bl_\be and _\bs_\by_\bs_\bt_\be_\bm_\b__\bg_\br_\bo_\bu_\bp, are detailed in sudoers(4). Third
+ party group plugins include a QAS AD plugin available from Quest
+ Software.
A group plugin must declare and populate a sudoers_group_plugin struct in
the global scope. This structure contains pointers to the functions that
version
The version field should be set to GROUP_API_VERSION.
- This allows _\bs_\bu_\bd_\bo_\be_\br_\bs to determine the API version the group plugin
+ This allows s\bsu\bud\bdo\boe\ber\brs\bs to determine the API version the group plugin
was built against.
init
The function arguments are as follows:
version
- The version passed in by _\bs_\bu_\bd_\bo_\be_\br_\bs allows the plugin to
+ The version passed in by s\bsu\bud\bdo\boe\ber\brs\bs allows the plugin to
determine the major and minor version number of the group
- plugin API supported by _\bs_\bu_\bd_\bo_\be_\br_\bs.
+ plugin API supported by s\bsu\bud\bdo\boe\ber\brs\bs.
plugin_printf
A pointer to a p\bpr\bri\bin\bnt\btf\bf()-style function that may be used to
cleanup
void (*cleanup)();
- The c\bcl\ble\bea\ban\bnu\bup\bp() function is called when _\bs_\bu_\bd_\bo_\be_\br_\bs has finished its
+ The c\bcl\ble\bea\ban\bnu\bup\bp() function is called when s\bsu\bud\bdo\boe\ber\brs\bs has finished its
group checks. The plugin should free any memory it has allocated
and close open file handles.
Version 1.0
Initial API version.
- Version 1.1
+ Version 1.1 (sudo 1.8.0)
The I/O logging plugin's o\bop\bpe\ben\bn() function was modified to take the
command_info list as an argument.
- Version 1.2
+ Version 1.2 (sudo 1.8.5)
The Policy and I/O logging plugins' o\bop\bpe\ben\bn() functions are now passed
- a list of plugin options if any are specified in _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf.
+ a list of plugin parameters if any are specified in sudo.conf(4).
A simple hooks API has been introduced to allow plugins to hook in
to the system's environment handling functions.
used to merge in environment variables stored in the PAM handle
before a command is run.
+ Version 1.3 (sudo 1.8.7)
+ Support for the _\be_\bx_\be_\bc_\b__\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd entry has been added to the
+ command_info list.
+
+ The _\bm_\ba_\bx_\b__\bg_\br_\bo_\bu_\bp_\bs and _\bp_\bl_\bu_\bg_\bi_\bn_\b__\bd_\bi_\br entries were added to the settings
+ list.
+
+ The v\bve\ber\brs\bsi\bio\bon\bn() and c\bcl\blo\bos\bse\be() functions are now optional. Previously,
+ a missing v\bve\ber\brs\bsi\bio\bon\bn() or c\bcl\blo\bos\bse\be() function would result in a crash.
+ If no policy plugin c\bcl\blo\bos\bse\be() function is defined, a default c\bcl\blo\bos\bse\be()
+ function will be provided by the s\bsu\bud\bdo\bo front end that displays a
+ warning if the command could not be executed.
+
+ The s\bsu\bud\bdo\bo front end now installs default signal handlers to trap
+ common signals while the plugin functions are run.
+
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- sudoers(4), sudo(1m)
+ sudo.conf(4), sudoers(4), sudo(1m)
B\bBU\bUG\bGS\bS
If you feel you have found a bug in s\bsu\bud\bdo\bo, please submit a bug report at
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 16, 2012 Sudo 1.8.6
+Sudo 1.8.7 March 5, 2013 Sudo 1.8.7
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudo_plugin.mdoc.in
.\"
-.\" Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDO_PLUGIN" "5" "July 16, 2012" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
+.TH "SUDO_PLUGIN" "5" "March 5, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
supports a plugin API
for policy and session logging.
By default, the
-\fIsudoers\fR
+\fBsudoers\fR
policy plugin and an associated I/O logging plugin are used.
Via the plugin API,
\fBsudo\fR
can be configured to use alternate policy and/or I/O logging plugins
provided by third parties.
-The plugins to be used are specified via the
-\fI@sysconfdir@/sudo.conf\fR
+The plugins to be used are specified in the
+sudo.conf(@mansectform@)
file.
.PP
The API is versioned with a major and minor number.
The plugin API is defined by the
\fRsudo_plugin.h\fR
header file.
-.SS "The sudo.conf file"
-The
-\fI@sysconfdir@/sudo.conf\fR
-file contains plugin configuration directives.
-The primary keyword is the
-\fRPlugin\fR
-directive, which causes a plugin to be loaded.
-.PP
-A
-\fRPlugin\fR
-line consists of the
-\fRPlugin\fR
-keyword, followed by the
-\fIsymbol_name\fR
-and the
-\fIpath\fR
-to the shared object containing the plugin.
-The
-\fIsymbol_name\fR
-is the name of the
-\fRstruct policy_plugin\fR
-or
-\fRstruct io_plugin\fR
-in the plugin shared object.
-The
-\fIpath\fR
-may be fully qualified or relative.
-If not fully qualified it is relative to the
-\fI@prefix@/libexec\fR
-directory.
-Any additional parameters after the
-\fIpath\fR
-are passed as options to the plugin's
-\fBopen\fR()
-function.
-Lines that don't begin with
-\fRPlugin\fR,
-\fRPath\fR,
-\fRDebug\fR
-or
-\fRSet\fR
-are silently ignored.
-.PP
-The same shared object may contain multiple plugins, each with a
-different symbol name.
-The shared object file must be owned by uid 0 and only writable by its owner.
-Because of ambiguities that arise from composite policies, only a single
-policy plugin may be specified.
-This limitation does not apply to I/O plugins.
-.nf
-.sp
-.RS 0n
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-.RE
-.fi
.SS "Policy plugin API"
A policy plugin must declare and populate a
\fRpolicy_plugin\fR
\fBsudo\fR
policy checks.
The name of the symbol should be specified in
-\fI@sysconfdir@/sudo.conf\fR
+sudo.conf(@mansectform@)
along with a path to the plugin so that
\fBsudo\fR
can load it.
might.
.RS
.TP 6n
+bsdauth_type=string
+Authentication type, if specified by the
+\fB\-a\fR
+flag, to use on
+systems where BSD authentication is supported.
+.TP 6n
+closefrom=number
+If specified, the user has requested via the
+\fB\-C\fR
+flag that
+\fBsudo\fR
+close all files descriptors with a value of
+\fInumber\fR
+or higher.
+The plugin may optionally pass this, or another value, back in the
+\fIcommand_info\fR
+list.
+.TP 6n
debug_flags=string
A comma-separated list of debug flags that correspond to
\fBsudo\fR's
\fRDebug\fR
entry in
-\fI@sysconfdir@/sudo.conf\fR,
+sudo.conf(@mansectform@),
if there is one.
The flags are passed to the plugin as they appear in
-\fI@sysconfdir@/sudo.conf\fR.
+sudo.conf(@mansectform@).
The syntax used by
\fBsudo\fR
and the
-\fIsudoers\fR
+\fBsudoers\fR
plugin is
\fIsubsystem\fR@\fIpriority\fR
but the plugin is free to use a different
format so long as it does not include a comma
(`,\&').
-.sp
-For reference, the priorities supported by the
-\fBsudo\fR
-front end and
-\fIsudoers\fR
-are:
-\fIcrit\fR,
-\fIerr\fR,
-\fIwarn\fR,
-\fInotice\fR,
-\fIdiag\fR,
-\fIinfo\fR,
-\fItrace\fR
-and
-\fIdebug\fR.
-.sp
-The following subsystems are defined:
-\fImain\fR,
-\fImemory\fR,
-\fIargs\fR,
-\fIexec\fR,
-\fIpty\fR,
-\fIutmp\fR,
-\fIconv\fR,
-\fIpcomm\fR,
-\fIutil\fR,
-\fIlist\fR,
-\fInetif\fR,
-\fIaudit\fR,
-\fIedit\fR,
-\fIselinux\fR,
-\fIldap\fR,
-\fImatch\fR,
-\fIparser\fR,
-\fIalias\fR,
-\fIdefaults\fR,
-\fIauth\fR,
-\fIenv\fR,
-\fIlogging\fR,
-\fInss\fR,
-\fIrbtree\fR,
-\fIperms\fR,
-\fIplugin\fR.
-The subsystem
-\fIall\fR
-includes every subsystem.
-.sp
There is not currently a way to specify a set of debug flags specific
to the plugin--the flags are shared by
\fBsudo\fR
This setting has been deprecated in favor of
\fIdebug_flags\fR.
.TP 6n
-runas_user=string
-The user name or uid to to run the command as, if specified via the
-\fB\-u\fR
-flag.
-.TP 6n
-runas_group=string
-The group name or gid to to run the command as, if specified via
-the
-\fB\-g\fR
-flag.
-.TP 6n
-prompt=string
-The prompt to use when requesting a password, if specified via
-the
-\fB\-p\fR
-flag.
-.TP 6n
-set_home=bool
-Set to true if the user specified the
-\fB\-H\fR
-flag.
-If true, set the
-\fRHOME\fR
-environment variable to the target user's home directory.
-.TP 6n
-preserve_environment=bool
-Set to true if the user specified the
-\fB\-E\fR
-flag, indicating that
-the user wishes to preserve the environment.
-.TP 6n
-run_shell=bool
-Set to true if the user specified the
-\fB\-s\fR
-flag, indicating that
-the user wishes to run a shell.
-.TP 6n
-login_shell=bool
+ignore_ticket=bool
Set to true if the user specified the
-\fB\-i\fR
-flag, indicating that
-the user wishes to run a login shell.
-.TP 6n
-implied_shell=bool
-If the user does not specify a program on the command line,
-\fBsudo\fR
-will pass the plugin the path to the user's shell and set
+\fB\-k\fR
+flag along with a
+command, indicating that the user wishes to ignore any cached
+authentication credentials.
\fIimplied_shell\fR
to true.
This allows
to print a usage message and
exit.
.TP 6n
-preserve_groups=bool
-Set to true if the user specified the
-\fB\-P\fR
-flag, indicating that
-the user wishes to preserve the group vector instead of setting it
-based on the runas user.
-.TP 6n
-ignore_ticket=bool
-Set to true if the user specified the
-\fB\-k\fR
-flag along with a
-command, indicating that the user wishes to ignore any cached
-authentication credentials.
-.TP 6n
-noninteractive=bool
-Set to true if the user specified the
-\fB\-n\fR
-flag, indicating that
+implied_shell=bool
+If the user does not specify a program on the command line,
\fBsudo\fR
-should operate in non-interactive mode.
-The plugin may reject a command run in non-interactive mode if user
-interaction is required.
+will pass the plugin the path to the user's shell and set
.TP 6n
login_class=string
BSD login class to use when setting resource limits and nice value,
\fB\-c\fR
flag.
.TP 6n
-selinux_role=string
-SELinux role to use when executing the command, if specified by
-the
-\fB\-r\fR
-flag.
-.TP 6n
-selinux_type=string
-SELinux type to use when executing the command, if specified by
-the
-\fB\-t\fR
-flag.
+login_shell=bool
+Set to true if the user specified the
+\fB\-i\fR
+flag, indicating that
+the user wishes to run a login shell.
.TP 6n
-bsdauth_type=string
-Authentication type, if specified by the
-\fB\-a\fR
-flag, to use on
-systems where BSD authentication is supported.
+max_groups=int
+The maximum number of groups a user may belong to.
+This will only be present if there is a corresponding setting in
+sudo.conf(@mansectform@).
.TP 6n
network_addrs=list
A space-separated list of IP network addresses and netmasks in the
(`:\&'),
it is an IPv6 address, else it is IPv4.
.TP 6n
+noninteractive=bool
+Set to true if the user specified the
+\fB\-n\fR
+flag, indicating that
+\fBsudo\fR
+should operate in non-interactive mode.
+The plugin may reject a command run in non-interactive mode if user
+interaction is required.
+.TP 6n
+plugin_dir=string
+The default plugin directory used by the
+\fBsudo\fR
+front end.
+This is the default directory set at compile time and may not
+correspond to the directory the running plugin was loaded from.
+It may be used by a plugin to locate support files.
+.TP 6n
+preserve_environment=bool
+Set to true if the user specified the
+\fB\-E\fR
+flag, indicating that
+the user wishes to preserve the environment.
+.TP 6n
+preserve_groups=bool
+Set to true if the user specified the
+\fB\-P\fR
+flag, indicating that
+the user wishes to preserve the group vector instead of setting it
+based on the runas user.
+.TP 6n
progname=string
The command name that sudo was run as, typically
``sudo''
or
``sudoedit''.
.TP 6n
+prompt=string
+The prompt to use when requesting a password, if specified via
+the
+\fB\-p\fR
+flag.
+.TP 6n
+run_shell=bool
+Set to true if the user specified the
+\fB\-s\fR
+flag, indicating that
+the user wishes to run a shell.
+.TP 6n
+runas_group=string
+The group name or gid to to run the command as, if specified via
+the
+\fB\-g\fR
+flag.
+.TP 6n
+runas_user=string
+The user name or uid to to run the command as, if specified via the
+\fB\-u\fR
+flag.
+.TP 6n
+selinux_role=string
+SELinux role to use when executing the command, if specified by
+the
+\fB\-r\fR
+flag.
+.TP 6n
+selinux_type=string
+SELinux type to use when executing the command, if specified by
+the
+\fB\-t\fR
+flag.
+.TP 6n
+set_home=bool
+Set to true if the user specified the
+\fB\-H\fR
+flag.
+If true, set the
+\fRHOME\fR
+environment variable to the target user's home directory.
+.TP 6n
sudoedit=bool
Set to true when the
\fB\-e\fR
For more information, see the
\fIcheck_policy\fR
section.
-.TP 6n
-closefrom=number
-If specified, the user has requested via the
-\fB\-C\fR
-flag that
-\fBsudo\fR
-close all files descriptors with a value of
-\fInumber\fR
-or higher.
-The plugin may optionally pass this, or another value, back in the
-\fIcommand_info\fR
-list.
.PP
Additional settings may be added in the future so the plugin should
silently ignore settings that it does not recognize.
.RS
.PD
.TP 6n
+cols=int
+The number of columns the user's terminal supports.
+If there is no terminal device available, a default value of 80 is used.
+.TP 6n
+cwd=string
+The user's current working directory.
+.TP 6n
+egid=gid_t
+The effective group ID of the user invoking
+\fBsudo\fR.
+.TP 6n
+euid=uid_t
+The effective user ID of the user invoking
+\fBsudo\fR.
+.TP 6n
+gid=gid_t
+The real group ID of the user invoking
+\fBsudo\fR.
+.TP 6n
+groups=list
+The user's supplementary group list formatted as a string of
+comma-separated group IDs.
+.TP 6n
+host=string
+The local machine's hostname as returned by the
+gethostname(2)
+system call.
+.TP 6n
+lines=int
+The number of lines the user's terminal supports.
+If there is
+no terminal device available, a default value of 24 is used.
+.TP 6n
+pgid=int
+The ID of the process group that the running
+\fBsudo\fR
+process is a member of.
+Only available starting with API version 1.2
+.TP 6n
pid=int
The process ID of the running
\fBsudo\fR
process.
Only available starting with API version 1.2
.TP 6n
+plugin_options
+Any (non-comment) strings immediately after the plugin path are
+passed as arguments to the plugin.
+These arguments are split on a white space boundary and are passed to
+the plugin in the form of a
+\fRNULL\fR-terminated
+array of strings.
+If no arguments were
+specified,
+\fIplugin_options\fR
+will be the
+\fRNULL\fR
+pointer.
+.sp
+NOTE: the
+\fIplugin_options\fR
+parameter is only available starting with
+API version 1.2.
+A plugin
+\fBmust\fR
+check the API version specified
+by the
+\fBsudo\fR
+front end before using
+\fIplugin_options\fR.
+Failure to do so may result in a crash.
+.TP 6n
ppid=int
The parent process ID of the running
\fBsudo\fR
\fBsudo\fR
process or 0 if
\fBsudo\fR
-is
-not part of a POSIX job control session.
-Only available starting with API version 1.2
-.TP 6n
-pgid=int
-The ID of the process group that the running
-\fBsudo\fR
-process belongs
-to.
+is not part of a POSIX job control session.
Only available starting with API version 1.2
.TP 6n
tcpgid=int
-The ID of the forground process group associated with the terminal
-device associcated with the
+The ID of the foreground process group associated with the terminal
+device associated with the
\fBsudo\fR
process or \-1 if there is no
terminal present.
Only available starting with API version 1.2
.TP 6n
-user=string
-The name of the user invoking
-\fBsudo\fR.
-.TP 6n
-euid=uid_t
-The effective user ID of the user invoking
-\fBsudo\fR.
-.TP 6n
-uid=uid_t
-The real user ID of the user invoking
-\fBsudo\fR.
-.TP 6n
-egid=gid_t
-The effective group ID of the user invoking
-\fBsudo\fR.
-.TP 6n
-gid=gid_t
-The real group ID of the user invoking
-\fBsudo\fR.
-.TP 6n
-groups=list
-The user's supplementary group list formatted as a string of
-comma-separated group IDs.
-.TP 6n
-cwd=string
-The user's current working directory.
-.TP 6n
tty=string
The path to the user's terminal device.
If the user has no terminal device associated with the session,
the value will be empty, as in
``\fRtty=\fR''.
.TP 6n
-host=string
-The local machine's hostname as returned by the
-gethostname(2)
-system call.
-.TP 6n
-lines=int
-The number of lines the user's terminal supports.
-If there is
-no terminal device available, a default value of 24 is used.
+uid=uid_t
+The real user ID of the user invoking
+\fBsudo\fR.
.TP 6n
-cols=int
-The number of columns the user's terminal supports.
-If there is no terminal device available, a default value of 80 is used.
+user=string
+The name of the user invoking
+\fBsudo\fR.
.PP
.RE
.PD 0
\fIvalue\fR
might.
.PD
-.TP 6n
-plugin_options
-Any (non-comment) strings immediately after the plugin path are
-treated as arguments to the plugin.
-These arguments are split on a white space boundary and are passed to
-the plugin in the form of a
-\fRNULL\fR-terminated
-array of strings.
-If no arguments were
-specified,
-\fIplugin_options\fR
-will be the
-\fRNULL\fR
-pointer.
-.sp
-NOTE: the
-\fIplugin_options\fR
-parameter is only available starting with
-API version 1.2.
-A plugin
-\fBmust\fR
-check the API version specified
-by the
-\fBsudo\fR
-front end before using
-\fIplugin_options\fR.
-Failure to do so may result in a crash.
.PP
.RE
.PD 0
\fRerror\fR
is 0.
.PP
+If no
+\fBclose\fR()
+function is defined, no I/O logging plugins are loaded,
+and neither the
+\fItimeout\fR
+not
+\fIuse_pty\fR
+options are set in the
+\fRcommand_info\fR
+list, the
+\fBsudo\fR
+front end may execute the command directly instead of running
+it as a child process.
+.PP
.RE
.PD 0
.TP 6n
\fBsudo\fR:
.RS
.TP 6n
-command=string
-Fully qualified path to the command to be executed.
-.TP 6n
-runas_uid=uid
-User ID to run the command as.
-.TP 6n
-runas_euid=uid
-Effective user ID to run the command as.
-If not specified, the value of
-\fIrunas_uid\fR
-is used.
-.TP 6n
-runas_gid=gid
-Group ID to run the command as.
-.TP 6n
-runas_egid=gid
-Effective group ID to run the command as.
-If not specified, the value of
-\fIrunas_gid\fR
-is used.
-.TP 6n
-runas_groups=list
-The supplementary group vector to use for the command in the form
-of a comma-separated list of group IDs.
-If
-\fIpreserve_groups\fR
-is set, this option is ignored.
-.TP 6n
-login_class=string
-BSD login class to use when setting resource limits and nice value
-(optional).
-This option is only set on systems that support login classes.
-.TP 6n
-preserve_groups=bool
-If set,
-\fBsudo\fR
-will preserve the user's group vector instead of
-initializing the group vector based on
-\fRrunas_user\fR.
-.TP 6n
-cwd=string
-The current working directory to change to when executing the command.
-.TP 6n
-noexec=bool
-If set, prevent the command from executing other programs.
-.TP 6n
chroot=string
The root directory to use when running the command.
.TP 6n
-nice=int
-Nice value (priority) to use when executing the command.
-The nice value, if specified, overrides the priority associated with the
-\fIlogin_class\fR
-on BSD systems.
-.TP 6n
-umask=octal
-The file creation mask to use when executing the command.
-.TP 6n
-selinux_role=string
-SELinux role to use when executing the command.
-.TP 6n
-selinux_type=string
-SELinux type to use when executing the command.
-.TP 6n
-timeout=int
-Command timeout.
-If non-zero then when the timeout expires the command will be killed.
-.TP 6n
-sudoedit=bool
-Set to true when in
-\fIsudoedit\fR
-mode.
-The plugin may enable
-\fIsudoedit\fR
-mode even if
-\fBsudo\fR
-was not invoked as
-\fBsudoedit\fR.
-This allows the plugin to perform command substitution and transparently
-enable
-\fIsudoedit\fR
-when the user attempts to run an editor.
-.TP 6n
closefrom=number
If specified,
\fBsudo\fR
\fInumber\fR
or higher.
.TP 6n
+command=string
+Fully qualified path to the command to be executed.
+.TP 6n
+cwd=string
+The current working directory to change to when executing the command.
+.TP 6n
+exec_background=bool
+By default,
+\fBsudo\fR
+runs a command as the foreground process as long as
+\fBsudo\fR
+itself is running in the foreground.
+When
+\fIexec_background\fR
+is enabled and the command is being run in a pty (due to I/O logging
+or the
+\fIuse_pty\fR
+setting), the command will be run as a background process.
+Attempts to read from the controlling terminal (or to change terminal
+settings) will result in the command being suspended with the
+\fRSIGTTIN\fR
+signal (or
+\fRSIGTTOU\fR
+in the case of terminal settings).
+If this happens when
+\fBsudo\fR
+is a foreground process, the command will be granted the controlling terminal
+and resumed in the foreground with no user intervention required.
+The advantage of initially running the command in the background is that
+\fBsudo\fR
+need not read from the terminal unless the command explicitly requests it.
+Otherwise, any terminal input must be passed to the command, whether it
+has required it or not (the kernel buffers terminals so it is not possible
+to tell whether the command really wants the input).
+This is different from historic
+\fIsudo\fR
+behavior or when the command is not being run in a pty.
+.sp
+For this to work seamlessly, the operating system must support the
+automatic restarting of system calls.
+Unfortunately, not all operating systems do this by default,
+and even those that do may have bugs.
+For example, Mac OS X fails to restart the
+\fBtcgetattr\fR()
+and
+\fBtcsetattr\fR()
+system calls (this is a bug in Mac OS X).
+Furthermore, because this behavior depends on the command stopping with the
+\fRSIGTTIN\fR
+or
+\fRSIGTTOU\fR
+signals, programs that catch these signals and suspend themselves
+with a different signal (usually
+\fRSIGTOP\fR)
+will not be automatically foregrounded.
+Some versions of the linux
+su(1)
+command behave this way.
+Because of this, a plugin should not set
+\fIexec_background\fR
+unless it is explicitly enabled by the administrator and there should
+be a way to enabled or disable it on a per-command basis.
+.sp
+This setting has no effect unless I/O logging is enabled or
+\fIuse_pty\fR
+is enabled.
+.TP 6n
iolog_compress=bool
Set to true if the I/O logging plugins, if any, should compress the
log data.
This only includes output to the screen, not output to a pipe or file.
This is a hint to the I/O logging plugin which may choose to ignore it.
.TP 6n
+login_class=string
+BSD login class to use when setting resource limits and nice value
+(optional).
+This option is only set on systems that support login classes.
+.TP 6n
+nice=int
+Nice value (priority) to use when executing the command.
+The nice value, if specified, overrides the priority associated with the
+\fIlogin_class\fR
+on BSD systems.
+.TP 6n
+noexec=bool
+If set, prevent the command from executing other programs.
+.TP 6n
+preserve_groups=bool
+If set,
+\fBsudo\fR
+will preserve the user's group vector instead of
+initializing the group vector based on
+\fRrunas_user\fR.
+.TP 6n
+runas_egid=gid
+Effective group ID to run the command as.
+If not specified, the value of
+\fIrunas_gid\fR
+is used.
+.TP 6n
+runas_euid=uid
+Effective user ID to run the command as.
+If not specified, the value of
+\fIrunas_uid\fR
+is used.
+.TP 6n
+runas_gid=gid
+Group ID to run the command as.
+.TP 6n
+runas_groups=list
+The supplementary group vector to use for the command in the form
+of a comma-separated list of group IDs.
+If
+\fIpreserve_groups\fR
+is set, this option is ignored.
+.TP 6n
+runas_uid=uid
+User ID to run the command as.
+.TP 6n
+selinux_role=string
+SELinux role to use when executing the command.
+.TP 6n
+selinux_type=string
+SELinux type to use when executing the command.
+.TP 6n
+set_utmp=bool
+Create a utmp (or utmpx) entry when a pseudo-tty is allocated.
+By default, the new entry will be a copy of the user's existing utmp
+entry (if any), with the tty, time, type and pid fields updated.
+.TP 6n
+sudoedit=bool
+Set to true when in
+\fIsudoedit\fR
+mode.
+The plugin may enable
+\fIsudoedit\fR
+mode even if
+\fBsudo\fR
+was not invoked as
+\fBsudoedit\fR.
+This allows the plugin to perform command substitution and transparently
+enable
+\fIsudoedit\fR
+when the user attempts to run an editor.
+.TP 6n
+timeout=int
+Command timeout.
+If non-zero then when the timeout expires the command will be killed.
+.TP 6n
+umask=octal
+The file creation mask to use when executing the command.
+.TP 6n
use_pty=bool
Allocate a pseudo-tty to run the command in, regardless of whether
or not I/O logging is in use.
will only run
the command in a pty when an I/O log plugin is loaded.
.TP 6n
-set_utmp=bool
-Create a utmp (or utmpx) entry when a pseudo-tty is allocated.
-By default, the new entry will be a copy of the user's existing utmp
-entry (if any), with the tty, time, type and pid fields updated.
-.TP 6n
utmp_user=string
User name to use when constructing a new utmp (or utmpx) entry when
\fIset_utmp\fR
\fB\-v\fR
flag.
For policy plugins such as
-\fIsudoers\fR
+\fBsudoers\fR
that cache
authentication credentials, this function will validate and cache
the credentials.
\fB\-K\fR
flag.
For policy plugins such as
-\fIsudoers\fR
+\fBsudoers\fR
that
cache authentication credentials, this function will invalidate the
credentials.
#define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
- int (*open)(unsigned int version, sudo_conv_t conversation
+ int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
- char * const user_info[], int argc, char * const argv[],
- char * const user_env[], char * const plugin_options[]);
+ char * const user_info[], char * const command_info[],
+ int argc, char * const argv[], char * const user_env[],
+ char * const plugin_options[]);
void (*close)(int exit_status, int error); /* wait status or error */
int (*show_version)(int verbose);
int (*log_ttyin)(const char *buf, unsigned int len);
.RS
.nf
.RS 0n
-int (*open)(unsigned int version, sudo_conv_t conversation
+int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
char * const user_env[], char * const plugin_options[]);
.PP
Same as for the
\fIPolicy plugin API\fR.
+.SS "Signal handlers"
+The
+\fBsudo\fR
+front end installs default signal handlers to trap common signals
+while the plugin functions are run.
+The following signals are trapped by default before the command is
+executed:
+.TP 4n
+\fBo\fR
+\fRSIGALRM\fR
+.PD 0
+.TP 4n
+\fBo\fR
+\fRSIGHUP\fR
+.TP 4n
+\fBo\fR
+\fRSIGINT\fR
+.TP 4n
+\fBo\fR
+\fRSIGQUIT\fR
+.TP 4n
+\fBo\fR
+\fRSIGTERM\fR
+.TP 4n
+\fBo\fR
+\fRSIGTSTP\fR
+.TP 4n
+\fBo\fR
+\fRSIGUSR1\fR
+.TP 4n
+\fBo\fR
+\fRSIGUSR2\fR
+.PD
+.PP
+If a fatal signal is received before the command is executed,
+\fBsudo\fR
+will call the plugin's
+\fBclose\fR()
+function with an exit status of 128 plus the value of the signal
+that was received.
+This allows for consistent logging of commands killed by a signal
+for plugins that log such information in their
+\fBclose\fR()
+function.
+.PP
+A plugin may temporarily install its own signal handlers but must
+restore the original handler before the plugin function returns.
.SS "Hook function API"
Beginning with plugin API version 1.2, it is possible to install
hooks for certain functions called by the
Instead, they are logged to the file specified in the
\fRDebug\fR
statement (if any) in the
-\fI@sysconfdir@/sudo.conf\fR
-.PP
+sudo.conf(@mansectform@).
file.
This allows a plugin to log debugging information and is intended
to be used in conjunction with the
function usage.
.SS "Sudoers group plugin API"
The
-\fIsudoers\fR
-module supports a plugin interface to allow non-Unix
+\fBsudoers\fR
+plugin supports its own plugin interface to allow non-Unix
group lookups.
This can be used to query a group source other than the standard Unix
group database.
-A sample group plugin is bundled with
-\fBsudo\fR
-that implements file-based lookups.
+Two sample group plugins are bundled with
+\fBsudo\fR,
+\fIgroup_file\fR
+and
+\fIsystem_group\fR,
+are detailed in
+sudoers(@mansectform@).
Third party group plugins include a QAS AD plugin available from Quest Software.
.PP
A group plugin must declare and populate a
field should be set to GROUP_API_VERSION.
.sp
This allows
-\fIsudoers\fR
+\fBsudoers\fR
to determine the API version the group plugin
was built against.
.TP 6n
.TP 6n
version
The version passed in by
-\fIsudoers\fR
+\fBsudoers\fR
allows the plugin to determine the
major and minor version number of the group plugin API supported by
-\fIsudoers\fR.
+\fBsudoers\fR.
.TP 6n
plugin_printf
A pointer to a
The
\fBcleanup\fR()
function is called when
-\fIsudoers\fR
+\fBsudoers\fR
has finished its
group checks.
The plugin should free any memory it has allocated and close open file handles.
Version 1.0
Initial API version.
.TP 6n
-Version 1.1
+Version 1.1 (sudo 1.8.0)
The I/O logging plugin's
\fBopen\fR()
function was modified to take the
\fRcommand_info\fR
list as an argument.
.TP 6n
-Version 1.2
+Version 1.2 (sudo 1.8.5)
The Policy and I/O logging plugins'
\fBopen\fR()
functions are now passed
-a list of plugin options if any are specified in
-\fI@sysconfdir@/sudo.conf\fR.
+a list of plugin parameters if any are specified in
+sudo.conf(@mansectform@).
.sp
A simple hooks API has been introduced to allow plugins to hook in to the
system's environment handling functions.
to the user environment which can be updated as needed.
This can be used to merge in environment variables stored in the PAM
handle before a command is run.
+.TP 6n
+Version 1.3 (sudo 1.8.7)
+Support for the
+\fIexec_background\fR
+entry has been added to the
+\fRcommand_info\fR
+list.
+.sp
+The
+\fImax_groups\fR
+and
+\fIplugin_dir\fR
+entries were added to the
+\fRsettings\fR
+list.
+.sp
+The
+\fBversion\fR()
+and
+\fBclose\fR()
+functions are now optional.
+Previously, a missing
+\fBversion\fR()
+or
+\fBclose\fR()
+function would result in a crash.
+If no policy plugin
+\fBclose\fR()
+function is defined, a default
+\fBclose\fR()
+function will be provided by the
+\fBsudo\fR
+front end that displays a warning if the command could not be
+executed.
+.sp
+The
+\fBsudo\fR
+front end now installs default signal handlers to trap common signals
+while the plugin functions are run.
.SH "SEE ALSO"
+sudo.conf(@mansectform@),
sudoers(@mansectform@),
sudo(@mansectsu@)
.SH "BUGS"
.\"
-.\" Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 16, 2012
+.Dd March 5, 2013
.Dt SUDO_PLUGIN @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
supports a plugin API
for policy and session logging.
By default, the
-.Em sudoers
+.Nm sudoers
policy plugin and an associated I/O logging plugin are used.
Via the plugin API,
.Nm sudo
can be configured to use alternate policy and/or I/O logging plugins
provided by third parties.
-The plugins to be used are specified via the
-.Pa @sysconfdir@/sudo.conf
+The plugins to be used are specified in the
+.Xr sudo.conf @mansectform@
file.
.Pp
The API is versioned with a major and minor number.
The plugin API is defined by the
.Li sudo_plugin.h
header file.
-.Ss The sudo.conf file
-The
-.Pa @sysconfdir@/sudo.conf
-file contains plugin configuration directives.
-The primary keyword is the
-.Li Plugin
-directive, which causes a plugin to be loaded.
-.Pp
-A
-.Li Plugin
-line consists of the
-.Li Plugin
-keyword, followed by the
-.Em symbol_name
-and the
-.Em path
-to the shared object containing the plugin.
-The
-.Em symbol_name
-is the name of the
-.Li struct policy_plugin
-or
-.Li struct io_plugin
-in the plugin shared object.
-The
-.Em path
-may be fully qualified or relative.
-If not fully qualified it is relative to the
-.Pa @prefix@/libexec
-directory.
-Any additional parameters after the
-.Em path
-are passed as options to the plugin's
-.Fn open
-function.
-Lines that don't begin with
-.Li Plugin ,
-.Li Path ,
-.Li Debug
-or
-.Li Set
-are silently ignored.
-.Pp
-The same shared object may contain multiple plugins, each with a
-different symbol name.
-The shared object file must be owned by uid 0 and only writable by its owner.
-Because of ambiguities that arise from composite policies, only a single
-policy plugin may be specified.
-This limitation does not apply to I/O plugins.
-.Bd -literal
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin sudoers_policy sudoers.so
-Plugin sudoers_io sudoers.so
-.Ed
.Ss Policy plugin API
A policy plugin must declare and populate a
.Li policy_plugin
.Nm sudo
policy checks.
The name of the symbol should be specified in
-.Pa @sysconfdir@/sudo.conf
+.Xr sudo.conf @mansectform@
along with a path to the plugin so that
.Nm sudo
can load it.
.Em value
might.
.Bl -tag -width 4n
+.It bsdauth_type=string
+Authentication type, if specified by the
+.Fl a
+flag, to use on
+systems where BSD authentication is supported.
+.It closefrom=number
+If specified, the user has requested via the
+.Fl C
+flag that
+.Nm sudo
+close all files descriptors with a value of
+.Em number
+or higher.
+The plugin may optionally pass this, or another value, back in the
+.Em command_info
+list.
.It debug_flags=string
A comma-separated list of debug flags that correspond to
.Nm sudo Ns No 's
.Li Debug
entry in
-.Pa @sysconfdir@/sudo.conf ,
+.Xr sudo.conf @mansectform@ ,
if there is one.
The flags are passed to the plugin as they appear in
-.Pa @sysconfdir@/sudo.conf .
+.Xr sudo.conf @mansectform@ .
The syntax used by
.Nm sudo
and the
-.Em sudoers
+.Nm sudoers
plugin is
.Em subsystem Ns No @ Ns Em priority
but the plugin is free to use a different
format so long as it does not include a comma
.Pq Ql ,\& .
-.Pp
-For reference, the priorities supported by the
-.Nm sudo
-front end and
-.Em sudoers
-are:
-.Em crit ,
-.Em err ,
-.Em warn ,
-.Em notice ,
-.Em diag ,
-.Em info ,
-.Em trace
-and
-.Em debug .
-.Pp
-The following subsystems are defined:
-.Em main ,
-.Em memory ,
-.Em args ,
-.Em exec ,
-.Em pty ,
-.Em utmp ,
-.Em conv ,
-.Em pcomm ,
-.Em util ,
-.Em list ,
-.Em netif ,
-.Em audit ,
-.Em edit ,
-.Em selinux ,
-.Em ldap ,
-.Em match ,
-.Em parser ,
-.Em alias ,
-.Em defaults ,
-.Em auth ,
-.Em env ,
-.Em logging ,
-.Em nss ,
-.Em rbtree ,
-.Em perms ,
-.Em plugin .
-The subsystem
-.Em all
-includes every subsystem.
-.Pp
There is not currently a way to specify a set of debug flags specific
to the plugin--the flags are shared by
.Nm sudo
.It debug_level=number
This setting has been deprecated in favor of
.Em debug_flags .
-.It runas_user=string
-The user name or uid to to run the command as, if specified via the
-.Fl u
-flag.
-.It runas_group=string
-The group name or gid to to run the command as, if specified via
-the
-.Fl g
-flag.
-.It prompt=string
-The prompt to use when requesting a password, if specified via
-the
-.Fl p
-flag.
-.It set_home=bool
-Set to true if the user specified the
-.Fl H
-flag.
-If true, set the
-.Li HOME
-environment variable to the target user's home directory.
-.It preserve_environment=bool
-Set to true if the user specified the
-.Fl E
-flag, indicating that
-the user wishes to preserve the environment.
-.It run_shell=bool
-Set to true if the user specified the
-.Fl s
-flag, indicating that
-the user wishes to run a shell.
-.It login_shell=bool
+.It ignore_ticket=bool
Set to true if the user specified the
-.Fl i
-flag, indicating that
-the user wishes to run a login shell.
-.It implied_shell=bool
-If the user does not specify a program on the command line,
-.Nm sudo
-will pass the plugin the path to the user's shell and set
+.Fl k
+flag along with a
+command, indicating that the user wishes to ignore any cached
+authentication credentials.
.Em implied_shell
to true.
This allows
.Nm sudo
to print a usage message and
exit.
-.It preserve_groups=bool
-Set to true if the user specified the
-.Fl P
-flag, indicating that
-the user wishes to preserve the group vector instead of setting it
-based on the runas user.
-.It ignore_ticket=bool
-Set to true if the user specified the
-.Fl k
-flag along with a
-command, indicating that the user wishes to ignore any cached
-authentication credentials.
-.It noninteractive=bool
-Set to true if the user specified the
-.Fl n
-flag, indicating that
+.It implied_shell=bool
+If the user does not specify a program on the command line,
.Nm sudo
-should operate in non-interactive mode.
-The plugin may reject a command run in non-interactive mode if user
-interaction is required.
+will pass the plugin the path to the user's shell and set
.It login_class=string
BSD login class to use when setting resource limits and nice value,
if specified by the
.Fl c
flag.
-.It selinux_role=string
-SELinux role to use when executing the command, if specified by
-the
-.Fl r
-flag.
-.It selinux_type=string
-SELinux type to use when executing the command, if specified by
-the
-.Fl t
-flag.
-.It bsdauth_type=string
-Authentication type, if specified by the
-.Fl a
-flag, to use on
-systems where BSD authentication is supported.
+.It login_shell=bool
+Set to true if the user specified the
+.Fl i
+flag, indicating that
+the user wishes to run a login shell.
+.It max_groups=int
+The maximum number of groups a user may belong to.
+This will only be present if there is a corresponding setting in
+.Xr sudo.conf @mansectform@ .
.It network_addrs=list
A space-separated list of IP network addresses and netmasks in the
form
If the address contains a colon
.Pq Ql :\& ,
it is an IPv6 address, else it is IPv4.
+.It noninteractive=bool
+Set to true if the user specified the
+.Fl n
+flag, indicating that
+.Nm sudo
+should operate in non-interactive mode.
+The plugin may reject a command run in non-interactive mode if user
+interaction is required.
+.It plugin_dir=string
+The default plugin directory used by the
+.Nm sudo
+front end.
+This is the default directory set at compile time and may not
+correspond to the directory the running plugin was loaded from.
+It may be used by a plugin to locate support files.
+.It preserve_environment=bool
+Set to true if the user specified the
+.Fl E
+flag, indicating that
+the user wishes to preserve the environment.
+.It preserve_groups=bool
+Set to true if the user specified the
+.Fl P
+flag, indicating that
+the user wishes to preserve the group vector instead of setting it
+based on the runas user.
.It progname=string
The command name that sudo was run as, typically
.Dq sudo
or
.Dq sudoedit .
+.It prompt=string
+The prompt to use when requesting a password, if specified via
+the
+.Fl p
+flag.
+.It run_shell=bool
+Set to true if the user specified the
+.Fl s
+flag, indicating that
+the user wishes to run a shell.
+.It runas_group=string
+The group name or gid to to run the command as, if specified via
+the
+.Fl g
+flag.
+.It runas_user=string
+The user name or uid to to run the command as, if specified via the
+.Fl u
+flag.
+.It selinux_role=string
+SELinux role to use when executing the command, if specified by
+the
+.Fl r
+flag.
+.It selinux_type=string
+SELinux type to use when executing the command, if specified by
+the
+.Fl t
+flag.
+.It set_home=bool
+Set to true if the user specified the
+.Fl H
+flag.
+If true, set the
+.Li HOME
+environment variable to the target user's home directory.
.It sudoedit=bool
Set to true when the
.Fl e
For more information, see the
.Em check_policy
section.
-.It closefrom=number
-If specified, the user has requested via the
-.Fl C
-flag that
-.Nm sudo
-close all files descriptors with a value of
-.Em number
-or higher.
-The plugin may optionally pass this, or another value, back in the
-.Em command_info
-list.
.El
.Pp
Additional settings may be added in the future so the plugin should
.Em value
might.
.Bl -tag -width 4n
+.It cols=int
+The number of columns the user's terminal supports.
+If there is no terminal device available, a default value of 80 is used.
+.It cwd=string
+The user's current working directory.
+.It egid=gid_t
+The effective group ID of the user invoking
+.Nm sudo .
+.It euid=uid_t
+The effective user ID of the user invoking
+.Nm sudo .
+.It gid=gid_t
+The real group ID of the user invoking
+.Nm sudo .
+.It groups=list
+The user's supplementary group list formatted as a string of
+comma-separated group IDs.
+.It host=string
+The local machine's hostname as returned by the
+.Xr gethostname 2
+system call.
+.It lines=int
+The number of lines the user's terminal supports.
+If there is
+no terminal device available, a default value of 24 is used.
+.It pgid=int
+The ID of the process group that the running
+.Nm sudo
+process is a member of.
+Only available starting with API version 1.2
.It pid=int
The process ID of the running
.Nm sudo
process.
Only available starting with API version 1.2
+.It plugin_options
+Any (non-comment) strings immediately after the plugin path are
+passed as arguments to the plugin.
+These arguments are split on a white space boundary and are passed to
+the plugin in the form of a
+.Dv NULL Ns No -terminated
+array of strings.
+If no arguments were
+specified,
+.Em plugin_options
+will be the
+.Dv NULL
+pointer.
+.Pp
+NOTE: the
+.Em plugin_options
+parameter is only available starting with
+API version 1.2.
+A plugin
+.Sy must
+check the API version specified
+by the
+.Nm sudo
+front end before using
+.Em plugin_options .
+Failure to do so may result in a crash.
.It ppid=int
The parent process ID of the running
.Nm sudo
.Nm sudo
process or 0 if
.Nm sudo
-is
-not part of a POSIX job control session.
-Only available starting with API version 1.2
-.It pgid=int
-The ID of the process group that the running
-.Nm sudo
-process belongs
-to.
+is not part of a POSIX job control session.
Only available starting with API version 1.2
.It tcpgid=int
-The ID of the forground process group associated with the terminal
-device associcated with the
+The ID of the foreground process group associated with the terminal
+device associated with the
.Nm sudo
process or \-1 if there is no
terminal present.
Only available starting with API version 1.2
-.It user=string
-The name of the user invoking
-.Nm sudo .
-.It euid=uid_t
-The effective user ID of the user invoking
-.Nm sudo .
-.It uid=uid_t
-The real user ID of the user invoking
-.Nm sudo .
-.It egid=gid_t
-The effective group ID of the user invoking
-.Nm sudo .
-.It gid=gid_t
-The real group ID of the user invoking
-.Nm sudo .
-.It groups=list
-The user's supplementary group list formatted as a string of
-comma-separated group IDs.
-.It cwd=string
-The user's current working directory.
.It tty=string
The path to the user's terminal device.
If the user has no terminal device associated with the session,
the value will be empty, as in
.Dq Li tty= .
-.It host=string
-The local machine's hostname as returned by the
-.Xr gethostname 2
-system call.
-.It lines=int
-The number of lines the user's terminal supports.
-If there is
-no terminal device available, a default value of 24 is used.
-.It cols=int
-The number of columns the user's terminal supports.
-If there is no terminal device available, a default value of 80 is used.
+.It uid=uid_t
+The real user ID of the user invoking
+.Nm sudo .
+.It user=string
+The name of the user invoking
+.Nm sudo .
.El
.It user_env
The user's environment in the form of a
itself but the
.Em value
might.
-.It plugin_options
-Any (non-comment) strings immediately after the plugin path are
-treated as arguments to the plugin.
-These arguments are split on a white space boundary and are passed to
-the plugin in the form of a
-.Dv NULL Ns No -terminated
-array of strings.
-If no arguments were
-specified,
-.Em plugin_options
-will be the
-.Dv NULL
-pointer.
-.Pp
-NOTE: the
-.Em plugin_options
-parameter is only available starting with
-API version 1.2.
-A plugin
-.Sy must
-check the API version specified
-by the
-.Nm sudo
-front end before using
-.Em plugin_options .
-Failure to do so may result in a crash.
.El
.It close
.Bd -literal -compact
.Li error
is 0.
.El
+.Pp
+If no
+.Fn close
+function is defined, no I/O logging plugins are loaded,
+and neither the
+.Em timeout
+not
+.Em use_pty
+options are set in the
+.Li command_info
+list, the
+.Nm sudo
+front end may execute the command directly instead of running
+it as a child process.
.It show_version
.Bd -literal -compact
int (*show_version)(int verbose);
The following values are recognized by
.Nm sudo :
.Bl -tag -width 4n
-.It command=string
-Fully qualified path to the command to be executed.
-.It runas_uid=uid
-User ID to run the command as.
-.It runas_euid=uid
-Effective user ID to run the command as.
-If not specified, the value of
-.Em runas_uid
-is used.
-.It runas_gid=gid
-Group ID to run the command as.
-.It runas_egid=gid
-Effective group ID to run the command as.
-If not specified, the value of
-.Em runas_gid
-is used.
-.It runas_groups=list
-The supplementary group vector to use for the command in the form
-of a comma-separated list of group IDs.
-If
-.Em preserve_groups
-is set, this option is ignored.
-.It login_class=string
-BSD login class to use when setting resource limits and nice value
-(optional).
-This option is only set on systems that support login classes.
-.It preserve_groups=bool
-If set,
-.Nm sudo
-will preserve the user's group vector instead of
-initializing the group vector based on
-.Li runas_user .
-.It cwd=string
-The current working directory to change to when executing the command.
-.It noexec=bool
-If set, prevent the command from executing other programs.
.It chroot=string
The root directory to use when running the command.
-.It nice=int
-Nice value (priority) to use when executing the command.
-The nice value, if specified, overrides the priority associated with the
-.Em login_class
-on BSD systems.
-.It umask=octal
-The file creation mask to use when executing the command.
-.It selinux_role=string
-SELinux role to use when executing the command.
-.It selinux_type=string
-SELinux type to use when executing the command.
-.It timeout=int
-Command timeout.
-If non-zero then when the timeout expires the command will be killed.
-.It sudoedit=bool
-Set to true when in
-.Em sudoedit
-mode.
-The plugin may enable
-.Em sudoedit
-mode even if
-.Nm sudo
-was not invoked as
-.Nm sudoedit .
-This allows the plugin to perform command substitution and transparently
-enable
-.Em sudoedit
-when the user attempts to run an editor.
.It closefrom=number
If specified,
.Nm sudo
of
.Em number
or higher.
+.It command=string
+Fully qualified path to the command to be executed.
+.It cwd=string
+The current working directory to change to when executing the command.
+.It exec_background=bool
+By default,
+.Nm sudo
+runs a command as the foreground process as long as
+.Nm sudo
+itself is running in the foreground.
+When
+.Em exec_background
+is enabled and the command is being run in a pty (due to I/O logging
+or the
+.Em use_pty
+setting), the command will be run as a background process.
+Attempts to read from the controlling terminal (or to change terminal
+settings) will result in the command being suspended with the
+.Dv SIGTTIN
+signal (or
+.Dv SIGTTOU
+in the case of terminal settings).
+If this happens when
+.Nm sudo
+is a foreground process, the command will be granted the controlling terminal
+and resumed in the foreground with no user intervention required.
+The advantage of initially running the command in the background is that
+.Nm sudo
+need not read from the terminal unless the command explicitly requests it.
+Otherwise, any terminal input must be passed to the command, whether it
+has required it or not (the kernel buffers terminals so it is not possible
+to tell whether the command really wants the input).
+This is different from historic
+.Em sudo
+behavior or when the command is not being run in a pty.
+.Pp
+For this to work seamlessly, the operating system must support the
+automatic restarting of system calls.
+Unfortunately, not all operating systems do this by default,
+and even those that do may have bugs.
+For example, Mac OS X fails to restart the
+.Fn tcgetattr
+and
+.Fn tcsetattr
+system calls (this is a bug in Mac OS X).
+Furthermore, because this behavior depends on the command stopping with the
+.Dv SIGTTIN
+or
+.Dv SIGTTOU
+signals, programs that catch these signals and suspend themselves
+with a different signal (usually
+.Dv SIGTOP )
+will not be automatically foregrounded.
+Some versions of the linux
+.Xr su 1
+command behave this way.
+Because of this, a plugin should not set
+.Em exec_background
+unless it is explicitly enabled by the administrator and there should
+be a way to enabled or disable it on a per-command basis.
+.Pp
+This setting has no effect unless I/O logging is enabled or
+.Em use_pty
+is enabled.
.It iolog_compress=bool
Set to true if the I/O logging plugins, if any, should compress the
log data.
terminal output.
This only includes output to the screen, not output to a pipe or file.
This is a hint to the I/O logging plugin which may choose to ignore it.
+.It login_class=string
+BSD login class to use when setting resource limits and nice value
+(optional).
+This option is only set on systems that support login classes.
+.It nice=int
+Nice value (priority) to use when executing the command.
+The nice value, if specified, overrides the priority associated with the
+.Em login_class
+on BSD systems.
+.It noexec=bool
+If set, prevent the command from executing other programs.
+.It preserve_groups=bool
+If set,
+.Nm sudo
+will preserve the user's group vector instead of
+initializing the group vector based on
+.Li runas_user .
+.It runas_egid=gid
+Effective group ID to run the command as.
+If not specified, the value of
+.Em runas_gid
+is used.
+.It runas_euid=uid
+Effective user ID to run the command as.
+If not specified, the value of
+.Em runas_uid
+is used.
+.It runas_gid=gid
+Group ID to run the command as.
+.It runas_groups=list
+The supplementary group vector to use for the command in the form
+of a comma-separated list of group IDs.
+If
+.Em preserve_groups
+is set, this option is ignored.
+.It runas_uid=uid
+User ID to run the command as.
+.It selinux_role=string
+SELinux role to use when executing the command.
+.It selinux_type=string
+SELinux type to use when executing the command.
+.It set_utmp=bool
+Create a utmp (or utmpx) entry when a pseudo-tty is allocated.
+By default, the new entry will be a copy of the user's existing utmp
+entry (if any), with the tty, time, type and pid fields updated.
+.It sudoedit=bool
+Set to true when in
+.Em sudoedit
+mode.
+The plugin may enable
+.Em sudoedit
+mode even if
+.Nm sudo
+was not invoked as
+.Nm sudoedit .
+This allows the plugin to perform command substitution and transparently
+enable
+.Em sudoedit
+when the user attempts to run an editor.
+.It timeout=int
+Command timeout.
+If non-zero then when the timeout expires the command will be killed.
+.It umask=octal
+The file creation mask to use when executing the command.
.It use_pty=bool
Allocate a pseudo-tty to run the command in, regardless of whether
or not I/O logging is in use.
.Nm sudo
will only run
the command in a pty when an I/O log plugin is loaded.
-.It set_utmp=bool
-Create a utmp (or utmpx) entry when a pseudo-tty is allocated.
-By default, the new entry will be a copy of the user's existing utmp
-entry (if any), with the tty, time, type and pid fields updated.
.It utmp_user=string
User name to use when constructing a new utmp (or utmpx) entry when
.Em set_utmp
.Fl v
flag.
For policy plugins such as
-.Em sudoers
+.Nm sudoers
that cache
authentication credentials, this function will validate and cache
the credentials.
.Fl K
flag.
For policy plugins such as
-.Em sudoers
+.Nm sudoers
that
cache authentication credentials, this function will invalidate the
credentials.
#define SUDO_IO_PLUGIN 2
unsigned int type; /* always SUDO_IO_PLUGIN */
unsigned int version; /* always SUDO_API_VERSION */
- int (*open)(unsigned int version, sudo_conv_t conversation
+ int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
- char * const user_info[], int argc, char * const argv[],
- char * const user_env[], char * const plugin_options[]);
+ char * const user_info[], char * const command_info[],
+ int argc, char * const argv[], char * const user_env[],
+ char * const plugin_options[]);
void (*close)(int exit_status, int error); /* wait status or error */
int (*show_version)(int verbose);
int (*log_ttyin)(const char *buf, unsigned int len);
built against.
.It open
.Bd -literal -compact
-int (*open)(unsigned int version, sudo_conv_t conversation
+int (*open)(unsigned int version, sudo_conv_t conversation,
sudo_printf_t plugin_printf, char * const settings[],
char * const user_info[], int argc, char * const argv[],
char * const user_env[], char * const plugin_options[]);
.Pp
Same as for the
.Sx Policy plugin API .
+.Ss Signal handlers
+The
+.Nm sudo
+front end installs default signal handlers to trap common signals
+while the plugin functions are run.
+The following signals are trapped by default before the command is
+executed:
+.Pp
+.Bl -bullet -compact
+.It
+.Dv SIGALRM
+.It
+.Dv SIGHUP
+.It
+.Dv SIGINT
+.It
+.Dv SIGQUIT
+.It
+.Dv SIGTERM
+.It
+.Dv SIGTSTP
+.It
+.Dv SIGUSR1
+.It
+.Dv SIGUSR2
+.El
+.Pp
+If a fatal signal is received before the command is executed,
+.Nm sudo
+will call the plugin's
+.Fn close
+function with an exit status of 128 plus the value of the signal
+that was received.
+This allows for consistent logging of commands killed by a signal
+for plugins that log such information in their
+.Fn close
+function.
+.Pp
+A plugin may temporarily install its own signal handlers but must
+restore the original handler before the plugin function returns.
.Ss Hook function API
Beginning with plugin API version 1.2, it is possible to install
hooks for certain functions called by the
Instead, they are logged to the file specified in the
.Li Debug
statement (if any) in the
-.Pa @sysconfdir@/sudo.conf
-.Pp
+.Xr sudo.conf @mansectform@ .
file.
This allows a plugin to log debugging information and is intended
to be used in conjunction with the
function usage.
.Ss Sudoers group plugin API
The
-.Em sudoers
-module supports a plugin interface to allow non-Unix
+.Nm sudoers
+plugin supports its own plugin interface to allow non-Unix
group lookups.
This can be used to query a group source other than the standard Unix
group database.
-A sample group plugin is bundled with
-.Nm sudo
-that implements file-based lookups.
+Two sample group plugins are bundled with
+.Nm sudo ,
+.Em group_file
+and
+.Em system_group ,
+are detailed in
+.Xr sudoers @mansectform@ .
Third party group plugins include a QAS AD plugin available from Quest Software.
.Pp
A group plugin must declare and populate a
field should be set to GROUP_API_VERSION.
.Pp
This allows
-.Em sudoers
+.Nm sudoers
to determine the API version the group plugin
was built against.
.It init
.Bl -tag -width 4n
.It version
The version passed in by
-.Em sudoers
+.Nm sudoers
allows the plugin to determine the
major and minor version number of the group plugin API supported by
-.Em sudoers .
+.Nm sudoers .
.It plugin_printf
A pointer to a
.Fn printf Ns No -style
The
.Fn cleanup
function is called when
-.Em sudoers
+.Nm sudoers
has finished its
group checks.
The plugin should free any memory it has allocated and close open file handles.
.Bl -tag -width 4n
.It Version 1.0
Initial API version.
-.It Version 1.1
+.It Version 1.1 (sudo 1.8.0)
The I/O logging plugin's
.Fn open
function was modified to take the
.Li command_info
list as an argument.
-.It Version 1.2
+.It Version 1.2 (sudo 1.8.5)
The Policy and I/O logging plugins'
.Fn open
functions are now passed
-a list of plugin options if any are specified in
-.Pa @sysconfdir@/sudo.conf .
+a list of plugin parameters if any are specified in
+.Xr sudo.conf @mansectform@ .
.Pp
A simple hooks API has been introduced to allow plugins to hook in to the
system's environment handling functions.
to the user environment which can be updated as needed.
This can be used to merge in environment variables stored in the PAM
handle before a command is run.
+.It Version 1.3 (sudo 1.8.7)
+Support for the
+.Em exec_background
+entry has been added to the
+.Li command_info
+list.
+.Pp
+The
+.Em max_groups
+and
+.Em plugin_dir
+entries were added to the
+.Li settings
+list.
+.Pp
+The
+.Fn version
+and
+.Fn close
+functions are now optional.
+Previously, a missing
+.Fn version
+or
+.Fn close
+function would result in a crash.
+If no policy plugin
+.Fn close
+function is defined, a default
+.Fn close
+function will be provided by the
+.Nm sudo
+front end that displays a warning if the command could not be
+executed.
+.Pp
+The
+.Nm sudo
+front end now installs default signal handlers to trap common signals
+while the plugin functions are run.
.El
.Sh SEE ALSO
+.Xr sudo.conf @mansectform@ ,
.Xr sudoers @mansectform@ ,
.Xr sudo @mansectsu@
.Sh BUGS
SUDOERS(4) Programmer's Manual SUDOERS(4)
N\bNA\bAM\bME\bE
- s\bsu\bud\bdo\boe\ber\brs\bs - default sudo security policy module
+ s\bsu\bud\bdo\boe\ber\brs\bs - default sudo security policy plugin
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
- The _\bs_\bu_\bd_\bo_\be_\br_\bs policy module determines a user's s\bsu\bud\bdo\bo privileges. It is the
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs policy plugin determines a user's s\bsu\bud\bdo\bo privileges. It is the
default s\bsu\bud\bdo\bo policy plugin. The policy is driven by the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs
file or, optionally in LDAP. The policy format is described in detail in
the _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bF_\bI_\bL_\bE _\bF_\bO_\bR_\bM_\bA_\bT section. For information on storing _\bs_\bu_\bd_\bo_\be_\br_\bs
policy information in LDAP, please see sudoers.ldap(4).
+ C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg s\bsu\bud\bdo\bo.\b.c\bco\bon\bnf\bf f\bfo\bor\br s\bsu\bud\bdo\boe\ber\brs\bs
+ s\bsu\bud\bdo\bo consults the sudo.conf(4) file to determine which policy and and I/O
+ logging plugins to load. If no sudo.conf(4) file is present, or if it
+ contains no Plugin lines, s\bsu\bud\bdo\boe\ber\brs\bs will be used for policy decisions and
+ I/O logging. To explicitly configure sudo.conf(4) to use the s\bsu\bud\bdo\boe\ber\brs\bs
+ plugin, the following configuration can be used.
+
+ Plugin sudoers_policy sudoers.so
+ Plugin sudoers_io sudoers.so
+
+ Starting with s\bsu\bud\bdo\bo 1.8.5, it is possible to specify optional arguments to
+ the s\bsu\bud\bdo\boe\ber\brs\bs plugin in the sudo.conf(4) file. These arguments, if
+ present, should be listed after the path to the plugin (i.e. after
+ _\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bs_\bo). Multiple arguments may be specified, separated by white
+ space. For example:
+
+ Plugin sudoers_policy sudoers.so sudoers_mode=0400
+
+ The following plugin arguments are supported:
+
+ ldap_conf=pathname
+ The _\bl_\bd_\ba_\bp_\b__\bc_\bo_\bn_\bf argument can be used to override the default path
+ to the _\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf file.
+
+ ldap_secret=pathname
+ The _\bl_\bd_\ba_\bp_\b__\bs_\be_\bc_\br_\be_\bt argument can be used to override the default
+ path to the _\bl_\bd_\ba_\bp_\b._\bs_\be_\bc_\br_\be_\bt file.
+
+ sudoers_file=pathname
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bf_\bi_\bl_\be argument can be used to override the default
+ path to the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
+
+ sudoers_uid=uid
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bu_\bi_\bd argument can be used to override the default
+ owner of the sudoers file. It should be specified as a numeric
+ user ID.
+
+ sudoers_gid=gid
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bg_\bi_\bd argument can be used to override the default
+ group of the sudoers file. It must be specified as a numeric
+ group ID (not a group name).
+
+ sudoers_mode=mode
+ The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bm_\bo_\bd_\be argument can be used to override the default
+ file mode for the sudoers file. It should be specified as an
+ octal value.
+
+ For more information on configuring sudo.conf(4), please refer to its
+ manual.
+
A\bAu\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn a\ban\bnd\bd l\blo\bog\bgg\bgi\bin\bng\bg
The _\bs_\bu_\bd_\bo_\be_\br_\bs security policy requires that most users authenticate
themselves before they can use s\bsu\bud\bdo\bo. A password is not required if the
'!'* %:#nonunix_gid |
'!'* User_Alias
- A User_List is made up of one or more user names, user ids (prefixed with
- `#'), system group names and ids (prefixed with `%' and `%#'
+ A User_List is made up of one or more user names, user IDs (prefixed with
+ `#'), system group names and IDs (prefixed with `%' and `%#'
respectively), netgroups (prefixed with `+'), non-Unix group names and
IDs (prefixed with `%:' and `%:#' respectively) and User_Aliases. Each
list item may be prefixed with zero or more `!' operators. An odd number
characters must be included inside the quotes.
The actual nonunix_group and nonunix_gid syntax depends on the underlying
- group provider plugin (see the _\bg_\br_\bo_\bu_\bp_\b__\bp_\bl_\bu_\bg_\bi_\bn description below). For
- instance, the QAS AD plugin supports the following formats:
+ group provider plugin. For instance, the QAS AD plugin supports the
+ following formats:
o\bo Group in the same domain: "%:Group Name"
o\bo Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
+ See _\bG_\bR_\bO_\bU_\bP _\bP_\bR_\bO_\bV_\bI_\bD_\bE_\bR _\bP_\bL_\bU_\bG_\bI_\bN_\bS for more information.
+
Note that quotes around group names are optional. Unquoted strings must
use a backslash (`\') to escape spaces and special characters. See _\bO_\bt_\bh_\be_\br
_\bs_\bp_\be_\bc_\bi_\ba_\bl _\bc_\bh_\ba_\br_\ba_\bc_\bt_\be_\br_\bs _\ba_\bn_\bd _\br_\be_\bs_\be_\br_\bv_\be_\bd _\bw_\bo_\br_\bd_\bs for a list of characters that need
``localhost'' will only match if that is the actual host name, which is
usually only the case for non-networked systems.
+ digest ::= [A-Fa-f0-9]+ |
+ [[A-Za-z0-9+/=]+
+
+ Digest_Spec ::= "sha224" ':' digest |
+ "sha256" ':' digest |
+ "sha384" ':' digest |
+ "sha512" ':' digest
+
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
file name args |
file name '""'
- Cmnd ::= '!'* command name |
+ Cmnd ::= Digest_Spec? '!'* command name |
'!'* directory |
'!'* "sudoedit" |
'!'* Cmnd_Alias
the Cmnd must match exactly those given by the user on the command line
(or match the wildcards if there are any). Note that the following
characters must be escaped with a `\' if they are used in command
- arguments: `,', `:', `=', `\'. The special command ``sudoedit'' is used
+ arguments: `,', `:', `=', `\'. The built-in command ``sudoedit'' is used
to permit a user to run s\bsu\bud\bdo\bo with the -\b-e\be option (or as s\bsu\bud\bdo\boe\bed\bdi\bit\bt). It may
- take command line arguments just as a normal command does.
+ take command line arguments just as a normal command does. Note that
+ ``sudoedit'' is a command built into s\bsu\bud\bdo\bo itself and must be specified in
+ _\bs_\bu_\bd_\bo_\be_\br_\bs without a leading path.
+
+ If a command name is prefixed with a Digest_Spec, the command will only
+ match successfully if it can be verified using the specified SHA-2
+ digest. This may be useful in situations where the user invoking s\bsu\bud\bdo\bo
+ has write access to the command or its parent directory. The following
+ digest formats are supported: sha224, sha256, sha384 and sha512. The
+ string may be specified in either hex or base64 format (base64 is more
+ compact). There are several utilities capable of generating SHA-2
+ digests in hex format such as openssl, shasum, sha224sum, sha256sum,
+ sha384sum, sha512sum.
+
+ For example, using openssl:
+
+ $ openssl dgst -sha224 /bin/ls
+ SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
+
+ It is also possible to use openssl to generate base64 output:
+
+ $ openssl dgst -binary -sha224 /bin/ls | openssl base64
+ EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
+
+ Command digests are only supported by version 1.8.7 or higher.
D\bDe\bef\bfa\bau\bul\blt\bts\bs
Certain configuration options may be changed from their default values at
it is overridden by the opposite tag (in other words, PASSWD overrides
NOPASSWD and NOEXEC overrides EXEC).
- _\bN_\bO_\bP_\bA_\bS_\bS_\bW_\bD _\ba_\bn_\bd _\bP_\bA_\bS_\bS_\bW_\bD
+ _\bN_\bO_\bP_\bA_\bS_\bS_\bW_\bD and _\bP_\bA_\bS_\bS_\bW_\bD
- By default, s\bsu\bud\bdo\bo requires that a user authenticate him or herself before
- running a command. This behavior can be modified via the NOPASSWD tag.
- Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that
- follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used
- to reverse things. For example:
+ By default, s\bsu\bud\bdo\bo requires that a user authenticate him or herself
+ before running a command. This behavior can be modified via the
+ NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for
+ the commands that follow it in the Cmnd_Spec_List. Conversely, the
+ PASSWD tag can be used to reverse things. For example:
- ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+ ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
- would allow the user r\bra\bay\by to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, _\b/_\bb_\bi_\bn_\b/_\bl_\bs, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm as
- r\bro\boo\bot\bt on the machine rushmore without authenticating himself. If we only
- want r\bra\bay\by to be able to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl without a password the entry would
- be:
+ would allow the user r\bra\bay\by to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl, _\b/_\bb_\bi_\bn_\b/_\bl_\bs, and _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bl_\bp_\br_\bm
+ as r\bro\boo\bot\bt on the machine rushmore without authenticating himself. If we
+ only want r\bra\bay\by to be able to run _\b/_\bb_\bi_\bn_\b/_\bk_\bi_\bl_\bl without a password the entry
+ would be:
- ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
+ ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
- Note, however, that the PASSWD tag has no effect on users who are in the
- group specified by the _\be_\bx_\be_\bm_\bp_\bt_\b__\bg_\br_\bo_\bu_\bp option.
+ Note, however, that the PASSWD tag has no effect on users who are in
+ the group specified by the _\be_\bx_\be_\bm_\bp_\bt_\b__\bg_\br_\bo_\bu_\bp option.
- By default, if the NOPASSWD tag is applied to any of the entries for a
- user on the current host, he or she will be able to run ``sudo -l''
- without a password. Additionally, a user may only run ``sudo -v''
- without a password if the NOPASSWD tag is present for all a user's
- entries that pertain to the current host. This behavior may be
- overridden via the _\bv_\be_\br_\bi_\bf_\by_\bp_\bw and _\bl_\bi_\bs_\bt_\bp_\bw options.
+ By default, if the NOPASSWD tag is applied to any of the entries for a
+ user on the current host, he or she will be able to run ``sudo -l''
+ without a password. Additionally, a user may only run ``sudo -v''
+ without a password if the NOPASSWD tag is present for all a user's
+ entries that pertain to the current host. This behavior may be
+ overridden via the _\bv_\be_\br_\bi_\bf_\by_\bp_\bw and _\bl_\bi_\bs_\bt_\bp_\bw options.
- _\bN_\bO_\bE_\bX_\bE_\bC _\ba_\bn_\bd _\bE_\bX_\bE_\bC
+ _\bN_\bO_\bE_\bX_\bE_\bC and _\bE_\bX_\bE_\bC
- If s\bsu\bud\bdo\bo has been compiled with _\bn_\bo_\be_\bx_\be_\bc support and the underlying
- operating system supports it, the NOEXEC tag can be used to prevent a
- dynamically-linked executable from running further commands itself.
+ If s\bsu\bud\bdo\bo has been compiled with _\bn_\bo_\be_\bx_\be_\bc support and the underlying
+ operating system supports it, the NOEXEC tag can be used to prevent a
+ dynamically-linked executable from running further commands itself.
- In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and
- _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
+ In the following example, user a\baa\bar\bro\bon\bn may run _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bm_\bo_\br_\be and
+ _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/_\bv_\bi but shell escapes will be disabled.
- aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+ aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
- See the _\bP_\br_\be_\bv_\be_\bn_\bt_\bi_\bn_\bg _\bs_\bh_\be_\bl_\bl _\be_\bs_\bc_\ba_\bp_\be_\bs section below for more details on how
- NOEXEC works and whether or not it will work on your system.
+ See the _\bP_\br_\be_\bv_\be_\bn_\bt_\bi_\bn_\bg _\bs_\bh_\be_\bl_\bl _\be_\bs_\bc_\ba_\bp_\be_\bs section below for more details on how
+ NOEXEC works and whether or not it will work on your system.
- _\bS_\bE_\bT_\bE_\bN_\bV _\ba_\bn_\bd _\bN_\bO_\bS_\bE_\bT_\bE_\bN_\bV
+ _\bS_\bE_\bT_\bE_\bN_\bV and _\bN_\bO_\bS_\bE_\bT_\bE_\bN_\bV
- These tags override the value of the _\bs_\be_\bt_\be_\bn_\bv option on a per-command
- basis. Note that if SETENV has been set for a command, the user may
- disable the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option from the command line via the -\b-E\bE option.
- Additionally, environment variables set on the command line are not
- subject to the restrictions imposed by _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk, _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be, or
- _\be_\bn_\bv_\b__\bk_\be_\be_\bp. As such, only trusted users should be allowed to set variables
- in this manner. If the command matched is A\bAL\bLL\bL, the SETENV tag is implied
- for that command; this default may be overridden by use of the NOSETENV
- tag.
+ These tags override the value of the _\bs_\be_\bt_\be_\bn_\bv option on a per-command
+ basis. Note that if SETENV has been set for a command, the user may
+ disable the _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt option from the command line via the -\b-E\bE option.
+ Additionally, environment variables set on the command line are not
+ subject to the restrictions imposed by _\be_\bn_\bv_\b__\bc_\bh_\be_\bc_\bk, _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be, or
+ _\be_\bn_\bv_\b__\bk_\be_\be_\bp. As such, only trusted users should be allowed to set
+ variables in this manner. If the command matched is A\bAL\bLL\bL, the SETENV
+ tag is implied for that command; this default may be overridden by use
+ of the NOSETENV tag.
- _\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT _\ba_\bn_\bd _\bN_\bO_\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT
+ _\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT and _\bN_\bO_\bL_\bO_\bG_\b__\bI_\bN_\bP_\bU_\bT
- These tags override the value of the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt option on a per-command
- basis. For more information, see the description of _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt in the
- _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
+ These tags override the value of the _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt option on a per-command
+ basis. For more information, see the description of _\bl_\bo_\bg_\b__\bi_\bn_\bp_\bu_\bt in the
+ _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
- _\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT _\ba_\bn_\bd _\bN_\bO_\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT
+ _\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT and _\bN_\bO_\bL_\bO_\bG_\b__\bO_\bU_\bT_\bP_\bU_\bT
- These tags override the value of the _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt option on a per-command
- basis. For more information, see the description of _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt in the
- _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
+ These tags override the value of the _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt option on a per-command
+ basis. For more information, see the description of _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt in the
+ _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bO_\bP_\bT_\bI_\bO_\bN_\bS section below.
W\bWi\bil\bld\bdc\bca\bar\brd\bds\bs
s\bsu\bud\bdo\bo allows shell-style _\bw_\bi_\bl_\bd_\bc_\ba_\br_\bd_\bs (aka meta or glob characters) to be
used in host names, path names and command line arguments in the _\bs_\bu_\bd_\bo_\be_\br_\bs
- file. Wildcard matching is done via the P\bPO\bOS\bSI\bIX\bX glob(3) and fnmatch(3)
- routines. Note that these are _\bn_\bo_\bt regular expressions.
+ file. Wildcard matching is done via the glob(3) and fnmatch(3) functions
+ as specified by IEEE Std 1003.1 (``POSIX.1''). Note that these are _\bn_\bo_\bt
+ regular expressions.
* Matches any set of zero or more characters.
\x For any character `x', evaluates to `x'. This is used to
escape special characters such as: `*', `?', `[', and `]'.
- POSIX character classes may also be used if your system's glob(3) and
+ Character classes may also be used if your system's glob(3) and
fnmatch(3) functions support them. However, because the `:' character
has special meaning in _\bs_\bu_\bd_\bo_\be_\br_\bs, it must be escaped. For example:
since in a command context, it allows the user to run a\ban\bny\by command on the
system.
- An exclamation point (`!') can be used as a logical _\bn_\bo_\bt operator both in
- an _\ba_\bl_\bi_\ba_\bs and in front of a Cmnd. This allows one to exclude certain
- values. Note, however, that using a `!' in conjunction with the built-in
- A\bAL\bLL\bL alias to allow a user to run ``all but a few'' commands rarely works
- as intended (see _\bS_\bE_\bC_\bU_\bR_\bI_\bT_\bY _\bN_\bO_\bT_\bE_\bS below).
+ An exclamation point (`!') can be used as a logical _\bn_\bo_\bt operator in a
+ list or _\ba_\bl_\bi_\ba_\bs as well as in front of a Cmnd. This allows one to exclude
+ certain values. For the `!' operator to be effective, there must be
+ something for it to exclude. For example, to match all users except for
+ root one would use:
+
+ ALL,!root
+
+ If the A\bAL\bLL\bL, is omitted, as in:
+
+ !root
+
+ it would explicitly deny root but not match any other users. This is
+ different from a true ``negation'' operator.
+
+ Note, however, that using a `!' in conjunction with the built-in A\bAL\bLL\bL
+ alias to allow a user to run ``all but a few'' commands rarely works as
+ intended (see _\bS_\bE_\bC_\bU_\bR_\bI_\bT_\bY _\bN_\bO_\bT_\bE_\bS below).
Long lines can be continued with a backslash (`\') as the last character
on the line.
This flag is _\bo_\bn by default when s\bsu\bud\bdo\bo is compiled with
z\bzl\bli\bib\bb support.
+ exec_background By default, s\bsu\bud\bdo\bo runs a command as the foreground
+ process as long as s\bsu\bud\bdo\bo itself is running in the
+ foreground. When the _\be_\bx_\be_\bc_\b__\bb_\ba_\bc_\bk_\bg_\br_\bo_\bu_\bn_\bd flag is enabled
+ and the command is being run in a pty (due to I/O
+ logging or the _\bu_\bs_\be_\b__\bp_\bt_\by flag), the command will be run
+ as a background process. Attempts to read from the
+ controlling terminal (or to change terminal settings)
+ will result in the command being suspended with the
+ SIGTTIN signal (or SIGTTOU in the case of terminal
+ settings). If this happens when s\bsu\bud\bdo\bo is a foreground
+ process, the command will be granted the controlling
+ terminal and resumed in the foreground with no user
+ intervention required. The advantage of initially
+ running the command in the background is that s\bsu\bud\bdo\bo need
+ not read from the terminal unless the command
+ explicitly requests it. Otherwise, any terminal input
+ must be passed to the command, whether it has required
+ it or not (the kernel buffers terminals so it is not
+ possible to tell whether the command really wants the
+ input). This is different from historic _\bs_\bu_\bd_\bo behavior
+ or when the command is not being run in a pty.
+
+ For this to work seamlessly, the operating system must
+ support the automatic restarting of system calls.
+ Unfortunately, not all operating systems do this by
+ default, and even those that do may have bugs. For
+ example, Mac OS X fails to restart the t\btc\bcg\bge\bet\bta\bat\btt\btr\br() and
+ t\btc\bcs\bse\bet\bta\bat\btt\btr\br() system calls (this is a bug in Mac OS X).
+ Furthermore, because this behavior depends on the
+ command stopping with the SIGTTIN or SIGTTOU signals,
+ programs that catch these signals and suspend
+ themselves with a different signal (usually SIGTOP)
+ will not be automatically foregrounded. Some versions
+ of the linux su(1) command behave this way.
+
+ This setting is only supported by version 1.8.7 or
+ higher. It has no effect unless I/O logging is enabled
+ or the _\bu_\bs_\be_\b__\bp_\bt_\by flag is enabled.
+
env_editor If set, v\bvi\bis\bsu\bud\bdo\bo will use the value of the EDITOR or
VISUAL environment variables before falling back on the
default editor list. Note that this may create a
well as the _\bP_\br_\be_\bv_\be_\bn_\bt_\bi_\bn_\bg _\bs_\bh_\be_\bl_\bl _\be_\bs_\bc_\ba_\bp_\be_\bs section at the end
of this manual. This flag is _\bo_\bf_\bf by default.
+ pam_session On systems that use PAM for authentication, s\bsu\bud\bdo\bo will
+ create a new PAM session for the command to be run in.
+ Disabling _\bp_\ba_\bm_\b__\bs_\be_\bs_\bs_\bi_\bo_\bn may be needed on older PAM
+ implementations or on operating systems where opening a
+ PAM session changes the utmp or wtmp files. If PAM
+ session support is disabled, resource limits may not be
+ updated for the command being run. This flag is _\bo_\bn by
+ default.
+
+ This setting is only supported by version 1.8.7 or
+ higher.
+
+ passprompt_override
+ The password prompt specified by _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will
+ normally only be used if the password prompt provided
+ by systems such as PAM matches the string
+ ``Password:''. If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set,
+ _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always be used. This flag is _\bo_\bf_\bf by
+ default.
+
path_info Normally, s\bsu\bud\bdo\bo will tell the user when a command could
not be found in their PATH environment variable. Some
sites may wish to disable this as it could be used to
not allowed to run it, which can be confusing. This
flag is _\bo_\bn by default.
- passprompt_override
- The password prompt specified by _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will
- normally only be used if the password prompt provided
- by systems such as PAM matches the string
- ``Password:''. If _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt_\b__\bo_\bv_\be_\br_\br_\bi_\bd_\be is set,
- _\bp_\ba_\bs_\bs_\bp_\br_\bo_\bm_\bp_\bt will always be used. This flag is _\bo_\bf_\bf by
- default.
-
preserve_groups By default, s\bsu\bud\bdo\bo will initialize the group vector to
the list of groups the target user is in. When
_\bp_\br_\be_\bs_\be_\br_\bv_\be_\b__\bg_\br_\bo_\bu_\bp_\bs is set, the user's existing group
unique combination of digits and letters, similar to
the mktemp(3) function.
+ If the path created by concatenating _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br and
+ _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be already exists, the existing I/O log file
+ will be truncated and overwritten unless _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be
+ ends in six or more Xs.
+
limitprivs The default Solaris limit privileges to use when
constructing a new privilege set for a command. This
bounds all privileges of the executing process. The
escape %h will expand to the host name of the machine.
Default is ``*** SECURITY information for %h ***''.
- noexec_file This option is no longer supported. The path to the
- noexec file should now be set in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf
- file.
+ maxseq The maximum sequence number that will be substituted
+ for the ``%{seq}'' escape in the I/O log file (see the
+ _\bi_\bo_\bl_\bo_\bg_\b__\bd_\bi_\br description above for more information).
+ While the value substituted for ``%{seq}'' is in base
+ 36, _\bm_\ba_\bx_\bs_\be_\bq itself should be expressed in decimal.
+ Values larger than 2176782336 (which corresponds to the
+ base 36 sequence number ``ZZZZZZ'') will be silently
+ truncated to 2176782336. The default value is
+ 2176782336.
+
+ Once the local sequence number reaches the value of
+ _\bm_\ba_\bx_\bs_\be_\bq, it will ``roll over'' to zero, after which
+ s\bsu\bud\bdo\boe\ber\brs\bs will truncate and re-use any existing I/O log
+ pathnames.
+
+ This setting is only supported by version 1.8.7 or
+ higher.
+
+ noexec_file As of s\bsu\bud\bdo\bo version 1.8.1 this option is no longer
+ supported. The path to the noexec file should now be
+ set in the sudo.conf(4) file.
passprompt The default prompt to use when asking for a password;
can be overridden via the -\b-p\bp option or the SUDO_PROMPT
a % prefix. This is not set by default.
group_plugin A string containing a _\bs_\bu_\bd_\bo_\be_\br_\bs group plugin with optional
- arguments. This can be used to implement support for the
- nonunix_group syntax described earlier. The string should
- consist of the plugin path, either fully-qualified or
- relative to the _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc directory, followed by
- any configuration arguments the plugin requires. These
+ arguments. The string should consist of the plugin path,
+ either fully-qualified or relative to the
+ _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo directory, followed by any
+ configuration arguments the plugin requires. These
arguments (if any) will be passed to the plugin's
initialization function. If arguments are present, the
string must be enclosed in double quotes ("").
- For example, given _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b-_\bg_\br_\bo_\bu_\bp, a group file in Unix
- group format, the sample group plugin can be used:
-
- Defaults group_plugin="sample_group.so /etc/sudo-group"
-
- For more information see sudo_plugin(4).
+ For more information see GROUP PROVIDER PLUGINS.
lecture This option controls when a short lecture will be printed
along with the password prompt. It has the following
variables to keep is displayed when s\bsu\bud\bdo\bo is run by root
with the -\b-V\bV option.
+G\bGR\bRO\bOU\bUP\bP P\bPR\bRO\bOV\bVI\bID\bDE\bER\bR P\bPL\bLU\bUG\bGI\bIN\bNS\bS
+ The s\bsu\bud\bdo\boe\ber\brs\bs plugin supports its own plugin interface to allow non-Unix
+ group lookups which can query a group source other than the standard Unix
+ group database. This can be used to implement support for the
+ nonunix_group syntax described earlier.
+
+ Group provider plugins are specified via the _\bg_\br_\bo_\bu_\bp_\b__\bp_\bl_\bu_\bg_\bi_\bn Defaults
+ setting. The argument to _\bg_\br_\bo_\bu_\bp_\b__\bp_\bl_\bu_\bg_\bi_\bn should consist of the plugin path,
+ either fully-qualified or relative to the _\b/_\bu_\bs_\br_\b/_\bl_\bo_\bc_\ba_\bl_\b/_\bl_\bi_\bb_\be_\bx_\be_\bc_\b/_\bs_\bu_\bd_\bo
+ directory, followed by any configuration options the plugin requires.
+ These options (if specified) will be passed to the plugin's
+ initialization function. If options are present, the string must be
+ enclosed in double quotes ("").
+
+ The following group provider plugins are installed by default:
+
+ group_file
+ The _\bg_\br_\bo_\bu_\bp_\b__\bf_\bi_\bl_\be plugin supports an alternate group file that
+ uses the same syntax as the _\b/_\be_\bt_\bc_\b/_\bg_\br_\bo_\bu_\bp file. The path to the
+ group file should be specified as an option to the plugin. For
+ example, if the group file to be used is _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b-_\bg_\br_\bo_\bu_\bp:
+
+ Defaults group_plugin="group_file.so /etc/sudo-group"
+
+ system_group
+ The _\bs_\by_\bs_\bt_\be_\bm_\b__\bg_\br_\bo_\bu_\bp plugin supports group lookups via the standard
+ C library functions g\bge\bet\btg\bgr\brn\bna\bam\bm() and g\bge\bet\btg\bgr\bri\bid\bd(). This plugin can
+ be used in instances where the user belongs to groups not
+ present in the user's supplemental group vector. This plugin
+ takes no options:
+
+ Defaults group_plugin=system_group.so
+
+ The group provider plugin API is described in detail in sudo_plugin(1m).
+
L\bLO\bOG\bG F\bFO\bOR\bRM\bMA\bAT\bT
s\bsu\bud\bdo\boe\ber\brs\bs can log events using either syslog(3) or a simple log file. In
each case the log format is almost identical.
when the _\bs_\bu_\bd_\bo_\be_\br_\bs file is located on a remote file system that maps
user ID 0 to a different value. Normally, s\bsu\bud\bdo\boe\ber\brs\bs tries to open
_\bs_\bu_\bd_\bo_\be_\br_\bs using group permissions to avoid this problem. Consider
- changing the ownership of _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs by adding an option like
- ``sudoers_uid=N'' (where `N' is the user ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs
- file) to the s\bsu\bud\bdo\boe\ber\brs\bs plugin line in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
+ either changing the ownership of _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs or adding an argument
+ like ``sudoers_uid=N'' (where `N' is the user ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs
+ file) to the end of the s\bsu\bud\bdo\boe\ber\brs\bs Plugin line in the sudo.conf(4) file.
unable to stat /etc/sudoers
The _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs file is missing.
/etc/sudoers is owned by uid N, should be 0
The _\bs_\bu_\bd_\bo_\be_\br_\bs file has the wrong owner. If you wish to change the
_\bs_\bu_\bd_\bo_\be_\br_\bs file owner, please add ``sudoers_uid=N'' (where `N' is the
- user ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs file) to the s\bsu\bud\bdo\boe\ber\brs\bs plugin line in the
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
+ user ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs file) to the s\bsu\bud\bdo\boe\ber\brs\bs Plugin line in the
+ sudo.conf(4) file.
/etc/sudoers is world writable
The permissions on the _\bs_\bu_\bd_\bo_\be_\br_\bs file allow all users to write to it.
The _\bs_\bu_\bd_\bo_\be_\br_\bs file must not be world-writable, the default file mode is
0440 (readable by owner and group, writable by none). The default
mode may be changed via the ``sudoers_mode'' option to the s\bsu\bud\bdo\boe\ber\brs\bs
- plugin line in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
+ Plugin line in the sudo.conf(4) file.
/etc/sudoers is owned by gid N, should be 1
The _\bs_\bu_\bd_\bo_\be_\br_\bs file has the wrong group ownership. If you wish to change
the _\bs_\bu_\bd_\bo_\be_\br_\bs file group ownership, please add ``sudoers_gid=N'' (where
- `N' is the group ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs file) to the s\bsu\bud\bdo\boe\ber\brs\bs plugin
- line in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
+ `N' is the group ID that owns the _\bs_\bu_\bd_\bo_\be_\br_\bs file) to the s\bsu\bud\bdo\boe\ber\brs\bs Plugin
+ line in the sudo.conf(4) file.
unable to open /var/adm/sudo/username/ttyname
_\bs_\bu_\bd_\bo_\be_\br_\bs was unable to read or create the user's time stamp file.
_\bl_\bo_\bg_\bl_\bi_\bn_\be_\bl_\be_\bn option is set to 0 (or negated with a `!'), word wrap
will be disabled.
-S\bSU\bUD\bDO\bO.\b.C\bCO\bON\bNF\bF
- The _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file determines which plugins the s\bsu\bud\bdo\bo front end will
- load. If no _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file is present, or it contains no Plugin
- lines, s\bsu\bud\bdo\bo will use the _\bs_\bu_\bd_\bo_\be_\br_\bs security policy and I/O logging, which
- corresponds to the following _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file.
-
- #
- # Default /etc/sudo.conf file
- #
- # Format:
- # Plugin plugin_name plugin_path plugin_options ...
- # Path askpass /path/to/askpass
- # Path noexec /path/to/sudo_noexec.so
- # Debug sudo /var/log/sudo_debug all@warn
- # Set disable_coredump true
- #
- # The plugin_path is relative to /usr/local/libexec unless
- # fully qualified.
- # The plugin_name corresponds to a global symbol in the plugin
- # that contains the plugin interface structure.
- # The plugin_options are optional.
- #
- Plugin policy_plugin sudoers.so
- Plugin io_plugin sudoers.so
-
- P\bPl\blu\bug\bgi\bin\bn o\bop\bpt\bti\bio\bon\bns\bs
- Starting with s\bsu\bud\bdo\bo 1.8.5, it is possible to pass options to the _\bs_\bu_\bd_\bo_\be_\br_\bs
- plugin. Options may be listed after the path to the plugin (i.e. after
- _\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bs_\bo); multiple options should be space-separated. For example:
-
- Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440
-
- The following plugin options are supported:
-
- sudoers_file=pathname
- The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bf_\bi_\bl_\be option can be used to override the default
- path to the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
-
- sudoers_uid=uid
- The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bu_\bi_\bd option can be used to override the default
- owner of the sudoers file. It should be specified as a numeric
- user ID.
-
- sudoers_gid=gid
- The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bg_\bi_\bd option can be used to override the default
- group of the sudoers file. It should be specified as a numeric
- group ID.
-
- sudoers_mode=mode
- The _\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bm_\bo_\bd_\be option can be used to override the default
- file mode for the sudoers file. It should be specified as an
- octal value.
-
- D\bDe\beb\bbu\bug\bg f\bfl\bla\bag\bgs\bs
- Versions 1.8.4 and higher of the _\bs_\bu_\bd_\bo_\be_\br_\bs plugin supports a debugging
- framework that can help track down what the plugin is doing internally if
- there is a problem. This can be configured in the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf file as
- described in sudo(1m).
-
- The _\bs_\bu_\bd_\bo_\be_\br_\bs plugin uses the same debug flag format as the s\bsu\bud\bdo\bo front-end:
- _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by.
-
- The priorities used by _\bs_\bu_\bd_\bo_\be_\br_\bs, in order of decreasing severity, are:
- _\bc_\br_\bi_\bt, _\be_\br_\br, _\bw_\ba_\br_\bn, _\bn_\bo_\bt_\bi_\bc_\be, _\bd_\bi_\ba_\bg, _\bi_\bn_\bf_\bo, _\bt_\br_\ba_\bc_\be and _\bd_\be_\bb_\bu_\bg. Each priority,
- when specified, also includes all priorities higher than it. For
- example, a priority of _\bn_\bo_\bt_\bi_\bc_\be would include debug messages logged at
- _\bn_\bo_\bt_\bi_\bc_\be and higher.
-
- The following subsystems are used by _\bs_\bu_\bd_\bo_\be_\br_\bs:
-
- _\ba_\bl_\bi_\ba_\bs User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing
-
- _\ba_\bl_\bl matches every subsystem
-
- _\ba_\bu_\bd_\bi_\bt BSM and Linux audit code
-
- _\ba_\bu_\bt_\bh user authentication
-
- _\bd_\be_\bf_\ba_\bu_\bl_\bt_\bs _\bs_\bu_\bd_\bo_\be_\br_\bs _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs settings
-
- _\be_\bn_\bv environment handling
-
- _\bl_\bd_\ba_\bp LDAP-based sudoers
-
- _\bl_\bo_\bg_\bg_\bi_\bn_\bg logging support
-
- _\bm_\ba_\bt_\bc_\bh matching of users, groups, hosts and netgroups in _\bs_\bu_\bd_\bo_\be_\br_\bs
-
- _\bn_\be_\bt_\bi_\bf network interface handling
-
- _\bn_\bs_\bs network service switch handling in _\bs_\bu_\bd_\bo_\be_\br_\bs
-
- _\bp_\ba_\br_\bs_\be_\br _\bs_\bu_\bd_\bo_\be_\br_\bs file parsing
-
- _\bp_\be_\br_\bm_\bs permission setting
-
- _\bp_\bl_\bu_\bg_\bi_\bn The equivalent of _\bm_\ba_\bi_\bn for the plugin.
-
- _\bp_\bt_\by pseudo-tty related code
-
- _\br_\bb_\bt_\br_\be_\be redblack tree internals
-
- _\bu_\bt_\bi_\bl utility functions
-
F\bFI\bIL\bLE\bES\bS
_\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\b._\bc_\bo_\bn_\bf Sudo front end configuration
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
- /usr/sbin/restore, /usr/sbin/rrestore
+ /usr/sbin/restore, /usr/sbin/rrestore,\
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
The o\bop\bpe\ber\bra\bat\bto\bor\br user may run commands limited to simple maintenance. Here,
those are commands related to backups, killing processes, the printing
system, shutting down the system, and any commands in the directory
- _\b/_\bu_\bs_\br_\b/_\bo_\bp_\be_\br_\b/_\bb_\bi_\bn_\b/.
+ _\b/_\bu_\bs_\br_\b/_\bo_\bp_\be_\br_\b/_\bb_\bi_\bn_\b/. Note that one command in the DUMPS Cmnd_Alias includes a
+ sha224 digest, _\b/_\bh_\bo_\bm_\be_\b/_\bo_\bp_\be_\br_\ba_\bt_\bo_\br_\b/_\bb_\bi_\bn_\b/_\bs_\bt_\ba_\br_\bt_\b__\bb_\ba_\bc_\bk_\bu_\bp_\bs. This is because the
+ directory containing the script is writable by the operator user. If the
+ script is modified (resulting in a digest mismatch) it will no longer be
+ possible to run it via s\bsu\bud\bdo\bo.
joe ALL = /usr/bin/su operator
stamp file is stale and will ignore it. Administrators should not rely
on this feature as it is not universally available.
+D\bDE\bEB\bBU\bUG\bGG\bGI\bIN\bNG\bG
+ Versions 1.8.4 and higher of the s\bsu\bud\bdo\boe\ber\brs\bs plugin support a flexible
+ debugging framework that can help track down what the plugin is doing
+ internally if there is a problem. This can be configured in the
+ sudo.conf(4) file.
+
+ The s\bsu\bud\bdo\boe\ber\brs\bs plugin uses the same debug flag format as the s\bsu\bud\bdo\bo front-end:
+ _\bs_\bu_\bb_\bs_\by_\bs_\bt_\be_\bm@_\bp_\br_\bi_\bo_\br_\bi_\bt_\by.
+
+ The priorities used by s\bsu\bud\bdo\boe\ber\brs\bs, in order of decreasing severity, are:
+ _\bc_\br_\bi_\bt, _\be_\br_\br, _\bw_\ba_\br_\bn, _\bn_\bo_\bt_\bi_\bc_\be, _\bd_\bi_\ba_\bg, _\bi_\bn_\bf_\bo, _\bt_\br_\ba_\bc_\be and _\bd_\be_\bb_\bu_\bg. Each priority,
+ when specified, also includes all priorities higher than it. For
+ example, a priority of _\bn_\bo_\bt_\bi_\bc_\be would include debug messages logged at
+ _\bn_\bo_\bt_\bi_\bc_\be and higher.
+
+ The following subsystems are used by the s\bsu\bud\bdo\boe\ber\brs\bs plugin:
+
+ _\ba_\bl_\bi_\ba_\bs User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias processing
+
+ _\ba_\bl_\bl matches every subsystem
+
+ _\ba_\bu_\bd_\bi_\bt BSM and Linux audit code
+
+ _\ba_\bu_\bt_\bh user authentication
+
+ _\bd_\be_\bf_\ba_\bu_\bl_\bt_\bs _\bs_\bu_\bd_\bo_\be_\br_\bs _\bD_\be_\bf_\ba_\bu_\bl_\bt_\bs settings
+
+ _\be_\bn_\bv environment handling
+
+ _\bl_\bd_\ba_\bp LDAP-based sudoers
+
+ _\bl_\bo_\bg_\bg_\bi_\bn_\bg logging support
+
+ _\bm_\ba_\bt_\bc_\bh matching of users, groups, hosts and netgroups in _\bs_\bu_\bd_\bo_\be_\br_\bs
+
+ _\bn_\be_\bt_\bi_\bf network interface handling
+
+ _\bn_\bs_\bs network service switch handling in _\bs_\bu_\bd_\bo_\be_\br_\bs
+
+ _\bp_\ba_\br_\bs_\be_\br _\bs_\bu_\bd_\bo_\be_\br_\bs file parsing
+
+ _\bp_\be_\br_\bm_\bs permission setting
+
+ _\bp_\bl_\bu_\bg_\bi_\bn The equivalent of _\bm_\ba_\bi_\bn for the plugin.
+
+ _\bp_\bt_\by pseudo-tty related code
+
+ _\br_\bb_\bt_\br_\be_\be redblack tree internals
+
+ _\bu_\bt_\bi_\bl utility functions
+ For example:
+
+ Debug sudo /var/log/sudo_debug match@info,nss@info
+
+ For more information, see the sudo.conf(4) manual.
+
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- ssh(1), su(1), fnmatch(3), glob(3), mktemp(3), strftime(3),
+ ssh(1), su(1), fnmatch(3), glob(3), mktemp(3), strftime(3), sudo.conf(4),
sudoers.ldap(4), sudo_plugin(1m), sudo(1m), visudo(1m)
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 16, 2012 Sudo 1.8.6
+Sudo 1.8.7 April 30, 2013 Sudo 1.8.7
LDAP, s\bsu\bud\bdo\bo-specific Aliases are not supported.
For the most part, there is really no need for s\bsu\bud\bdo\bo-specific Aliases.
- Unix groups or user netgroups can be used in place of User_Aliases and
- Runas_Aliases. Host netgroups can be used in place of Host_Aliases.
- Since Unix groups and netgroups can also be stored in LDAP there is no
- real need for s\bsu\bud\bdo\bo-specific aliases.
+ Unix groups, non-Unix groups (via the _\bg_\br_\bo_\bu_\bp_\b__\bp_\bl_\bu_\bg_\bi_\bn) or user netgroups can
+ be used in place of User_Aliases and Runas_Aliases. Host netgroups can
+ be used in place of Host_Aliases. Since groups and netgroups can also be
+ stored in LDAP there is no real need for s\bsu\bud\bdo\bo-specific aliases.
Cmnd_Aliases are not really required either since it is possible to have
multiple users listed in a sudoRole. Instead of defining a Cmnd_Alias
following attributes:
s\bsu\bud\bdo\boU\bUs\bse\ber\br
- A user name, user ID (prefixed with `#'), Unix group (prefixed with
- `%'), Unix group ID (prefixed with `%#'), or user netgroup
- (prefixed with `+').
+ A user name, user ID (prefixed with `#'), Unix group name or ID
+ (prefixed with `%' or `%#' respectively), user netgroup (prefixed
+ with `+'), or non-Unix group name or ID (prefixed with `%:' or
+ `%:#' respectively). Non-Unix group support is only available when
+ an appropriate _\bg_\br_\bo_\bu_\bp_\b__\bp_\bl_\bu_\bg_\bi_\bn is defined in the global _\bd_\be_\bf_\ba_\bu_\bl_\bt_\bs
+ sudoRole object.
s\bsu\bud\bdo\boH\bHo\bos\bst\bt
A host name, IP address, IP network, or host netgroup (prefixed
with a `+'). The special value ALL will match any host.
s\bsu\bud\bdo\boC\bCo\bom\bmm\bma\ban\bnd\bd
- A Unix command with optional command line arguments, potentially
- including globbing characters (aka wild cards). The special value
- ALL will match any command. If a command is prefixed with an
- exclamation point `!', the user will be prohibited from running
- that command.
+ A fully-qualified Unix command name with optional command line
+ arguments, potentially including globbing characters (aka wild
+ cards). If a command name is preceded by an exclamation point,
+ `!', the user will be prohibited from running that command.
+
+ The built-in command ``sudoedit'' is used to permit a user to run
+ s\bsu\bud\bdo\bo with the -\b-e\be option (or as s\bsu\bud\bdo\boe\bed\bdi\bit\bt). It may take command line
+ arguments just as a normal command does. Note that ``sudoedit'' is
+ a command built into s\bsu\bud\bdo\bo itself and must be specified in without a
+ leading path.
+
+ The special value ALL will match any command.
+
+ If a command name is prefixed with a SHA-2 digest, it will only be
+ allowed if the digest matches. This may be useful in situations
+ where the user invoking s\bsu\bud\bdo\bo has write access to the command or its
+ parent directory. The following digest formats are supported:
+ sha224, sha256, sha384 and sha512. The digest name must be
+ followed by a colon (`:') and then the actual digest, in either hex
+ or base64 format. For example, given the following value for
+ sudoCommand:
+
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls
+
+ The user may only run _\b/_\bb_\bi_\bn_\b/_\bl_\bs if its sha224 digest matches the
+ specified value. Command digests are only supported by version
+ 1.8.7 or higher.
s\bsu\bud\bdo\boO\bOp\bpt\bti\bio\bon\bn
Identical in function to the global options described above, but
inherent order. The sudoOrder attribute is an integer (or floating
point value for LDAP servers that support it) that is used to sort
the matching entries. This allows LDAP-based sudoers entries to
- more closely mimic the behaviour of the sudoers file, where the of
+ more closely mimic the behavior of the sudoers file, where the of
the entries influences the result. If multiple entries match, the
entry with the highest sudoOrder attribute is chosen. This
corresponds to the ``last match'' behavior of the sudoers file. If
user belongs to any of them.
If timed entries are enabled with the S\bSU\bUD\bDO\bOE\bER\bRS\bS_\b_T\bTI\bIM\bME\bED\bD configuration
- directive, the LDAP queries include a subfilter that limits retrieval to
+ directive, the LDAP queries include a sub-filter that limits retrieval to
entries that satisfy the time constraints, if any.
D\bDi\bif\bff\bfe\ber\bre\ben\bnc\bce\bes\bs b\bbe\bet\btw\bwe\bee\ben\bn L\bLD\bDA\bAP\bP a\ban\bnd\bd n\bno\bon\bn-\b-L\bLD\bDA\bAP\bP s\bsu\bud\bdo\boe\ber\brs\bs
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg l\bld\bda\bap\bp.\b.c\bco\bon\bnf\bf
Sudo reads the _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf file for LDAP-specific configuration.
- Typically, this file is shared amongst different LDAP-aware clients. As
+ Typically, this file is shared between different LDAP-aware clients. As
such, most of the settings are not s\bsu\bud\bdo\bo-specific. Note that s\bsu\bud\bdo\bo parses
_\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf itself and may support options that differ from those
- described in the system's ldap.conf(1m) manual.
+ described in the system's ldap.conf(1m) manual. The path to _\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf may
+ be overridden via the _\bl_\bd_\ba_\bp_\b__\bc_\bo_\bn_\bf plugin argument in sudo.conf(4).
Also note that on systems using the OpenLDAP libraries, default values
specified in _\b/_\be_\bt_\bc_\b/_\bo_\bp_\be_\bn_\bl_\bd_\ba_\bp_\b/_\bl_\bd_\ba_\bp_\b._\bc_\bo_\bn_\bf or the user's _\b._\bl_\bd_\ba_\bp_\br_\bc files are not
by s\bsu\bud\bdo\bo are honored. Configuration options are listed below in upper
case but are parsed in a case-independent manner.
+ Long lines can be continued with a backslash (`\') as the last character
+ on the line. Note that leading white space is removed from the beginning
+ of lines even when the continuation character is used.
+
U\bUR\bRI\bI _\bl_\bd_\ba_\bp_\b[_\bs_\b]_\b:_\b/_\b/_\b[_\bh_\bo_\bs_\bt_\bn_\ba_\bm_\be_\b[_\b:_\bp_\bo_\br_\bt_\b]_\b] _\b._\b._\b.
- Specifies a whitespace-delimited list of one or more URIs
+ Specifies a white space-delimited list of one or more URIs
describing the LDAP server(s) to connect to. The _\bp_\br_\bo_\bt_\bo_\bc_\bo_\bl may be
either _\bl_\bd_\ba_\bp _\bl_\bd_\ba_\bp_\bs, the latter being for servers that support TLS
(SSL) encryption. If no _\bp_\bo_\br_\bt is specified, the default is port 389
of supporting one or the other.
H\bHO\bOS\bST\bT _\bn_\ba_\bm_\be_\b[_\b:_\bp_\bo_\br_\bt_\b] _\b._\b._\b.
- If no U\bUR\bRI\bI is specified, the H\bHO\bOS\bST\bT parameter specifies a whitespace-
+ If no U\bUR\bRI\bI is specified, the H\bHO\bOS\bST\bT parameter specifies a white space-
delimited list of LDAP servers to connect to. Each host may
include an optional _\bp_\bo_\br_\bt separated by a colon (`:'). The H\bHO\bOS\bST\bT
parameter is deprecated in favor of the U\bUR\bRI\bI specification and is
be set in a production environment as the extra information is
likely to confuse users.
+ The S\bSU\bUD\bDO\bOE\bER\bRS\bS_\b_D\bDE\bEB\bBU\bUG\bG parameter is deprecated and will be removed in a
+ future release. The same information is now logged via the s\bsu\bud\bdo\bo
+ debugging framework using the ``ldap'' subsystem at priorities _\bd_\bi_\ba_\bg
+ and _\bi_\bn_\bf_\bo for _\bd_\be_\bb_\bu_\bg_\b__\bl_\be_\bv_\be_\bl values 1 and 2 respectively. See the
+ sudo.conf(4) manual for details on how to configure s\bsu\bud\bdo\bo debugging.
+
B\bBI\bIN\bND\bDD\bDN\bN _\bD_\bN
The B\bBI\bIN\bND\bDD\bDN\bN parameter specifies the identity, in the form of a
Distinguished Name (DN), to use when performing LDAP operations.
The R\bRO\bOO\bOT\bTB\bBI\bIN\bND\bDD\bDN\bN parameter specifies the identity, in the form of a
Distinguished Name (DN), to use when performing privileged LDAP
operations, such as _\bs_\bu_\bd_\bo_\be_\br_\bs queries. The password corresponding to
- the identity should be stored in _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bs_\be_\bc_\br_\be_\bt. If not
- specified, the B\bBI\bIN\bND\bDD\bDN\bN identity is used (if any).
+ the identity should be stored in the or the path specified by the
+ _\bl_\bd_\ba_\bp_\b__\bs_\be_\bc_\br_\be_\bt plugin argument in sudo.conf(4), which defaults to
+ _\b/_\be_\bt_\bc_\b/_\bl_\bd_\ba_\bp_\b._\bs_\be_\bc_\br_\be_\bt. If no R\bRO\bOO\bOT\bTB\bBI\bIN\bND\bDD\bDN\bN is specified, the B\bBI\bIN\bND\bDD\bDN\bN
+ identity is used (if any).
L\bLD\bDA\bAP\bP_\b_V\bVE\bER\bRS\bSI\bIO\bON\bN _\bn_\bu_\bm_\bb_\be_\br
The version of the LDAP protocol to use when connecting to the
sudoers = ldap
- To treat LDAP as authoratative and only use the local sudoers file if the
+ To treat LDAP as authoritative and only use the local sudoers file if the
user is not present in LDAP, use:
sudoers = ldap = auth, files
- Note that in the above example, the auth qualfier only affects user
+ Note that in the above example, the auth qualifier only affects user
lookups; both LDAP and _\bs_\bu_\bd_\bo_\be_\br_\bs will be queried for Defaults entries.
If the _\b/_\be_\bt_\bc_\b/_\bn_\be_\bt_\bs_\bv_\bc_\b._\bc_\bo_\bn_\bf file is not present or there is no sudoers line,
)
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- ldap.conf(1m), sudoers(1m)
+ ldap.conf(4), sudo.conf(4), sudoers(1m)
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
Note that there are differences in the way that LDAP-based _\bs_\bu_\bd_\bo_\be_\br_\bs is
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 12, 2012 Sudo 1.8.6
+Sudo 1.8.7 April 25, 2013 Sudo 1.8.7
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudoers.ldap.mdoc.in
.\"
-.\" Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDOERS.LDAP" "8" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual"
+.TH "SUDOERS.LDAP" "8" "April 25, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
For the most part, there is really no need for
\fBsudo\fR-specific
Aliases.
-Unix groups or user netgroups can be used in place of User_Aliases and
-Runas_Aliases.
+Unix groups, non-Unix groups (via the
+\fIgroup_plugin\fR)
+or user netgroups can be used in place of User_Aliases and Runas_Aliases.
Host netgroups can be used in place of Host_Aliases.
-Since Unix groups and netgroups can also be stored in LDAP there is no
-real need for
+Since groups and netgroups can also be stored in LDAP there is no real need for
\fBsudo\fR-specific
aliases.
.PP
\fBsudoUser\fR
A user name, user ID (prefixed with
`#'),
-Unix group (prefixed with
-`%'),
-Unix group ID (prefixed with
-`%#'),
-or user netgroup (prefixed with
-`+').
+Unix group name or ID (prefixed with
+`%'
+or
+`%#'
+respectively), user netgroup (prefixed with
+`+'),
+or non-Unix group name or ID (prefixed with
+`%:'
+or
+`%:#'
+respectively).
+Non-Unix group support is only available when an appropriate
+\fIgroup_plugin\fR
+is defined in the global
+\fIdefaults\fR
+\fRsudoRole\fR
+object.
.TP 6n
\fBsudoHost\fR
A host name, IP address, IP network, or host netgroup (prefixed with a
will match any host.
.TP 6n
\fBsudoCommand\fR
-A Unix command with optional command line arguments, potentially
-including globbing characters (aka wild cards).
+A fully-qualified Unix command name with optional command line arguments,
+potentially including globbing characters (aka wild cards).
+If a command name is preceded by an exclamation point,
+`\&!',
+the user will be prohibited from running that command.
+.sp
+The built-in command
+``\fRsudoedit\fR''
+is used to permit a user to run
+\fBsudo\fR
+with the
+\fB\-e\fR
+option (or as
+\fBsudoedit\fR).
+It may take command line arguments just as a normal command does.
+Note that
+``\fRsudoedit\fR''
+is a command built into
+\fBsudo\fR
+itself and must be specified in without a leading path.
+.sp
The special value
\fRALL\fR
will match any command.
-If a command is prefixed with an exclamation point
-`\&!',
-the user will be prohibited from running that command.
+.sp
+If a command name is prefixed with a SHA-2 digest, it will
+only be allowed if the digest matches.
+This may be useful in situations where the user invoking
+\fBsudo\fR
+has write access to the command or its parent directory.
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
+The digest name must be followed by a colon
+(`:\&')
+and then the actual digest, in either hex or base64 format.
+For example, given the following value for sudoCommand:
+.RS
+.nf
+.sp
+.RS 4n
+sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls
+.RE
+.fi
+.sp
+The user may only run
+\fI/bin/ls\fR
+if its sha224 digest matches the specified value.
+Command digests are only supported by version 1.8.7 or higher.
+.PP
+.RE
+.PD 0
.TP 6n
\fBsudoOption\fR
Identical in function to the global options described above, but
specific to the
\fRsudoRole\fR
in which it resides.
+.PD
.TP 6n
\fBsudoRunAsUser\fR
A user name or uid (prefixed with
\fRsudoOrder\fR
attribute is an integer (or floating point value for LDAP servers
that support it) that is used to sort the matching entries.
-This allows LDAP-based sudoers entries to more closely mimic the behaviour
+This allows LDAP-based sudoers entries to more closely mimic the behavior
of the sudoers file, where the of the entries influences the result.
If multiple entries match, the entry with the highest
\fRsudoOrder\fR
.PP
If timed entries are enabled with the
\fBSUDOERS_TIMED\fR
-configuration directive, the LDAP queries include a subfilter that
+configuration directive, the LDAP queries include a sub-filter that
limits retrieval to entries that satisfy the time constraints, if any.
.SS "Differences between LDAP and non-LDAP sudoers"
There are some subtle differences in the way sudoers is handled
Sudo reads the
\fI@ldap_conf@\fR
file for LDAP-specific configuration.
-Typically, this file is shared amongst different LDAP-aware clients.
+Typically, this file is shared between different LDAP-aware clients.
As such, most of the settings are not
\fBsudo\fR-specific.
Note that
system's
ldap.conf(@mansectsu@)
manual.
+The path to
+\fIldap.conf\fR
+may be overridden via the
+\fIldap_conf\fR
+plugin argument in
+sudo.conf(@mansectform@).
.PP
Also note that on systems using the OpenLDAP libraries, default
values specified in
are honored.
Configuration options are listed below in upper case but are parsed
in a case-independent manner.
+.PP
+Long lines can be continued with a backslash
+(`\e')
+as the last character on the line.
+Note that leading white space is removed from the beginning of lines
+even when the continuation character is used.
.TP 6n
\fBURI\fR \fIldap[s]://[hostname[:port]] ...\fR
-Specifies a whitespace-delimited list of one or more URIs describing
+Specifies a white space-delimited list of one or more URIs describing
the LDAP server(s) to connect to.
The
\fIprotocol\fR
\fBURI\fR
is specified, the
\fBHOST\fR
-parameter specifies a whitespace-delimited list of LDAP servers to connect to.
+parameter specifies a white space-delimited list of LDAP servers to connect to.
Each host may include an optional
\fIport\fR
separated by a colon
A value of 2 shows the results of the matches themselves.
This parameter should not be set in a production environment as the
extra information is likely to confuse users.
+.sp
+The
+\fBSUDOERS_DEBUG\fR
+parameter is deprecated and will be removed in a future release.
+The same information is now logged via the
+\fBsudo\fR
+debugging framework using the
+``ldap''
+subsystem at priorities
+\fIdiag\fR
+and
+\fIinfo\fR
+for
+\fIdebug_level\fR
+values 1 and 2 respectively.
+See the
+sudo.conf(@mansectform@)
+manual for details on how to configure
+\fBsudo\fR
+debugging.
.TP 6n
\fBBINDDN\fR \fIDN\fR
The
to use when performing privileged LDAP operations, such as
\fIsudoers\fR
queries.
-The password corresponding
-to the identity should be stored in
+The password corresponding to the identity should be stored in the
+or the path specified by the
+\fIldap_secret\fR
+plugin argument in
+sudo.conf(@mansectform@),
+which defaults to
\fI@ldap_secret@\fR.
-If not specified, the
+If no
+\fBROOTBINDDN\fR
+is specified, the
\fBBINDDN\fR
identity is used (if any).
.TP 6n
.RE
.fi
.PP
-To treat LDAP as authoratative and only use the local sudoers file
+To treat LDAP as authoritative and only use the local sudoers file
if the user is not present in LDAP, use:
.nf
.sp
.PP
Note that in the above example, the
\fRauth\fR
-qualfier only affects user lookups; both LDAP and
+qualifier only affects user lookups; both LDAP and
\fIsudoers\fR
will be queried for
\fRDefaults\fR
.RE
.fi
.SH "SEE ALSO"
-ldap.conf(@mansectsu@),
+ldap.conf(@mansectform@),
+sudo.conf(@mansectform@),
sudoers(@mansectsu@)
.SH "CAVEATS"
Note that there are differences in the way that LDAP-based
.\"
-.\" Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 12, 2012
+.Dd April 25, 2013
.Dt SUDOERS.LDAP @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
For the most part, there is really no need for
.Nm sudo Ns No -specific
Aliases.
-Unix groups or user netgroups can be used in place of User_Aliases and
-Runas_Aliases.
+Unix groups, non-Unix groups (via the
+.Em group_plugin )
+or user netgroups can be used in place of User_Aliases and Runas_Aliases.
Host netgroups can be used in place of Host_Aliases.
-Since Unix groups and netgroups can also be stored in LDAP there is no
-real need for
+Since groups and netgroups can also be stored in LDAP there is no real need for
.Nm sudo Ns No -specific
aliases.
.Pp
.It Sy sudoUser
A user name, user ID (prefixed with
.Ql # ) ,
-Unix group (prefixed with
-.Ql % ) ,
-Unix group ID (prefixed with
-.Ql %# ) ,
-or user netgroup (prefixed with
-.Ql + ) .
+Unix group name or ID (prefixed with
+.Ql %
+or
+.Ql %#
+respectively), user netgroup (prefixed with
+.Ql + ) ,
+or non-Unix group name or ID (prefixed with
+.Ql %:
+or
+.Ql %:#
+respectively).
+Non-Unix group support is only available when an appropriate
+.Em group_plugin
+is defined in the global
+.Em defaults
+.Li sudoRole
+object.
.It Sy sudoHost
A host name, IP address, IP network, or host netgroup (prefixed with a
.Ql + ) .
.Li ALL
will match any host.
.It Sy sudoCommand
-A Unix command with optional command line arguments, potentially
-including globbing characters (aka wild cards).
+A fully-qualified Unix command name with optional command line arguments,
+potentially including globbing characters (aka wild cards).
+If a command name is preceded by an exclamation point,
+.Ql \&! ,
+the user will be prohibited from running that command.
+.Pp
+The built-in command
+.Dq Li sudoedit
+is used to permit a user to run
+.Nm sudo
+with the
+.Fl e
+option (or as
+.Nm sudoedit ) .
+It may take command line arguments just as a normal command does.
+Note that
+.Dq Li sudoedit
+is a command built into
+.Nm sudo
+itself and must be specified in without a leading path.
+.Pp
The special value
.Li ALL
will match any command.
-If a command is prefixed with an exclamation point
-.Ql \&! ,
-the user will be prohibited from running that command.
+.Pp
+If a command name is prefixed with a SHA-2 digest, it will
+only be allowed if the digest matches.
+This may be useful in situations where the user invoking
+.Nm sudo
+has write access to the command or its parent directory.
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
+The digest name must be followed by a colon
+.Pq Ql :\&
+and then the actual digest, in either hex or base64 format.
+For example, given the following value for sudoCommand:
+.Bd -literal -offset 4n
+sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ /bin/ls
+.Ed
+.Pp
+The user may only run
+.Pa /bin/ls
+if its sha224 digest matches the specified value.
+Command digests are only supported by version 1.8.7 or higher.
.It Sy sudoOption
Identical in function to the global options described above, but
specific to the
.Li sudoOrder
attribute is an integer (or floating point value for LDAP servers
that support it) that is used to sort the matching entries.
-This allows LDAP-based sudoers entries to more closely mimic the behaviour
+This allows LDAP-based sudoers entries to more closely mimic the behavior
of the sudoers file, where the of the entries influences the result.
If multiple entries match, the entry with the highest
.Li sudoOrder
.Pp
If timed entries are enabled with the
.Sy SUDOERS_TIMED
-configuration directive, the LDAP queries include a subfilter that
+configuration directive, the LDAP queries include a sub-filter that
limits retrieval to entries that satisfy the time constraints, if any.
.Ss Differences between LDAP and non-LDAP sudoers
There are some subtle differences in the way sudoers is handled
Sudo reads the
.Pa @ldap_conf@
file for LDAP-specific configuration.
-Typically, this file is shared amongst different LDAP-aware clients.
+Typically, this file is shared between different LDAP-aware clients.
As such, most of the settings are not
.Nm sudo Ns No -specific.
Note that
system's
.Xr ldap.conf @mansectsu@
manual.
+The path to
+.Pa ldap.conf
+may be overridden via the
+.Em ldap_conf
+plugin argument in
+.Xr sudo.conf @mansectform@ .
.Pp
Also note that on systems using the OpenLDAP libraries, default
values specified in
are honored.
Configuration options are listed below in upper case but are parsed
in a case-independent manner.
+.Pp
+Long lines can be continued with a backslash
+.Pq Ql \e
+as the last character on the line.
+Note that leading white space is removed from the beginning of lines
+even when the continuation character is used.
.Bl -tag -width 4n
.It Sy URI Ar ldap[s]://[hostname[:port]] ...
-Specifies a whitespace-delimited list of one or more URIs describing
+Specifies a white space-delimited list of one or more URIs describing
the LDAP server(s) to connect to.
The
.Em protocol
.Sy URI
is specified, the
.Sy HOST
-parameter specifies a whitespace-delimited list of LDAP servers to connect to.
+parameter specifies a white space-delimited list of LDAP servers to connect to.
Each host may include an optional
.Em port
separated by a colon
A value of 2 shows the results of the matches themselves.
This parameter should not be set in a production environment as the
extra information is likely to confuse users.
+.Pp
+The
+.Sy SUDOERS_DEBUG
+parameter is deprecated and will be removed in a future release.
+The same information is now logged via the
+.Nm sudo
+debugging framework using the
+.Dq ldap
+subsystem at priorities
+.Em diag
+and
+.Em info
+for
+.Em debug_level
+values 1 and 2 respectively.
+See the
+.Xr sudo.conf @mansectform@
+manual for details on how to configure
+.Nm sudo
+debugging.
.It Sy BINDDN Ar DN
The
.Sy BINDDN
to use when performing privileged LDAP operations, such as
.Em sudoers
queries.
-The password corresponding
-to the identity should be stored in
+The password corresponding to the identity should be stored in the
+or the path specified by the
+.Em ldap_secret
+plugin argument in
+.Xr sudo.conf @mansectform@ ,
+which defaults to
.Pa @ldap_secret@ .
-If not specified, the
+If no
+.Sy ROOTBINDDN
+is specified, the
.Sy BINDDN
identity is used (if any).
.It Sy LDAP_VERSION Ar number
sudoers = ldap
.Ed
.Pp
-To treat LDAP as authoratative and only use the local sudoers file
+To treat LDAP as authoritative and only use the local sudoers file
if the user is not present in LDAP, use:
.Bd -literal -offset 4n
sudoers = ldap = auth, files
.Pp
Note that in the above example, the
.Li auth
-qualfier only affects user lookups; both LDAP and
+qualifier only affects user lookups; both LDAP and
.Em sudoers
will be queried for
.Li Defaults
)
.Ed
.Sh SEE ALSO
-.Xr ldap.conf @mansectsu@ ,
+.Xr ldap.conf @mansectform@ ,
+.Xr sudo.conf @mansectform@ ,
.Xr sudoers @mansectsu@
.Sh CAVEATS
Note that there are differences in the way that LDAP-based
.\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
.\" IT IS GENERATED AUTOMATICALLY FROM sudoers.mdoc.in
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
-.\" Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013
+.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "SUDOERS" "@mansectsu@" "July 16, 2012" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
+.TH "SUDOERS" "@mansectsu@" "April 30, 2013" "Sudo @PACKAGE_VERSION@" "Programmer's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBsudoers\fR
-\- default sudo security policy module
+\- default sudo security policy plugin
.SH "DESCRIPTION"
The
\fIsudoers\fR
-policy module determines a user's
+policy plugin determines a user's
\fBsudo\fR
privileges.
It is the default
policy information
in LDAP, please see
sudoers.ldap(@mansectform@).
+.SS "Configuring sudo.conf for sudoers"
+\fBsudo\fR
+consults the
+sudo.conf(@mansectform@)
+file to determine which policy and and I/O logging plugins to load.
+If no
+sudo.conf(@mansectform@)
+file is present, or if it contains no
+\fRPlugin\fR
+lines,
+\fBsudoers\fR
+will be used for policy decisions and I/O logging.
+To explicitly configure
+sudo.conf(@mansectform@)
+to use the
+\fBsudoers\fR
+plugin, the following configuration can be used.
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+.RE
+.fi
+.PP
+Starting with
+\fBsudo\fR
+1.8.5, it is possible to specify optional arguments to the
+\fBsudoers\fR
+plugin in the
+sudo.conf(@mansectform@)
+file.
+These arguments, if present, should be listed after the path to the plugin
+(i.e.\& after
+\fIsudoers.so\fR).
+Multiple arguments may be specified, separated by white space.
+For example:
+.nf
+.sp
+.RS 6n
+Plugin sudoers_policy sudoers.so sudoers_mode=0400
+.RE
+.fi
+.PP
+The following plugin arguments are supported:
+.TP 10n
+ldap_conf=pathname
+The
+\fIldap_conf\fR
+argument can be used to override the default path to the
+\fIldap.conf\fR
+file.
+.TP 10n
+ldap_secret=pathname
+The
+\fIldap_secret\fR
+argument can be used to override the default path to the
+\fIldap.secret\fR
+file.
+.TP 10n
+sudoers_file=pathname
+The
+\fIsudoers_file\fR
+argument can be used to override the default path to the
+\fIsudoers\fR
+file.
+.TP 10n
+sudoers_uid=uid
+The
+\fIsudoers_uid\fR
+argument can be used to override the default owner of the sudoers file.
+It should be specified as a numeric user ID.
+.TP 10n
+sudoers_gid=gid
+The
+\fIsudoers_gid\fR
+argument can be used to override the default group of the sudoers file.
+It must be specified as a numeric group ID (not a group name).
+.TP 10n
+sudoers_mode=mode
+The
+\fIsudoers_mode\fR
+argument can be used to override the default file mode for the sudoers file.
+It should be specified as an octal value.
+.PP
+For more information on configuring
+sudo.conf(@mansectform@),
+please refer to its manual.
.SS "Authentication and logging"
The
\fIsudoers\fR
.PP
A
\fRUser_List\fR
-is made up of one or more user names, user ids
+is made up of one or more user names, user IDs
(prefixed with
`#'),
-system group names and ids (prefixed with
+system group names and IDs (prefixed with
`%'
and
`%#'
and
\fRnonunix_gid\fR
syntax depends on
-the underlying group provider plugin (see the
-\fIgroup_plugin\fR
-description below).
+the underlying group provider plugin.
For instance, the QAS AD plugin supports the following formats:
.TP 6n
\fBo\fR
\fBo\fR
Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
.PP
+See
+\fIGROUP PROVIDER PLUGINS\fR
+for more information.
+.PP
Note that quotes around group names are optional.
Unquoted strings must use a backslash
(`\e')
.nf
.sp
.RS 0n
+digest ::= [A-Fa-f0-9]+ |
+ [[A-Za-z0-9\+/=]+
+
+Digest_Spec ::= "sha224" ':' digest |
+ "sha256" ':' digest |
+ "sha384" ':' digest |
+ "sha512" ':' digest
+
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
file name args |
file name '""'
-Cmnd ::= '!'* command name |
+Cmnd ::= Digest_Spec? '!'* command name |
'!'* directory |
'!'* "sudoedit" |
'!'* Cmnd_Alias
`:\&',
`=\&',
`\e'.
-The special command
+The built-in command
``\fRsudoedit\fR''
is used to permit a user to run
\fBsudo\fR
option (or as
\fBsudoedit\fR).
It may take command line arguments just as a normal command does.
+Note that
+``\fRsudoedit\fR''
+is a command built into
+\fBsudo\fR
+itself and must be specified in
+\fIsudoers\fR
+without a leading path.
+.PP
+If a
+\fRcommand name\fR
+is prefixed with a
+\fRDigest_Spec\fR,
+the command will only match successfully if it can be verified
+using the specified SHA-2 digest.
+This may be useful in situations where the user invoking
+\fBsudo\fR
+has write access to the command or its parent directory.
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
+The string may be specified in either hex or base64 format
+(base64 is more compact).
+There are several utilities capable of generating SHA-2 digests in hex
+format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
+.PP
+For example, using openssl:
+.nf
+.sp
+.RS 0n
+$ openssl dgst -sha224 /bin/ls
+SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
+.RE
+.fi
+.PP
+It is also possible to use openssl to generate base64 output:
+.nf
+.sp
+.RS 0n
+$ openssl dgst -binary -sha224 /bin/ls | openssl base64
+EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
+.RE
+.fi
+.PP
+Command digests are only supported by version 1.8.7 or higher.
.SS "Defaults"
Certain configuration options may be changed from their default
values at run-time via one or more
\fRNOEXEC\fR
overrides
\fREXEC\fR).
-.PP
-\fINOPASSWD and PASSWD\fR
-.PP
+.TP 2n
+\fINOPASSWD\fR and \fIPASSWD\fR
+.sp
By default,
\fBsudo\fR
requires that a user authenticate him or herself
\fRPASSWD\fR
tag can be used to reverse things.
For example:
+.RS
.nf
.sp
.RS 0n
ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
.RE
.fi
-.PP
+.sp
would allow the user
\fBray\fR
to run
ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
.RE
.fi
-.PP
+.sp
Note, however, that the
\fRPASSWD\fR
tag has no effect on users who are in the group specified by the
\fIexempt_group\fR
option.
-.PP
+.sp
By default, if the
\fRNOPASSWD\fR
tag is applied to any of the entries for a user on the current host,
\fIlistpw\fR
options.
.PP
-\fINOEXEC and EXEC\fR
-.PP
+.RE
+.PD 0
+.TP 2n
+\fINOEXEC\fR and \fIEXEC\fR
+.sp
If
\fBsudo\fR
has been compiled with
\fRNOEXEC\fR
tag can be used to prevent a dynamically-linked executable from
running further commands itself.
-.PP
+.sp
In the following example, user
\fBaaron\fR
may run
and
\fI/usr/bin/vi\fR
but shell escapes will be disabled.
+.RS
.nf
.sp
.RS 0n
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
.RE
.fi
-.PP
+.sp
See the
\fIPreventing shell escapes\fR
section below for more details on how
\fRNOEXEC\fR
works and whether or not it will work on your system.
+.PD
.PP
-\fISETENV and NOSETENV\fR
-.PP
+.RE
+.PD 0
+.TP 2n
+\fISETENV\fR and \fINOSETENV\fR
+.sp
These tags override the value of the
\fIsetenv\fR
option on a per-command basis.
tag is implied for that command; this default may be overridden by use of the
\fRNOSETENV\fR
tag.
-.PP
-\fILOG_INPUT and NOLOG_INPUT\fR
-.PP
+.PD
+.TP 2n
+\fILOG_INPUT\fR and \fINOLOG_INPUT\fR
+.sp
These tags override the value of the
\fIlog_input\fR
option on a per-command basis.
in the
\fISUDOERS OPTIONS\fR
section below.
-.PP
-\fILOG_OUTPUT and NOLOG_OUTPUT\fR
-.PP
+.TP 2n
+\fILOG_OUTPUT\fR and \fINOLOG_OUTPUT\fR
+.sp
These tags override the value of the
\fIlog_output\fR
option on a per-command basis.
\fIsudoers\fR
file.
Wildcard matching is done via the
-\fBPOSIX\fR
glob(3)
and
fnmatch(3)
-routines.
+functions as specified by
+IEEE Std 1003.1 (\(lqPOSIX.1\(rq).
Note that these are
\fInot\fR
regular expressions.
and
`]\&'.
.PP
-POSIX character classes may also be used if your system's
+Character classes may also be used if your system's
glob(3)
and
fnmatch(3)
(`\&!')
can be used as a logical
\fInot\fR
-operator both in an
+operator in a list or
\fIalias\fR
-and in front of a
+as well as in front of a
\fRCmnd\fR.
This allows one to exclude certain values.
+For the
+`\&!'
+operator to be effective, there must be something for it to exclude.
+For example, to match all users except for root one would use:
+.nf
+.sp
+.RS 4n
+ALL,!root
+.RE
+.fi
+.PP
+If the
+\fBALL\fR,
+is omitted, as in:
+.nf
+.sp
+.RS 4n
+!root
+.RE
+.fi
+.PP
+it would explicitly deny root but not match any other users.
+This is different from a true
+``negation''
+operator.
+.PP
Note, however, that using a
`\&!'
in conjunction with the built-in
\fBzlib\fR
support.
.TP 18n
+exec_background
+By default,
+\fBsudo\fR
+runs a command as the foreground process as long as
+\fBsudo\fR
+itself is running in the foreground.
+When the
+\fIexec_background\fR
+flag is enabled and the command is being run in a pty (due to I/O logging
+or the
+\fIuse_pty\fR
+flag), the command will be run as a background process.
+Attempts to read from the controlling terminal (or to change terminal
+settings) will result in the command being suspended with the
+\fRSIGTTIN\fR
+signal (or
+\fRSIGTTOU\fR
+in the case of terminal settings).
+If this happens when
+\fBsudo\fR
+is a foreground process, the command will be granted the controlling terminal
+and resumed in the foreground with no user intervention required.
+The advantage of initially running the command in the background is that
+\fBsudo\fR
+need not read from the terminal unless the command explicitly requests it.
+Otherwise, any terminal input must be passed to the command, whether it
+has required it or not (the kernel buffers terminals so it is not possible
+to tell whether the command really wants the input).
+This is different from historic
+\fIsudo\fR
+behavior or when the command is not being run in a pty.
+.sp
+For this to work seamlessly, the operating system must support the
+automatic restarting of system calls.
+Unfortunately, not all operating systems do this by default,
+and even those that do may have bugs.
+For example, Mac OS X fails to restart the
+\fBtcgetattr\fR()
+and
+\fBtcsetattr\fR()
+system calls (this is a bug in Mac OS X).
+Furthermore, because this behavior depends on the command stopping with the
+\fRSIGTTIN\fR
+or
+\fRSIGTTOU\fR
+signals, programs that catch these signals and suspend themselves
+with a different signal (usually
+\fRSIGTOP\fR)
+will not be automatically foregrounded.
+Some versions of the linux
+su(1)
+command behave this way.
+.sp
+This setting is only supported by version 1.8.7 or higher.
+It has no effect unless I/O logging is enabled or the
+\fIuse_pty\fR
+flag is enabled.
+.TP 18n
env_editor
If set,
\fBvisudo\fR
\fIoff\fR
by default.
.TP 18n
-path_info
-Normally,
-\fBsudo\fR
-will tell the user when a command could not be
-found in their
-\fRPATH\fR
-environment variable.
-Some sites may wish to disable this as it could be used to gather
-information on the location of executables that the normal user does
-not have access to.
-The disadvantage is that if the executable is simply not in the user's
-\fRPATH\fR,
+pam_session
+On systems that use PAM for authentication,
\fBsudo\fR
-will tell the user that they are not allowed to run it, which can be confusing.
+will create a new PAM session for the command to be run in.
+Disabling
+\fIpam_session\fR
+may be needed on older PAM implementations or on operating systems where
+opening a PAM session changes the utmp or wtmp files.
+If PAM session support is disabled, resource limits may not be updated
+for the command being run.
This flag is
-\fI@path_info@\fR
+\fI@pam_session@\fR
by default.
+.sp
+This setting is only supported by version 1.8.7 or higher.
.TP 18n
passprompt_override
The password prompt specified by
\fIoff\fR
by default.
.TP 18n
+path_info
+Normally,
+\fBsudo\fR
+will tell the user when a command could not be
+found in their
+\fRPATH\fR
+environment variable.
+Some sites may wish to disable this as it could be used to gather
+information on the location of executables that the normal user does
+not have access to.
+The disadvantage is that if the executable is simply not in the user's
+\fRPATH\fR,
+\fBsudo\fR
+will tell the user that they are not allowed to run it, which can be confusing.
+This flag is
+\fI@path_info@\fR
+by default.
+.TP 18n
preserve_groups
By default,
\fBsudo\fR
replaced with a unique combination of digits and letters, similar to the
mktemp(3)
function.
+.sp
+If the path created by concatenating
+\fIiolog_dir\fR
+and
+\fIiolog_file\fR
+already exists, the existing I/O log file will be truncated and
+overwritten unless
+\fIiolog_file\fR
+ends in six or
+more
+\fRX\fRs.
.PD
.TP 18n
limitprivs
Default is
``\fR@mailsub@\fR''.
.TP 18n
+maxseq
+The maximum sequence number that will be substituted for the
+``\fR%{seq}\fR''
+escape in the I/O log file (see the
+\fIiolog_dir\fR
+description above for more information).
+While the value substituted for
+``\fR%{seq}\fR''
+is in base 36,
+\fImaxseq\fR
+itself should be expressed in decimal.
+Values larger than 2176782336 (which corresponds to the
+base 36 sequence number
+``ZZZZZZ'')
+will be silently truncated to 2176782336.
+The default value is 2176782336.
+.sp
+Once the local sequence number reaches the value of
+\fImaxseq\fR,
+it will
+``roll over''
+to zero, after which
+\fBsudoers\fR
+will truncate and re-use any existing I/O log pathnames.
+.sp
+This setting is only supported by version 1.8.7 or higher.
+.TP 18n
noexec_file
-This option is no longer supported.
+As of
+\fBsudo\fR
+version 1.8.1 this option is no longer supported.
The path to the noexec file should now be set in the
-\fI@sysconfdir@/sudo.conf\fR
+sudo.conf(@mansectform@)
file.
.TP 18n
passprompt
A string containing a
\fIsudoers\fR
group plugin with optional arguments.
-This can be used to implement support for the
-\fRnonunix_group\fR
-syntax described earlier.
The string should consist of the plugin
path, either fully-qualified or relative to the
-\fI@prefix@/libexec\fR
+\fI@PLUGINDIR@\fR
directory, followed by any configuration arguments the plugin requires.
These arguments (if any) will be passed to the plugin's initialization function.
If arguments are present, the string must be enclosed in double quotes
(\&"").
.sp
-For example, given
-\fI/etc/sudo-group\fR,
-a group file in Unix group format, the sample group plugin can be used:
-.RS
-.nf
-.sp
-.RS 0n
-Defaults group_plugin="sample_group.so /etc/sudo-group"
-.RE
-.fi
-.sp
For more information see
-sudo_plugin(@mansectform@).
-.PP
-.RE
-.PD 0
+GROUP PROVIDER PLUGINS.
.TP 14n
lecture
This option controls when a short lecture will be printed along with
the password prompt.
It has the following possible values:
.RS
-.PD
.TP 8n
always
Always lecture the user.
is run by root with the
\fB\-V\fR
option.
+.SH "GROUP PROVIDER PLUGINS"
+The
+\fBsudoers\fR
+plugin supports its own plugin interface to allow non-Unix
+group lookups which can query a group source other
+than the standard Unix group database.
+This can be used to implement support for the
+\fRnonunix_group\fR
+syntax described earlier.
+.PP
+Group provider plugins are specified via the
+\fIgroup_plugin\fR
+Defaults setting.
+The argument to
+\fIgroup_plugin\fR
+should consist of the plugin path, either fully-qualified or relative to the
+\fI@PLUGINDIR@\fR
+directory, followed by any configuration options the plugin requires.
+These options (if specified) will be passed to the plugin's initialization
+function.
+If options are present, the string must be enclosed in double quotes
+(\&"").
+.PP
+The following group provider plugins are installed by default:
+.TP 10n
+group_file
+The
+\fIgroup_file\fR
+plugin supports an alternate group file that uses the same syntax as the
+\fI/etc/group\fR
+file.
+The path to the group file should be specified as an option
+to the plugin.
+For example, if the group file to be used is
+\fI/etc/sudo-group\fR:
+.RS
+.nf
+.sp
+.RS 0n
+Defaults group_plugin="group_file.so /etc/sudo-group"
+.RE
+.fi
+.PP
+.RE
+.PD 0
+.TP 10n
+system_group
+The
+\fIsystem_group\fR
+plugin supports group lookups via the standard C library functions
+\fBgetgrnam\fR()
+and
+\fBgetgrid\fR().
+This plugin can be used in instances where the user belongs to
+groups not present in the user's supplemental group vector.
+This plugin takes no options:
+.RS
+.nf
+.sp
+.RS 0n
+Defaults group_plugin=system_group.so
+.RE
+.fi
+.RE
+.PD
+.PP
+The group provider plugin API is described in detail in
+sudo_plugin(@mansectsu@).
.SH "LOG FORMAT"
\fBsudoers\fR
can log events using either
tries to open
\fIsudoers\fR
using group permissions to avoid this problem.
-Consider changing the ownership of
+Consider either changing the ownership of
\fI@sysconfdir@/sudoers\fR
-by adding an option like
+or adding an argument like
``sudoers_uid=N''
(where
`N'
is the user ID that owns the
\fIsudoers\fR
-file) to the
+file) to the end of the
\fBsudoers\fR
-plugin line in the
-\fI@sysconfdir@/sudo.conf\fR
+\fRPlugin\fR
+line in the
+sudo.conf(@mansectform@)
file.
.TP 3n
unable to stat @sysconfdir@/sudoers
\fIsudoers\fR
file) to the
\fBsudoers\fR
-plugin line in the
-\fI@sysconfdir@/sudo.conf\fR
+\fRPlugin\fR
+line in the
+sudo.conf(@mansectform@)
file.
.TP 3n
@sysconfdir@/sudoers is world writable
``sudoers_mode''
option to the
\fBsudoers\fR
-plugin line in the
-\fI@sysconfdir@/sudo.conf\fR
+\fRPlugin\fR
+line in the
+sudo.conf(@mansectform@)
file.
.TP 3n
@sysconfdir@/sudoers is owned by gid N, should be 1
\fIsudoers\fR
file) to the
\fBsudoers\fR
-plugin line in the
-\fI@sysconfdir@/sudo.conf\fR
+\fRPlugin\fR
+line in the
+sudo.conf(@mansectform@)
file.
.TP 3n
unable to open @timedir@/username/ttyname
option is set to 0 (or negated with a
`\&!'),
word wrap will be disabled.
-.SH "SUDO.CONF"
-The
-\fI@sysconfdir@/sudo.conf\fR
-file determines which plugins the
-\fBsudo\fR
-front end will load.
-If no
-\fI@sysconfdir@/sudo.conf\fR
-file
-is present, or it contains no
-\fRPlugin\fR
-lines,
-\fBsudo\fR
-will use the
-\fIsudoers\fR
-security policy and I/O logging, which corresponds to the following
-\fI@sysconfdir@/sudo.conf\fR
-file.
-.nf
-.sp
-.RS 0n
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
-.RE
-.fi
-.SS "Plugin options"
-Starting with
-\fBsudo\fR
-1.8.5, it is possible to pass options to the
-\fIsudoers\fR
-plugin.
-Options may be listed after the path to the plugin (i.e.\& after
-\fIsudoers.so\fR);
-multiple options should be space-separated.
-For example:
-.nf
-.sp
-.RS 0n
-Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440
-.RE
-.fi
-.PP
-The following plugin options are supported:
-.TP 10n
-sudoers_file=pathname
-The
-\fIsudoers_file\fR
-option can be used to override the default path
-to the
-\fIsudoers\fR
-file.
-.TP 10n
-sudoers_uid=uid
-The
-\fIsudoers_uid\fR
-option can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
-.TP 10n
-sudoers_gid=gid
-The
-\fIsudoers_gid\fR
-option can be used to override the default group of the sudoers file.
-It should be specified as a numeric group ID.
-.TP 10n
-sudoers_mode=mode
-The
-\fIsudoers_mode\fR
-option can be used to override the default file mode for the sudoers file.
-It should be specified as an octal value.
-.SS "Debug flags"
-Versions 1.8.4 and higher of the
-\fIsudoers\fR
-plugin supports a debugging framework that can help track down what the
-plugin is doing internally if there is a problem.
-This can be configured in the
-\fI@sysconfdir@/sudo.conf\fR
-file as described in
-sudo(@mansectsu@).
-.PP
-The
-\fIsudoers\fR
-plugin uses the same debug flag format as the
-\fBsudo\fR
-front-end:
-\fIsubsystem\fR@\fIpriority\fR.
-.PP
-The priorities used by
-\fIsudoers\fR,
-in order of decreasing severity,
-are:
-\fIcrit\fR,
-\fIerr\fR,
-\fIwarn\fR,
-\fInotice\fR,
-\fIdiag\fR,
-\fIinfo\fR,
-\fItrace\fR
-and
-\fIdebug\fR.
-Each priority, when specified, also includes all priorities higher than it.
-For example, a priority of
-\fInotice\fR
-would include debug messages logged at
-\fInotice\fR
-and higher.
-.PP
-The following subsystems are used by
-\fIsudoers\fR:
-.TP 10n
-\fIalias\fR
-\fRUser_Alias\fR,
-\fRRunas_Alias\fR,
-\fRHost_Alias\fR
-and
-\fRCmnd_Alias\fR
-processing
-.TP 10n
-\fIall\fR
-matches every subsystem
-.TP 10n
-\fIaudit\fR
-BSM and Linux audit code
-.TP 10n
-\fIauth\fR
-user authentication
-.TP 10n
-\fIdefaults\fR
-\fIsudoers\fR
-\fIDefaults\fR
-settings
-.TP 10n
-\fIenv\fR
-environment handling
-.TP 10n
-\fIldap\fR
-LDAP-based sudoers
-.TP 10n
-\fIlogging\fR
-logging support
-.TP 10n
-\fImatch\fR
-matching of users, groups, hosts and netgroups in
-\fIsudoers\fR
-.TP 10n
-\fInetif\fR
-network interface handling
-.TP 10n
-\fInss\fR
-network service switch handling in
-\fIsudoers\fR
-.TP 10n
-\fIparser\fR
-\fIsudoers\fR
-file parsing
-.TP 10n
-\fIperms\fR
-permission setting
-.TP 10n
-\fIplugin\fR
-The equivalent of
-\fImain\fR
-for the plugin.
-.TP 10n
-\fIpty\fR
-pseudo-tty related code
-.TP 10n
-\fIrbtree\fR
-redblack tree internals
-.TP 10n
-\fIutil\fR
-utility functions
.SH "FILES"
.TP 26n
\fI@sysconfdir@/sudo.conf\fR
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
- /usr/sbin/restore, /usr/sbin/rrestore
+ /usr/sbin/restore, /usr/sbin/rrestore,\e
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
printing system, shutting down the system, and any commands in the
directory
\fI/usr/oper/bin/\fR.
+Note that one command in the
+\fRDUMPS\fR
+Cmnd_Alias includes a sha224 digest,
+\fI/home/operator/bin/start_backups\fR.
+This is because the directory containing the script is writable by the
+operator user.
+If the script is modified (resulting in a digest mismatch) it will no longer
+be possible to run it via
+\fBsudo\fR.
.nf
.sp
.RS 0n
ignore it.
Administrators should not rely on this feature as it is not universally
available.
+.SH "DEBUGGING"
+Versions 1.8.4 and higher of the
+\fBsudoers\fR
+plugin support a flexible debugging framework that can help track
+down what the plugin is doing internally if there is a problem.
+This can be configured in the
+sudo.conf(@mansectform@)
+file.
+.PP
+The
+\fBsudoers\fR
+plugin uses the same debug flag format as the
+\fBsudo\fR
+front-end:
+\fIsubsystem\fR@\fIpriority\fR.
+.PP
+The priorities used by
+\fBsudoers\fR,
+in order of decreasing severity,
+are:
+\fIcrit\fR, \fIerr\fR, \fIwarn\fR, \fInotice\fR, \fIdiag\fR, \fIinfo\fR, \fItrace\fR
+and
+\fIdebug\fR.
+Each priority, when specified, also includes all priorities higher
+than it.
+For example, a priority of
+\fInotice\fR
+would include debug messages logged at
+\fInotice\fR
+and higher.
+.PP
+The following subsystems are used by the
+\fBsudoers\fR
+plugin:
+.TP 10n
+\fIalias\fR
+\fRUser_Alias\fR,
+\fRRunas_Alias\fR,
+\fRHost_Alias\fR
+and
+\fRCmnd_Alias\fR
+processing
+.TP 10n
+\fIall\fR
+matches every subsystem
+.TP 10n
+\fIaudit\fR
+BSM and Linux audit code
+.TP 10n
+\fIauth\fR
+user authentication
+.TP 10n
+\fIdefaults\fR
+\fIsudoers\fR
+\fIDefaults\fR
+settings
+.TP 10n
+\fIenv\fR
+environment handling
+.TP 10n
+\fIldap\fR
+LDAP-based sudoers
+.TP 10n
+\fIlogging\fR
+logging support
+.TP 10n
+\fImatch\fR
+matching of users, groups, hosts and netgroups in
+\fIsudoers\fR
+.TP 10n
+\fInetif\fR
+network interface handling
+.TP 10n
+\fInss\fR
+network service switch handling in
+\fIsudoers\fR
+.TP 10n
+\fIparser\fR
+\fIsudoers\fR
+file parsing
+.TP 10n
+\fIperms\fR
+permission setting
+.TP 10n
+\fIplugin\fR
+The equivalent of
+\fImain\fR
+for the plugin.
+.TP 10n
+\fIpty\fR
+pseudo-tty related code
+.TP 10n
+\fIrbtree\fR
+redblack tree internals
+.TP 10n
+\fIutil\fR
+utility functions
+.PD 0
+.PP
+.PD
+For example:
+.nf
+.sp
+.RS 0n
+Debug sudo /var/log/sudo_debug match@info,nss@info
+.RE
+.fi
+.PP
+For more information, see the
+sudo.conf(@mansectform@)
+manual.
.SH "SEE ALSO"
ssh(1),
su(1),
glob(3),
mktemp(3),
strftime(3),
+sudo.conf(@mansectform@),
sudoers.ldap(@mansectform@),
sudo_plugin(@mansectsu@),
sudo(@mansectsu@),
.\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2012
-.\" Todd C. Miller <Todd.Miller@courtesan.com>
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2013
+.\" Todd C. Miller <Todd.Miller@courtesan.com>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd July 16, 2012
+.Dd April 30, 2013
.Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Nm sudoers
-.Nd default sudo security policy module
+.Nd default sudo security policy plugin
.Sh DESCRIPTION
The
.Em sudoers
-policy module determines a user's
+policy plugin determines a user's
.Nm sudo
privileges.
It is the default
policy information
in LDAP, please see
.Xr sudoers.ldap @mansectform@ .
+.Ss Configuring sudo.conf for sudoers
+.Nm sudo
+consults the
+.Xr sudo.conf @mansectform@
+file to determine which policy and and I/O logging plugins to load.
+If no
+.Xr sudo.conf @mansectform@
+file is present, or if it contains no
+.Li Plugin
+lines,
+.Nm sudoers
+will be used for policy decisions and I/O logging.
+To explicitly configure
+.Xr sudo.conf @mansectform@
+to use the
+.Nm sudoers
+plugin, the following configuration can be used.
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so
+Plugin sudoers_io sudoers.so
+.Ed
+.Pp
+Starting with
+.Nm sudo
+1.8.5, it is possible to specify optional arguments to the
+.Nm sudoers
+plugin in the
+.Xr sudo.conf @mansectform@
+file.
+These arguments, if present, should be listed after the path to the plugin
+(i.e.\& after
+.Pa sudoers.so ) .
+Multiple arguments may be specified, separated by white space.
+For example:
+.Bd -literal -offset indent
+Plugin sudoers_policy sudoers.so sudoers_mode=0400
+.Ed
+.Pp
+The following plugin arguments are supported:
+.Bl -tag -width 8n
+.It ldap_conf=pathname
+The
+.Em ldap_conf
+argument can be used to override the default path to the
+.Pa ldap.conf
+file.
+.It ldap_secret=pathname
+The
+.Em ldap_secret
+argument can be used to override the default path to the
+.Pa ldap.secret
+file.
+.It sudoers_file=pathname
+The
+.Em sudoers_file
+argument can be used to override the default path to the
+.Em sudoers
+file.
+.It sudoers_uid=uid
+The
+.Em sudoers_uid
+argument can be used to override the default owner of the sudoers file.
+It should be specified as a numeric user ID.
+.It sudoers_gid=gid
+The
+.Em sudoers_gid
+argument can be used to override the default group of the sudoers file.
+It must be specified as a numeric group ID (not a group name).
+.It sudoers_mode=mode
+The
+.Em sudoers_mode
+argument can be used to override the default file mode for the sudoers file.
+It should be specified as an octal value.
+.El
+.Pp
+For more information on configuring
+.Xr sudo.conf @mansectform@ ,
+please refer to its manual.
.Ss Authentication and logging
The
.Em sudoers
.Pp
A
.Li User_List
-is made up of one or more user names, user ids
+is made up of one or more user names, user IDs
(prefixed with
.Ql # ) ,
-system group names and ids (prefixed with
+system group names and IDs (prefixed with
.Ql %
and
.Ql %#
and
.Li nonunix_gid
syntax depends on
-the underlying group provider plugin (see the
-.Em group_plugin
-description below).
+the underlying group provider plugin.
For instance, the QAS AD plugin supports the following formats:
.Bl -bullet -width 4n
.It
Group SID: "%:S-1-2-34-5678901234-5678901234-5678901234-567"
.El
.Pp
+See
+.Sx "GROUP PROVIDER PLUGINS"
+for more information.
+.Pp
Note that quotes around group names are optional.
Unquoted strings must use a backslash
.Pq Ql \e
will only match if that is the actual host name, which is usually
only the case for non-networked systems.
.Bd -literal
+digest ::= [A-Fa-f0-9]+ |
+ [[A-Za-z0-9\+/=]+
+
+Digest_Spec ::= "sha224" ':' digest |
+ "sha256" ':' digest |
+ "sha384" ':' digest |
+ "sha512" ':' digest
+
Cmnd_List ::= Cmnd |
Cmnd ',' Cmnd_List
file name args |
file name '""'
-Cmnd ::= '!'* command name |
+Cmnd ::= Digest_Spec? '!'* command name |
'!'* directory |
'!'* "sudoedit" |
'!'* Cmnd_Alias
.Ql :\& ,
.Ql =\& ,
.Ql \e .
-The special command
+The built-in command
.Dq Li sudoedit
is used to permit a user to run
.Nm sudo
option (or as
.Nm sudoedit ) .
It may take command line arguments just as a normal command does.
+Note that
+.Dq Li sudoedit
+is a command built into
+.Nm sudo
+itself and must be specified in
+.Em sudoers
+without a leading path.
+.Pp
+If a
+.Li command name
+is prefixed with a
+.Li Digest_Spec ,
+the command will only match successfully if it can be verified
+using the specified SHA-2 digest.
+This may be useful in situations where the user invoking
+.Nm sudo
+has write access to the command or its parent directory.
+The following digest formats are supported: sha224, sha256, sha384 and sha512.
+The string may be specified in either hex or base64 format
+(base64 is more compact).
+There are several utilities capable of generating SHA-2 digests in hex
+format such as openssl, shasum, sha224sum, sha256sum, sha384sum, sha512sum.
+.Pp
+For example, using openssl:
+.Bd -literal
+$ openssl dgst -sha224 /bin/ls
+SHA224(/bin/ls)= 118187da8364d490b4a7debbf483004e8f3e053ec954309de2c41a25
+.Ed
+.Pp
+It is also possible to use openssl to generate base64 output:
+.Bd -literal
+$ openssl dgst -binary -sha224 /bin/ls | openssl base64
+EYGH2oNk1JC0p9679IMATo8+BT7JVDCd4sQaJQ==
+.Ed
+.Pp
+Command digests are only supported by version 1.8.7 or higher.
.Ss Defaults
Certain configuration options may be changed from their default
values at run-time via one or more
.Li NOEXEC
overrides
.Li EXEC ) .
-.Pp
-.Em NOPASSWD and PASSWD
-.Pp
+.Bl -hang -width 0n
+.It Em NOPASSWD No and Em PASSWD
+.sp
By default,
.Nm sudo
requires that a user authenticate him or herself
and
.Em listpw
options.
-.Pp
-.Em NOEXEC and EXEC
-.Pp
+.It Em NOEXEC No and Em EXEC
+.sp
If
.Nm sudo
has been compiled with
section below for more details on how
.Li NOEXEC
works and whether or not it will work on your system.
-.Pp
-.Em SETENV and NOSETENV
-.Pp
+.It Em SETENV No and Em NOSETENV
+.sp
These tags override the value of the
.Em setenv
option on a per-command basis.
tag is implied for that command; this default may be overridden by use of the
.Li NOSETENV
tag.
-.Pp
-.Em LOG_INPUT and NOLOG_INPUT
-.Pp
+.It Em LOG_INPUT No and Em NOLOG_INPUT
+.sp
These tags override the value of the
.Em log_input
option on a per-command basis.
in the
.Sx SUDOERS OPTIONS
section below.
-.Pp
-.Em LOG_OUTPUT and NOLOG_OUTPUT
-.Pp
+.It Em LOG_OUTPUT No and Em NOLOG_OUTPUT
+.sp
These tags override the value of the
.Em log_output
option on a per-command basis.
in the
.Sx SUDOERS OPTIONS
section below.
+.El
.Ss Wildcards
.Nm sudo
allows shell-style
.Em sudoers
file.
Wildcard matching is done via the
-.Sy POSIX
.Xr glob 3
and
.Xr fnmatch 3
-routines.
+functions as specified by
+.St -p1003.1 .
Note that these are
.Em not
regular expressions.
.Ql ]\& .
.El
.Pp
-POSIX character classes may also be used if your system's
+Character classes may also be used if your system's
.Xr glob 3
and
.Xr fnmatch 3
.Pq Ql \&!
can be used as a logical
.Em not
-operator both in an
+operator in a list or
.Em alias
-and in front of a
+as well as in front of a
.Li Cmnd .
This allows one to exclude certain values.
+For the
+.Ql \&!
+operator to be effective, there must be something for it to exclude.
+For example, to match all users except for root one would use:
+.Bd -literal -offset 4n
+ALL,!root
+.Ed
+.Pp
+If the
+.Sy ALL ,
+is omitted, as in:
+.Bd -literal -offset 4n
+!root
+.Ed
+.Pp
+it would explicitly deny root but not match any other users.
+This is different from a true
+.Dq negation
+operator.
+.Pp
Note, however, that using a
.Ql \&!
in conjunction with the built-in
is compiled with
.Sy zlib
support.
+.It exec_background
+By default,
+.Nm sudo
+runs a command as the foreground process as long as
+.Nm sudo
+itself is running in the foreground.
+When the
+.Em exec_background
+flag is enabled and the command is being run in a pty (due to I/O logging
+or the
+.Em use_pty
+flag), the command will be run as a background process.
+Attempts to read from the controlling terminal (or to change terminal
+settings) will result in the command being suspended with the
+.Dv SIGTTIN
+signal (or
+.Dv SIGTTOU
+in the case of terminal settings).
+If this happens when
+.Nm sudo
+is a foreground process, the command will be granted the controlling terminal
+and resumed in the foreground with no user intervention required.
+The advantage of initially running the command in the background is that
+.Nm sudo
+need not read from the terminal unless the command explicitly requests it.
+Otherwise, any terminal input must be passed to the command, whether it
+has required it or not (the kernel buffers terminals so it is not possible
+to tell whether the command really wants the input).
+This is different from historic
+.Em sudo
+behavior or when the command is not being run in a pty.
+.Pp
+For this to work seamlessly, the operating system must support the
+automatic restarting of system calls.
+Unfortunately, not all operating systems do this by default,
+and even those that do may have bugs.
+For example, Mac OS X fails to restart the
+.Fn tcgetattr
+and
+.Fn tcsetattr
+system calls (this is a bug in Mac OS X).
+Furthermore, because this behavior depends on the command stopping with the
+.Dv SIGTTIN
+or
+.Dv SIGTTOU
+signals, programs that catch these signals and suspend themselves
+with a different signal (usually
+.Dv SIGTOP )
+will not be automatically foregrounded.
+Some versions of the linux
+.Xr su 1
+command behave this way.
+.Pp
+This setting is only supported by version 1.8.7 or higher.
+It has no effect unless I/O logging is enabled or the
+.Em use_pty
+flag is enabled.
.It env_editor
If set,
.Nm visudo
This flag is
.Em off
by default.
-.It path_info
-Normally,
+.It pam_session
+On systems that use PAM for authentication,
.Nm sudo
-will tell the user when a command could not be
-found in their
-.Ev PATH
-environment variable.
-Some sites may wish to disable this as it could be used to gather
-information on the location of executables that the normal user does
-not have access to.
-The disadvantage is that if the executable is simply not in the user's
-.Ev PATH ,
-.Nm sudo
-will tell the user that they are not allowed to run it, which can be confusing.
+will create a new PAM session for the command to be run in.
+Disabling
+.Em pam_session
+may be needed on older PAM implementations or on operating systems where
+opening a PAM session changes the utmp or wtmp files.
+If PAM session support is disabled, resource limits may not be updated
+for the command being run.
This flag is
-.Em @path_info@
+.Em @pam_session@
by default.
+.Pp
+This setting is only supported by version 1.8.7 or higher.
.It passprompt_override
The password prompt specified by
.Em passprompt
This flag is
.Em off
by default.
+.It path_info
+Normally,
+.Nm sudo
+will tell the user when a command could not be
+found in their
+.Ev PATH
+environment variable.
+Some sites may wish to disable this as it could be used to gather
+information on the location of executables that the normal user does
+not have access to.
+The disadvantage is that if the executable is simply not in the user's
+.Ev PATH ,
+.Nm sudo
+will tell the user that they are not allowed to run it, which can be confusing.
+This flag is
+.Em @path_info@
+by default.
.It preserve_groups
By default,
.Nm sudo
replaced with a unique combination of digits and letters, similar to the
.Xr mktemp 3
function.
+.Pp
+If the path created by concatenating
+.Em iolog_dir
+and
+.Em iolog_file
+already exists, the existing I/O log file will be truncated and
+overwritten unless
+.Em iolog_file
+ends in six or
+more
+.Li X Ns No s .
.It limitprivs
The default Solaris limit privileges to use when constructing a new
privilege set for a command.
will expand to the host name of the machine.
Default is
.Dq Li @mailsub@ .
+.It maxseq
+The maximum sequence number that will be substituted for the
+.Dq Li %{seq}
+escape in the I/O log file (see the
+.Em iolog_dir
+description above for more information).
+While the value substituted for
+.Dq Li %{seq}
+is in base 36,
+.Em maxseq
+itself should be expressed in decimal.
+Values larger than 2176782336 (which corresponds to the
+base 36 sequence number
+.Dq ZZZZZZ )
+will be silently truncated to 2176782336.
+The default value is 2176782336.
+.Pp
+Once the local sequence number reaches the value of
+.Em maxseq ,
+it will
+.Dq roll over
+to zero, after which
+.Nm sudoers
+will truncate and re-use any existing I/O log pathnames.
+.Pp
+This setting is only supported by version 1.8.7 or higher.
.It noexec_file
-This option is no longer supported.
+As of
+.Nm sudo
+version 1.8.1 this option is no longer supported.
The path to the noexec file should now be set in the
-.Pa @sysconfdir@/sudo.conf
+.Xr sudo.conf @mansectform@
file.
.It passprompt
The default prompt to use when asking for a password; can be overridden via the
A string containing a
.Em sudoers
group plugin with optional arguments.
-This can be used to implement support for the
-.Li nonunix_group
-syntax described earlier.
The string should consist of the plugin
path, either fully-qualified or relative to the
-.Pa @prefix@/libexec
+.Pa @PLUGINDIR@
directory, followed by any configuration arguments the plugin requires.
These arguments (if any) will be passed to the plugin's initialization function.
If arguments are present, the string must be enclosed in double quotes
.Pq \&"" .
.Pp
-For example, given
-.Pa /etc/sudo-group ,
-a group file in Unix group format, the sample group plugin can be used:
-.Bd -literal
-Defaults group_plugin="sample_group.so /etc/sudo-group"
-.Ed
-.Pp
For more information see
-.Xr sudo_plugin @mansectform@ .
+.Xr "GROUP PROVIDER PLUGINS" .
.It lecture
This option controls when a short lecture will be printed along with
the password prompt.
.Fl V
option.
.El
+.Sh GROUP PROVIDER PLUGINS
+The
+.Nm sudoers
+plugin supports its own plugin interface to allow non-Unix
+group lookups which can query a group source other
+than the standard Unix group database.
+This can be used to implement support for the
+.Li nonunix_group
+syntax described earlier.
+.Pp
+Group provider plugins are specified via the
+.Em group_plugin
+Defaults setting.
+The argument to
+.Em group_plugin
+should consist of the plugin path, either fully-qualified or relative to the
+.Pa @PLUGINDIR@
+directory, followed by any configuration options the plugin requires.
+These options (if specified) will be passed to the plugin's initialization
+function.
+If options are present, the string must be enclosed in double quotes
+.Pq \&"" .
+.Pp
+The following group provider plugins are installed by default:
+.Bl -tag -width 8n
+.It group_file
+The
+.Em group_file
+plugin supports an alternate group file that uses the same syntax as the
+.Pa /etc/group
+file.
+The path to the group file should be specified as an option
+to the plugin.
+For example, if the group file to be used is
+.Pa /etc/sudo-group :
+.Bd -literal
+Defaults group_plugin="group_file.so /etc/sudo-group"
+.Ed
+.It system_group
+The
+.Em system_group
+plugin supports group lookups via the standard C library functions
+.Fn getgrnam
+and
+.Fn getgrid .
+This plugin can be used in instances where the user belongs to
+groups not present in the user's supplemental group vector.
+This plugin takes no options:
+.Bd -literal
+Defaults group_plugin=system_group.so
+.Ed
+.El
+.Pp
+The group provider plugin API is described in detail in
+.Xr sudo_plugin @mansectsu@ .
.Sh LOG FORMAT
.Nm sudoers
can log events using either
tries to open
.Em sudoers
using group permissions to avoid this problem.
-Consider changing the ownership of
+Consider either changing the ownership of
.Pa @sysconfdir@/sudoers
-by adding an option like
+or adding an argument like
.Dq sudoers_uid=N
(where
.Sq N
is the user ID that owns the
.Em sudoers
-file) to the
+file) to the end of the
.Nm sudoers
-plugin line in the
-.Pa @sysconfdir@/sudo.conf
+.Li Plugin
+line in the
+.Xr sudo.conf @mansectform@
file.
.It unable to stat @sysconfdir@/sudoers
The
.Em sudoers
file) to the
.Nm sudoers
-plugin line in the
-.Pa @sysconfdir@/sudo.conf
+.Li Plugin
+line in the
+.Xr sudo.conf @mansectform@
file.
.It @sysconfdir@/sudoers is world writable
The permissions on the
.Dq sudoers_mode
option to the
.Nm sudoers
-plugin line in the
-.Pa @sysconfdir@/sudo.conf
+.Li Plugin
+line in the
+.Xr sudo.conf @mansectform@
file.
.It @sysconfdir@/sudoers is owned by gid N, should be 1
The
.Em sudoers
file) to the
.Nm sudoers
-plugin line in the
-.Pa @sysconfdir@/sudo.conf
+.Li Plugin
+line in the
+.Xr sudo.conf @mansectform@
file.
.It unable to open @timedir@/username/ttyname
.Em sudoers
.Ql \&! ) ,
word wrap will be disabled.
.El
-.Sh SUDO.CONF
-The
-.Pa @sysconfdir@/sudo.conf
-file determines which plugins the
-.Nm sudo
-front end will load.
-If no
-.Pa @sysconfdir@/sudo.conf
-file
-is present, or it contains no
-.Li Plugin
-lines,
-.Nm sudo
-will use the
-.Em sudoers
-security policy and I/O logging, which corresponds to the following
-.Pa @sysconfdir@/sudo.conf
-file.
-.Bd -literal
-#
-# Default @sysconfdir@/sudo.conf file
-#
-# Format:
-# Plugin plugin_name plugin_path plugin_options ...
-# Path askpass /path/to/askpass
-# Path noexec /path/to/sudo_noexec.so
-# Debug sudo /var/log/sudo_debug all@warn
-# Set disable_coredump true
-#
-# The plugin_path is relative to @prefix@/libexec unless
-# fully qualified.
-# The plugin_name corresponds to a global symbol in the plugin
-# that contains the plugin interface structure.
-# The plugin_options are optional.
-#
-Plugin policy_plugin sudoers.so
-Plugin io_plugin sudoers.so
-.Ed
-.Ss Plugin options
-Starting with
-.Nm sudo
-1.8.5, it is possible to pass options to the
-.Em sudoers
-plugin.
-Options may be listed after the path to the plugin (i.e.\& after
-.Pa sudoers.so ) ;
-multiple options should be space-separated.
-For example:
-.Bd -literal
-Plugin sudoers_policy sudoers.so sudoers_file=/etc/sudoers sudoers_uid=0 sudoers_gid=0 sudoers_mode=0440
-.Ed
-.Pp
-The following plugin options are supported:
-.Bl -tag -width 8n
-.It sudoers_file=pathname
-The
-.Em sudoers_file
-option can be used to override the default path
-to the
-.Em sudoers
-file.
-.It sudoers_uid=uid
-The
-.Em sudoers_uid
-option can be used to override the default owner of the sudoers file.
-It should be specified as a numeric user ID.
-.It sudoers_gid=gid
-The
-.Em sudoers_gid
-option can be used to override the default group of the sudoers file.
-It should be specified as a numeric group ID.
-.It sudoers_mode=mode
-The
-.Em sudoers_mode
-option can be used to override the default file mode for the sudoers file.
-It should be specified as an octal value.
-.El
-.Ss Debug flags
-Versions 1.8.4 and higher of the
-.Em sudoers
-plugin supports a debugging framework that can help track down what the
-plugin is doing internally if there is a problem.
-This can be configured in the
-.Pa @sysconfdir@/sudo.conf
-file as described in
-.Xr sudo @mansectsu@ .
-.Pp
-The
-.Em sudoers
-plugin uses the same debug flag format as the
-.Nm sudo
-front-end:
-.Em subsystem Ns No @ Ns Em priority .
-.Pp
-The priorities used by
-.Em sudoers ,
-in order of decreasing severity,
-are:
-.Em crit ,
-.Em err ,
-.Em warn ,
-.Em notice ,
-.Em diag ,
-.Em info ,
-.Em trace
-and
-.Em debug .
-Each priority, when specified, also includes all priorities higher than it.
-For example, a priority of
-.Em notice
-would include debug messages logged at
-.Em notice
-and higher.
-.Pp
-The following subsystems are used by
-.Em sudoers :
-.Bl -tag -width 8n
-.It Em alias
-.Li User_Alias ,
-.Li Runas_Alias ,
-.Li Host_Alias
-and
-.Li Cmnd_Alias
-processing
-.It Em all
-matches every subsystem
-.It Em audit
-BSM and Linux audit code
-.It Em auth
-user authentication
-.It Em defaults
-.Em sudoers
-.Em Defaults
-settings
-.It Em env
-environment handling
-.It Em ldap
-LDAP-based sudoers
-.It Em logging
-logging support
-.It Em match
-matching of users, groups, hosts and netgroups in
-.Em sudoers
-.It Em netif
-network interface handling
-.It Em nss
-network service switch handling in
-.Em sudoers
-.It Em parser
-.Em sudoers
-file parsing
-.It Em perms
-permission setting
-.It Em plugin
-The equivalent of
-.Em main
-for the plugin.
-.It Em pty
-pseudo-tty related code
-.It Em rbtree
-redblack tree internals
-.It Em util
-utility functions
-.El
.Sh FILES
.Bl -tag -width 24n
.It Pa @sysconfdir@/sudo.conf
# Cmnd alias specification
Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
- /usr/sbin/restore, /usr/sbin/rrestore
+ /usr/sbin/restore, /usr/sbin/rrestore,\e
+ sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== \e
+ /home/operator/bin/start_backups
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
printing system, shutting down the system, and any commands in the
directory
.Pa /usr/oper/bin/ .
+Note that one command in the
+.Li DUMPS
+Cmnd_Alias includes a sha224 digest,
+.Pa /home/operator/bin/start_backups .
+This is because the directory containing the script is writable by the
+operator user.
+If the script is modified (resulting in a digest mismatch) it will no longer
+be possible to run it via
+.Nm sudo .
.Bd -literal
joe ALL = /usr/bin/su operator
.Ed
ignore it.
Administrators should not rely on this feature as it is not universally
available.
+.Sh DEBUGGING
+Versions 1.8.4 and higher of the
+.Nm sudoers
+plugin support a flexible debugging framework that can help track
+down what the plugin is doing internally if there is a problem.
+This can be configured in the
+.Xr sudo.conf @mansectform@
+file.
+.Pp
+The
+.Nm sudoers
+plugin uses the same debug flag format as the
+.Nm sudo
+front-end:
+.Em subsystem Ns No @ Ns Em priority .
+.Pp
+The priorities used by
+.Nm sudoers ,
+in order of decreasing severity,
+are:
+.Em crit , err , warn , notice , diag , info , trace
+and
+.Em debug .
+Each priority, when specified, also includes all priorities higher
+than it.
+For example, a priority of
+.Em notice
+would include debug messages logged at
+.Em notice
+and higher.
+.Pp
+The following subsystems are used by the
+.Nm sudoers
+plugin:
+.Bl -tag -width 8n
+.It Em alias
+.Li User_Alias ,
+.Li Runas_Alias ,
+.Li Host_Alias
+and
+.Li Cmnd_Alias
+processing
+.It Em all
+matches every subsystem
+.It Em audit
+BSM and Linux audit code
+.It Em auth
+user authentication
+.It Em defaults
+.Em sudoers
+.Em Defaults
+settings
+.It Em env
+environment handling
+.It Em ldap
+LDAP-based sudoers
+.It Em logging
+logging support
+.It Em match
+matching of users, groups, hosts and netgroups in
+.Em sudoers
+.It Em netif
+network interface handling
+.It Em nss
+network service switch handling in
+.Em sudoers
+.It Em parser
+.Em sudoers
+file parsing
+.It Em perms
+permission setting
+.It Em plugin
+The equivalent of
+.Em main
+for the plugin.
+.It Em pty
+pseudo-tty related code
+.It Em rbtree
+redblack tree internals
+.It Em util
+utility functions
+.El
+For example:
+.Bd -literal
+Debug sudo /var/log/sudo_debug match@info,nss@info
+.Ed
+.Pp
+For more information, see the
+.Xr sudo.conf @mansectform@
+manual.
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr su 1 ,
.Xr glob 3 ,
.Xr mktemp 3 ,
.Xr strftime 3 ,
+.Xr sudo.conf @mansectform@ ,
.Xr sudoers.ldap @mansectform@ ,
.Xr sudo_plugin @mansectsu@ ,
.Xr sudo @mansectsu@ ,
_\bp_\ba_\bt_\bt_\be_\br_\bn. On systems with POSIX regular expression
support, the pattern may be an extended regular
expression. On systems without POSIX regular
- expression support, a simple substring match is
+ expression support, a simple sub-string match is
performed instead.
cwd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 12, 2012 Sudo 1.8.6
+Sudo 1.8.7 February 5, 2013 Sudo 1.8.7
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDOREPLAY" "@mansectsu@" "February 5, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fIpattern\fR.
On systems with POSIX regular expression support, the pattern may
be an extended regular expression.
-On systems without POSIX regular expression support, a simple substring
+On systems without POSIX regular expression support, a simple sub-string
match is performed instead.
.TP 8n
cwd \fIdirectory\fR
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd July 12, 2012
+.Dd February 5, 2013
.Dt SUDOREPLAY @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Ar pattern .
On systems with POSIX regular expression support, the pattern may
be an extended regular expression.
-On systems without POSIX regular expression support, a simple substring
+On systems without POSIX regular expression support, a simple sub-string
match is performed instead.
.It cwd Ar directory
Evaluates to true if the command was run with the specified current
If an error is encountered, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of
1.
- -\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this
- option v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your
- choice, instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock file
- used is the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ``.tmp'' appended to
- it. In _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode only, the argument to -\b-f\bf may be `-',
+ -\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs Specify an alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this option
+ v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your choice,
+ instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock file used is
+ the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ``.tmp'' appended to it. In
+ _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode only, the argument to -\b-f\bf may be `-',
indicating that _\bs_\bu_\bd_\bo_\be_\br_\bs will be read from the standard input.
-\b-h\bh The -\b-h\bh (_\bh_\be_\bl_\bp) option causes v\bvi\bis\bsu\bud\bdo\bo to print a short help
file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
complete details.
-Sudo 1.8.6 July 12, 2012 Sudo 1.8.6
+Sudo 1.8.7 June 12, 2013 Sudo 1.8.7
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "VISUDO" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "June 12, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
\fBvisudo\fR
will print a message stating the line number(s)
where the error occurred and the user will receive the
-``What now?''
+\(lqWhat now?\(rq
prompt.
At this point the user may enter
-`e'
+\(oqe\(cq
to re-edit the
\fIsudoers\fR
file,
-`x'
+\(oqx\(cq
to exit without saving the changes, or
-`Q'
+\(oqQ\(cq
to quit and save changes.
The
-`Q'
+\(oqQ\(cq
option should be used with extreme care because if
\fBvisudo\fR
believes there to be a parse error, so will
\fBsudo\fR
again until the error is fixed.
If
-`e'
+\(oqe\(cq
is typed to edit the
\fIsudoers\fR
file after a parse error has been detected, the cursor will be placed on
.TP 12n
\fB\-f\fR \fIsudoers\fR
.br
-Specify and alternate
+Specify an alternate
\fIsudoers\fR
file location.
With this option
The lock file used is the specified
\fIsudoers\fR
file with
-``\.tmp''
+\(lq\.tmp\(rq
appended to it.
In
\fIcheck-only\fR
mode only, the argument to
\fB\-f\fR
may be
-`-',
+\(oq-\(cq,
indicating that
\fIsudoers\fR
will be read from the standard input.
Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase
letters, digits, and the underscore
-(`_')
+(\(oq_\(cq)
character.
.TP 12n
\fB\-V\fR
Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
or you have a user or host name listed that consists solely of
uppercase letters, digits, and the underscore
-(`_')
+(\(oq_\(cq)
character.
In the latter case, you can ignore the warnings
(\fBsudo\fR
.SH "DISCLAIMER"
\fBvisudo\fR
is provided
-``AS IS''
+\(lqAS IS\(rq
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd July 12, 2012
+.Dd June 12, 2013
.Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Nm visudo
will exit with a value of 1.
.It Fl f Ar sudoers
-Specify and alternate
+Specify an alternate
.Em sudoers
file location.
With this option
#
-# Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
/*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2010, 2012-1013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <stdarg.h>
+#undef efree
+#define efree(x) free((void *)(x))
+
int easprintf(char **, const char *, ...) __printflike(2, 3);
int evasprintf(char **, const char *, va_list) __printflike(2, 0);
-void efree(void *);
-void *ecalloc(size_t, size_t);
-void *emalloc(size_t);
-void *emalloc2(size_t, size_t);
+void *ecalloc(size_t, size_t) __malloc_like;
+void *emalloc(size_t) __malloc_like;
+void *emalloc2(size_t, size_t) __malloc_like;
void *erealloc(void *, size_t);
void *erealloc3(void *, size_t, size_t);
void *erecalloc(void *, size_t, size_t, size_t);
-char *estrdup(const char *);
-char *estrndup(const char *, size_t);
+char *estrdup(const char *) __malloc_like;
+char *estrndup(const char *, size_t) __malloc_like;
#endif /* _SUDO_ALLOC_H */
/*
- * Copyright (c) 2004, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#define _SUDO_ERROR_H_
#include <stdarg.h>
+#include <setjmp.h>
/*
- * We wrap error/errorx and warn/warnx so that the same output can
+ * We wrap fatal/fatalx and warning/warningx so that the same output can
* go to the debug file, if there is one.
*/
#if defined(SUDO_ERROR_WRAP) && SUDO_ERROR_WRAP == 0
# if defined(__GNUC__) && __GNUC__ == 2
-# define error(rval, fmt...) error2((rval), fmt)
-# define errorx(rval, fmt...) errorx2((rval), fmt)
-# define warning(fmt...) warning2(fmt)
-# define warningx(fmt...) warningx2(fmt)
+# define fatal(fmt...) fatal_nodebug(fmt)
+# define fatalx(fmt...) fatalx_nodebug(fmt)
+# define warning(fmt...) warning_nodebug(fmt)
+# define warningx(fmt...) warningx_nodebug(fmt)
# else
-# define error(rval, ...) error2((rval), __VA_ARGS__)
-# define errorx(rval, ...) errorx2((rval), __VA_ARGS__)
-# define warning(...) warning2(__VA_ARGS__)
-# define warningx(...) warningx2(__VA_ARGS__)
+# define fatal(...) fatal_nodebug(__VA_ARGS__)
+# define fatalx(...) fatalx_nodebug(__VA_ARGS__)
+# define warning(...) warning_nodebug(__VA_ARGS__)
+# define warningx(...) warningx_nodebug(__VA_ARGS__)
# endif /* __GNUC__ == 2 */
+# define vfatal(fmt, ap) fatal_nodebug((fmt), (ap))
+# define vfatalx(fmt, ap) fatalx_nodebug((fmt), (ap))
+# define vwarning(fmt, ap) warning_nodebug((fmt), (ap))
+# define vwarningx(fmt, ap) warningx_nodebug((fmt), (ap))
#else /* SUDO_ERROR_WRAP */
# if defined(__GNUC__) && __GNUC__ == 2
-# define error(rval, fmt...) do { \
+# define fatal(fmt...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \
fmt); \
- error2((rval), fmt); \
+ fatal_nodebug(fmt); \
} while (0)
-# define errorx(rval, fmt...) do { \
+# define fatalx(fmt...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, fmt); \
- errorx2((rval), fmt); \
+ fatalx_nodebug(fmt); \
} while (0)
# define warning(fmt...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \
fmt); \
- warning2(fmt); \
+ warning_nodebug(fmt); \
} while (0)
# define warningx(fmt...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, fmt); \
- warningx2(fmt); \
+ warningx_nodebug(fmt); \
} while (0)
# else
-# define error(rval, ...) do { \
+# define fatal(...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \
__VA_ARGS__); \
- error2((rval), __VA_ARGS__); \
+ fatal_nodebug(__VA_ARGS__); \
} while (0)
-# define errorx(rval, ...) do { \
+# define fatalx(...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, __VA_ARGS__); \
- errorx2((rval), __VA_ARGS__); \
+ fatalx_nodebug(__VA_ARGS__); \
} while (0)
# define warning(...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \
__VA_ARGS__); \
- warning2(__VA_ARGS__); \
+ warning_nodebug(__VA_ARGS__); \
} while (0)
# define warningx(...) do { \
sudo_debug_printf2(__func__, __FILE__, __LINE__, \
SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|sudo_debug_subsys, __VA_ARGS__); \
- warningx2(__VA_ARGS__); \
+ warningx_nodebug(__VA_ARGS__); \
} while (0)
# endif /* __GNUC__ == 2 */
+# define vfatal(fmt, ap) do { \
+ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \
+ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \
+ (fmt), (ap)); \
+ vfatal_nodebug((fmt), (ap)); \
+} while (0)
+# define vfatalx(fmt, ap) do { \
+ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \
+ SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|sudo_debug_subsys, (fmt), (ap)); \
+ vfatalx_nodebug((fmt), (ap)); \
+} while (0)
+# define vwarning(fmt, ap) do { \
+ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \
+ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO|sudo_debug_subsys, \
+ (fmt), (ap)); \
+ vwarning_nodebug((fmt), (ap)); \
+ warning_restore_locale(); \
+} while (0)
+# define vwarningx(fmt, ap) do { \
+ sudo_debug_vprintf2(__func__, __FILE__, __LINE__, \
+ SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO|sudo_debug_subsys, (fmt), (ap)); \
+ vwarningx_nodebug((fmt), (ap)); \
+} while (0)
#endif /* SUDO_ERROR_WRAP */
-void error2(int, const char *, ...) __printflike(2, 3) __attribute__((__noreturn__));
-void errorx2(int, const char *, ...) __printflike(2, 3) __attribute__((__noreturn__));
+#if defined(__GNUC__) && __GNUC__ == 2
+# define fatal_nodebug(fmt...) do { \
+ warning_set_locale(); \
+ fatal2(fmt); \
+} while (0)
+# define fatalx_nodebug(fmt...) do { \
+ warning_set_locale(); \
+ fatalx2(fmt); \
+} while (0)
+# define warning_nodebug(fmt...) do { \
+ warning_set_locale(); \
+ warning2(fmt); \
+ warning_restore_locale(); \
+} while (0)
+# define warningx_nodebug(fmt...) do { \
+ warning_set_locale(); \
+ warningx2(fmt); \
+ warning_restore_locale(); \
+} while (0)
+#else
+# define fatal_nodebug(...) do { \
+ warning_set_locale(); \
+ fatal2(__VA_ARGS__); \
+} while (0)
+# define fatalx_nodebug(...) do { \
+ warning_set_locale(); \
+ fatalx2(__VA_ARGS__); \
+} while (0)
+# define warning_nodebug(...) do { \
+ warning_set_locale(); \
+ warning2(__VA_ARGS__); \
+ warning_restore_locale(); \
+} while (0)
+# define warningx_nodebug(...) do { \
+ warning_set_locale(); \
+ warningx2(__VA_ARGS__); \
+ warning_restore_locale(); \
+} while (0)
+#endif /* __GNUC__ == 2 */
+#define vfatal_nodebug(fmt, ap) do { \
+ warning_set_locale(); \
+ vfatal2((fmt), (ap)); \
+} while (0)
+#define vfatalx_nodebug(fmt, ap) do { \
+ warning_set_locale(); \
+ vfatalx2((fmt), (ap)); \
+} while (0)
+#define vwarning_nodebug(fmt, ap) do { \
+ warning_set_locale(); \
+ vwarning2((fmt), (ap)); \
+ warning_restore_locale(); \
+} while (0)
+#define vwarningx_nodebug(fmt, ap) do { \
+ warning_set_locale(); \
+ vwarningx2((fmt), (ap)); \
+ warning_restore_locale(); \
+} while (0)
+
+#define fatal_setjmp() (fatal_enable_setjmp(), sigsetjmp(fatal_jmp, 1))
+#define fatal_longjmp(val) siglongjmp(fatal_jmp, val)
+
+extern int (*sudo_printf)(int msg_type, const char *fmt, ...);
+extern sigjmp_buf fatal_jmp;
+
+int fatal_callback_register(void (*func)(void));
+void fatal_disable_setjmp(void);
+void fatal_enable_setjmp(void);
+void fatal2(const char *, ...) __printflike(1, 2) __attribute__((__noreturn__));
+void fatalx2(const char *, ...) __printflike(1, 2) __attribute__((__noreturn__));
+void vfatal2(const char *, va_list ap) __attribute__((__noreturn__));
+void vfatalx2(const char *, va_list ap) __attribute__((__noreturn__));
void warning2(const char *, ...) __printflike(1, 2);
void warningx2(const char *, ...) __printflike(1, 2);
+void vwarning2(const char *, va_list ap);
+void vwarningx2(const char *, va_list ap);
+void warning_set_locale(void);
+void warning_restore_locale(void);
#endif /* _SUDO_ERROR_H_ */
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010, 2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
bool lock_file(int, int);
int touch(int, char *, struct timeval *);
-char *sudo_parseln(FILE *);
+ssize_t sudo_parseln(char **buf, size_t *bufsize, unsigned int *lineno, FILE *fp);
#endif /* _SUDO_FILEOPS_H */
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* Solaris locale.h includes libintl.h which causes problems when we
* redefine the gettext functions. We include it first to avoid this.
*/
-#if defined(HAVE_SETLOCALE) && defined(__sun__) && defined(__svr4__)
-# include <locale.h>
-#endif
+#include <locale.h>
#ifdef HAVE_LIBINTL_H
/*
- * Copyright (c) 2007, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007, 2010, 2011 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
/*
- * Copyright (c) 1996, 1998-2005, 2008, 2009-2010
+ * Copyright (c) 1996, 1998-2005, 2008, 2009-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
# endif
#endif
+/* Hint to compiler that returned pointer is unique (malloc but not realloc). */
+#ifndef __malloc_like
+# if __GNUC_PREREQ__(2, 96)
+# define __malloc_like __attribute__((__malloc__))
+# else
+# define __malloc_like
+# endif
+#endif
+
#ifndef __dso_public
# ifdef HAVE_DSO_VISIBILITY
# if defined(__GNUC__)
#endif
#ifndef PATH_MAX
-# ifdef MAXPATHLEN
-# define PATH_MAX MAXPATHLEN
+# ifdef _POSIX_PATH_MAX
+# define PATH_MAX _POSIX_PATH_MAX
# else
-# ifdef _POSIX_PATH_MAX
-# define PATH_MAX _POSIX_PATH_MAX
-# else
-# define PATH_MAX 1024
-# endif
+# define PATH_MAX 256
# endif
#endif
-#ifndef MAXHOSTNAMELEN
-# define MAXHOSTNAMELEN 64
+#ifndef HOST_NAME_MAX
+# ifdef _POSIX_HOST_NAME_MAX
+# define HOST_NAME_MAX _POSIX_HOST_NAME_MAX
+# else
+# define HOST_NAME_MAX 255
+# endif
#endif
/*
#endif
/*
- * BSD defines these in <sys/param.h> but others may not.
+ * BSD defines these in <sys/param.h> but we don't include that anymore.
*/
#ifndef MIN
# define MIN(a,b) (((a)<(b))?(a):(b))
# define MAX(a,b) (((a)>(b))?(a):(b))
#endif
+/* Macros to set/clear/test flags. */
+#undef SET
+#define SET(t, f) ((t) |= (f))
+#undef CLR
+#define CLR(t, f) ((t) &= ~(f))
+#undef ISSET
+#define ISSET(t, f) ((t) & (f))
+
+/*
+ * Some systems define this in <sys/param.h> but we don't include that anymore.
+ */
+#ifndef howmany
+# define howmany(x, y) (((x) + ((y) - 1)) / (y))
+#endif
+
/*
* Older systems may be missing stddef.h and/or offsetof macro
*/
#ifndef HAVE_GETPROGNAME
# ifdef HAVE___PROGNAME
extern const char *__progname;
-# define getprogname() (__progname)
+# define getprogname() (__progname)
# else
const char *getprogname(void);
void setprogname(const char *);
-#endif /* HAVE___PROGNAME */
+# endif /* HAVE___PROGNAME */
#endif /* !HAVE_GETPROGNAME */
/*
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include "list.h"
+#define GROUP_SOURCE_ADAPTIVE 0
+#define GROUP_SOURCE_STATIC 1
+#define GROUP_SOURCE_DYNAMIC 2
+
struct plugin_info {
struct plugin_info *prev; /* required */
struct plugin_info *next; /* required */
const char *path;
const char *symbol_name;
char * const * options;
+ int lineno;
};
TQ_DECLARE(plugin_info)
/* Read main sudo.conf file. */
-void sudo_conf_read(void);
+void sudo_conf_read(const char *);
/* Accessor functions. */
const char *sudo_conf_askpass_path(void);
+const char *sudo_conf_sesh_path(void);
const char *sudo_conf_noexec_path(void);
const char *sudo_conf_debug_flags(void);
struct plugin_info_list *sudo_conf_plugins(void);
bool sudo_conf_disable_coredump(void);
+int sudo_conf_group_source(void);
+int sudo_conf_max_groups(void);
#endif /* _SUDO_CONF_H */
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
void sudo_debug_exit_ptr(const char *func, const char *file, int line, int subsys, const void *rval);
int sudo_debug_fd_set(int fd);
int sudo_debug_init(const char *debugfile, const char *settings);
-void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *format, ...) __printflike(5, 6);
+void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *fmt, ...) __printflike(5, 6);
+void sudo_debug_vprintf2(const char *func, const char *file, int line, int level, const char *fmt, va_list ap);
void sudo_debug_write(const char *str, int len, int errno_val);
void sudo_debug_write2(const char *func, const char *file, int line, const char *str, int len, int errno_val);
pid_t sudo_debug_fork(void);
/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
/* API version major/minor */
#define SUDO_API_VERSION_MAJOR 1
-#define SUDO_API_VERSION_MINOR 2
+#define SUDO_API_VERSION_MINOR 3
#define SUDO_API_MKVERSION(x, y) ((x << 16) | y)
#define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR)
#!/usr/bin/env perl
+#
+# Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
use File::Temp qw/ :mktemp /;
use Fcntl;
# Expand some configure bits
$makefile =~ s:\@DEV\@::g;
$makefile =~ s:\@COMMON_OBJS\@:aix.lo:;
- $makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:;
- $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo sssd.lo:;
+ $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:;
+ $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:;
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
$makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo utimes.lo globtest.o fnm_test.o:;
#!/bin/sh
#
+# Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
# Build a binary package using polypkg
# Usage: mkpkg [--debug] [--flavor flavor] [--platform platform] [--osversion ver]
#
--with-tty-tickets
--with-ldap
--with-passprompt=[sudo] password for %p:
+ --with-sendmail=/usr/sbin/sendmail
$configure_opts"
;;
sles*)
# Note, must indent with tabs, not spaces due to IFS trickery
# XXX - SuSE uses secure path but only for env_reset
configure_opts="--prefix=/usr
- --libexecdir=/usr/$libexec/sudo
+ --libexecdir=/usr/$libexec
--with-logging=syslog
--with-logfac=auth
--with-all-insults
--with-ldap
--with-env-editor
--with-passprompt=%p\'s password:
+ --with-sendmail=/usr/sbin/sendmail
$configure_opts"
make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
--disable-setresuid
--with-sendmail=/usr/sbin/sendmail
--mandir=/usr/share/man
- --libexecdir=/usr/lib/sudo
+ --libexecdir=/usr/lib
--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin
$configure_opts"
;;
--with-env-editor
--enable-zlib=builtin
--disable-nls
+ --with-sendmail=/usr/sbin/sendmail
$configure_opts"
PPVARS="${PPVARS}${PPVARS+$space}aix_freeware=true"
;;
# For Solaris, add project support and use let configure choose zlib.
# For all others, use the builtin zlib and disable NLS support.
case "$osversion" in
- sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project${tab}--disable-pie";;
+ sol*) configure_opts="${configure_opts}${configure_opts+$tab}--with-project";;
*) configure_opts="${configure_opts}${configure_opts+$tab}--enable-zlib=builtin${tab}--disable-nls";;
esac
if test "$flavor" = "ldap"; then
/*
- * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2010
+ * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2012
* Todd C. Miller <Todd.Miller@courtesan.com>.
*
* Permission to use, copy, modify, and distribute this software for any
--- /dev/null
+#
+# Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# @configure_input@
+#
+
+#### Start of system configuration section. ####
+
+srcdir = @srcdir@
+devdir = @devdir@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+incdir = $(top_srcdir)/include
+cross_compiling = @CROSS_COMPILING@
+
+# Compiler & tools to use
+CC = @CC@
+LIBTOOL = @LIBTOOL@ @LT_STATIC@
+
+# Our install program supports extra flags...
+INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
+
+# Libraries
+LT_LIBS = $(LIBOBJDIR)libreplace.la
+LIBS = $(LT_LIBS)
+
+# C preprocessor flags
+CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@
+
+# Usually -O and/or -g
+CFLAGS = @CFLAGS@
+
+# Flags to pass to the link stage
+LDFLAGS = @LDFLAGS@
+LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@
+
+# PIE flags
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+
+# Stack smashing protection flags
+SSP_CFLAGS = @SSP_CFLAGS@
+SSP_LDFLAGS = @SSP_LDFLAGS@
+
+# Where to install things...
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sbindir = @sbindir@
+sysconfdir = @sysconfdir@
+libexecdir = @libexecdir@
+datarootdir = @datarootdir@
+localstatedir = @localstatedir@
+plugindir = @PLUGINDIR@
+
+# File extension, mode and map file to use for shared libraries/objects
+soext = @SOEXT@
+shlib_mode = @SHLIB_MODE@
+shlib_exp = $(srcdir)/group_file.exp
+shlib_map = group_file.map
+shlib_opt = group_file.opt
+
+# OS dependent defines
+DEFS = @OSDEFS@
+
+#### End of system configuration section. ####
+
+SHELL = @SHELL@
+
+OBJS = group_file.lo getgrent.lo
+
+LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/
+
+VERSION = @PACKAGE_VERSION@
+
+all: group_file.la
+
+Makefile: $(srcdir)/Makefile.in
+ (cd $(top_builddir) && ./config.status --file plugins/group_file/Makefile)
+
+.SUFFIXES: .o .c .h .lo
+
+.c.lo:
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $<
+
+$(shlib_map): $(shlib_exp)
+ @awk 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@
+
+$(shlib_opt): $(shlib_exp)
+ @sed 's/^/+e /' $(shlib_exp) > $@
+
+group_file.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@
+ $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir)
+
+pre-install:
+
+install: install-plugin
+
+install-dirs:
+ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir)
+
+install-binaries:
+
+install-includes:
+
+install-doc:
+
+install-plugin: install-dirs group_file.la
+ $(INSTALL) -b~ -m $(shlib_mode) .libs/group_file$(soext) $(DESTDIR)$(plugindir)/group_file.so
+
+uninstall:
+ -rm -f $(DESTDIR)$(plugindir)/group_file.so
+
+check:
+
+clean:
+ -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.*
+
+mostlyclean: clean
+
+distclean: clean
+ -rm -rf Makefile .libs
+
+clobber: distclean
+
+realclean: distclean
+ rm -f TAGS tags
+
+cleandir: realclean
+
+# Autogenerated dependencies, do not modify
+getgrent.lo: $(srcdir)/getgrent.c $(top_builddir)/config.h $(incdir)/missing.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrent.c
+group_file.lo: $(srcdir)/group_file.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/stdbool.h $(incdir)/sudo_plugin.h \
+ $(incdir)/missing.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_file.c
--- /dev/null
+/*
+ * Copyright (c) 2005,2008,2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Trivial replacements for the libc getgr{uid,nam}() routines.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <fcntl.h>
+#include <limits.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "missing.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+#undef GRMEM_MAX
+#define GRMEM_MAX 200
+
+static FILE *grf;
+static const char *grfile = "/etc/group";
+static int gr_stayopen;
+
+void mysetgrfile(const char *);
+void mysetgrent(void);
+void myendgrent(void);
+struct group *mygetgrent(void);
+struct group *mygetgrnam(const char *);
+struct group *mygetgrgid(gid_t);
+
+void
+mysetgrfile(const char *file)
+{
+ grfile = file;
+ if (grf != NULL)
+ myendgrent();
+}
+
+void
+mysetgrent(void)
+{
+ if (grf == NULL) {
+ grf = fopen(grfile, "r");
+ if (grf != NULL)
+ fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
+ } else {
+ rewind(grf);
+ }
+ gr_stayopen = 1;
+}
+
+void
+myendgrent(void)
+{
+ if (grf != NULL) {
+ fclose(grf);
+ grf = NULL;
+ }
+ gr_stayopen = 0;
+}
+
+struct group *
+mygetgrent(void)
+{
+ static struct group gr;
+ static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1];
+ size_t len;
+ char *cp, *colon;
+ int n;
+
+ if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL)
+ return NULL;
+
+ memset(&gr, 0, sizeof(gr));
+ if ((colon = strchr(cp = colon, ':')) == NULL)
+ return NULL;
+ *colon++ = '\0';
+ gr.gr_name = cp;
+ if ((colon = strchr(cp = colon, ':')) == NULL)
+ return NULL;
+ *colon++ = '\0';
+ gr.gr_passwd = cp;
+ if ((colon = strchr(cp = colon, ':')) == NULL)
+ return NULL;
+ *colon++ = '\0';
+ gr.gr_gid = atoi(cp);
+ len = strlen(colon);
+ if (len > 0 && colon[len - 1] == '\n')
+ colon[len - 1] = '\0';
+ if (*colon != '\0') {
+ gr.gr_mem = gr_mem;
+ cp = strtok(colon, ",");
+ for (n = 0; cp != NULL && n < GRMEM_MAX; n++) {
+ gr.gr_mem[n] = cp;
+ cp = strtok(NULL, ",");
+ }
+ gr.gr_mem[n++] = NULL;
+ } else
+ gr.gr_mem = NULL;
+ return &gr;
+}
+
+struct group *
+mygetgrnam(const char *name)
+{
+ struct group *gr;
+
+ if (grf == NULL) {
+ if ((grf = fopen(grfile, "r")) == NULL)
+ return NULL;
+ fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
+ } else {
+ rewind(grf);
+ }
+ while ((gr = mygetgrent()) != NULL) {
+ if (strcmp(gr->gr_name, name) == 0)
+ break;
+ }
+ if (!gr_stayopen) {
+ fclose(grf);
+ grf = NULL;
+ }
+ return gr;
+}
+
+struct group *
+mygetgrgid(gid_t gid)
+{
+ struct group *gr;
+
+ if (grf == NULL) {
+ if ((grf = fopen(grfile, "r")) == NULL)
+ return NULL;
+ fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
+ } else {
+ rewind(grf);
+ }
+ while ((gr = mygetgrent()) != NULL) {
+ if (gr->gr_gid == gid)
+ break;
+ }
+ if (!gr_stayopen) {
+ fclose(grf);
+ grf = NULL;
+ }
+ return gr;
+}
--- /dev/null
+/*
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <grp.h>
+#include <pwd.h>
+
+#include "sudo_plugin.h"
+#include "missing.h"
+
+/*
+ * Sample sudoers group plugin that uses an extra group file with the
+ * same format as /etc/group.
+ */
+
+static sudo_printf_t sudo_log;
+
+extern void mysetgrfile(const char *);
+extern void mysetgrent(void);
+extern void myendgrent(void);
+extern struct group *mygetgrnam(const char *);
+
+static int
+sample_init(int version, sudo_printf_t sudo_printf, char *const argv[])
+{
+ struct stat sb;
+
+ sudo_log = sudo_printf;
+
+ if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) {
+ sudo_log(SUDO_CONV_ERROR_MSG,
+ "group_file: incompatible major version %d, expected %d\n",
+ GROUP_API_VERSION_GET_MAJOR(version),
+ GROUP_API_VERSION_MAJOR);
+ return -1;
+ }
+
+ /* Sanity check the specified group file. */
+ if (argv == NULL || argv[0] == NULL) {
+ sudo_log(SUDO_CONV_ERROR_MSG,
+ "group_file: path to group file not specified\n");
+ return -1;
+ }
+ if (stat(argv[0], &sb) != 0) {
+ sudo_log(SUDO_CONV_ERROR_MSG,
+ "group_file: %s: %s\n", argv[0], strerror(errno));
+ return -1;
+ }
+ if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
+ sudo_log(SUDO_CONV_ERROR_MSG,
+ "%s must be only be writable by owner\n", argv[0]);
+ return -1;
+ }
+
+ mysetgrfile(argv[0]);
+ mysetgrent();
+
+ return true;
+}
+
+static void
+sample_cleanup(void)
+{
+ myendgrent();
+}
+
+/*
+ * Returns true if "user" is a member of "group", else false.
+ */
+static int
+sample_query(const char *user, const char *group, const struct passwd *pwd)
+{
+ struct group *grp;
+ char **member;
+
+ grp = mygetgrnam(group);
+ if (grp != NULL) {
+ for (member = grp->gr_mem; *member != NULL; member++) {
+ if (strcasecmp(user, *member) == 0)
+ return true;
+ }
+ }
+
+ return false;
+}
+
+__dso_public struct sudoers_group_plugin group_plugin = {
+ GROUP_API_VERSION,
+ sample_init,
+ sample_cleanup,
+ sample_query
+};
--- /dev/null
+group_plugin
--- /dev/null
+/*
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <limits.h>
+#include <pwd.h>
+
+#include "sudo_plugin.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+/*
+ * Simple driver to test sudoer group plugins.
+ * usage: plugin_test [-p "plugin.so plugin_args ..."] user:group ...
+ */
+
+static void *group_handle;
+static struct sudoers_group_plugin *group_plugin;
+
+static int
+plugin_printf(int msg_type, const char *fmt, ...)
+{
+ va_list ap;
+ FILE *fp;
+
+ switch (msg_type) {
+ case SUDO_CONV_INFO_MSG:
+ fp = stdout;
+ break;
+ case SUDO_CONV_ERROR_MSG:
+ fp = stderr;
+ break;
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+
+ va_start(ap, fmt);
+ vfprintf(fp, fmt, ap);
+ va_end(ap);
+
+ return 0;
+}
+
+/*
+ * Load the specified plugin and run its init function.
+ * Returns -1 if unable to open the plugin, else it returns
+ * the value from the plugin's init function.
+ */
+static int
+group_plugin_load(char *plugin_info)
+{
+ char *args, path[PATH_MAX], savedch;
+ char **argv = NULL;
+ int rc;
+
+ /*
+ * Fill in .so path and split out args (if any).
+ */
+ if ((args = strpbrk(plugin_info, " \t")) != NULL) {
+ savedch = *args;
+ *args = '\0';
+ }
+ strncpy(path, plugin_info, sizeof(path) - 1);
+ path[sizeof(path) - 1] = '\0';
+ if (args != NULL)
+ *args++ = savedch;
+
+ /* Open plugin and map in symbol. */
+ group_handle = dlopen(path, RTLD_LAZY);
+ if (!group_handle) {
+ fprintf(stderr, "unable to dlopen %s: %s\n", path, dlerror());
+ return -1;
+ }
+ group_plugin = dlsym(group_handle, "group_plugin");
+ if (group_plugin == NULL) {
+ fprintf(stderr, "unable to find symbol \"group_plugin\" in %s\n", path);
+ return -1;
+ }
+
+ if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) {
+ fprintf(stderr,
+ "%s: incompatible group plugin major version %d, expected %d\n",
+ path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version),
+ GROUP_API_VERSION_MAJOR);
+ return -1;
+ }
+
+ /*
+ * Split args into a vector if specified.
+ */
+ if (args != NULL) {
+ int ac = 0, wasblank = 1;
+ char *cp;
+
+ for (cp = args; *cp != '\0'; cp++) {
+ if (isblank((unsigned char)*cp)) {
+ wasblank = 1;
+ } else if (wasblank) {
+ wasblank = 0;
+ ac++;
+ }
+ }
+ if (ac != 0) {
+ argv = malloc(ac * sizeof(char *));
+ if (argv == NULL) {
+ perror(NULL);
+ return -1;
+ }
+ ac = 0;
+ for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
+ argv[ac++] = cp;
+ }
+ }
+
+ rc = (group_plugin->init)(GROUP_API_VERSION, plugin_printf, argv);
+
+ free(argv);
+
+ return rc;
+}
+
+static void
+group_plugin_unload(void)
+{
+ (group_plugin->cleanup)();
+ dlclose(group_handle);
+ group_handle = NULL;
+}
+
+static int
+group_plugin_query(const char *user, const char *group,
+ const struct passwd *pwd)
+{
+ return group_plugin->query)(user, group, pwd;
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr,
+ "usage: plugin_test [-p \"plugin.so plugin_args ...\"] user:group ...\n");
+ exit(1);
+}
+
+int
+main(int argc, char *argv[])
+{
+ int ch, i, found;
+ char *plugin = "group_file.so";
+ char *user, *group;
+ struct passwd *pwd;
+
+ while ((ch = getopt(argc, argv, "p:")) != -1) {
+ switch (ch) {
+ case 'p':
+ plugin = optarg;
+ break;
+ default:
+ usage();
+ }
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (argc < 1)
+ usage();
+
+ if (group_plugin_load(plugin) != 1) {
+ fprintf(stderr, "unable to load plugin: %s\n", plugin);
+ exit(1);
+ }
+
+ for (i = 0; argv[i] != NULL; i++) {
+ user = argv[i];
+ group = strchr(argv[i], ':');
+ if (group == NULL)
+ continue;
+ *group++ = '\0';
+ pwd = getpwnam(user);
+ found = group_plugin_query(user, group, pwd);
+ printf("user %s %s in group %s\n", user, found ? "is" : "NOT ", group);
+ }
+ group_plugin_unload();
+
+ exit(0);
+}
+
#
-# Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
install-doc:
install-plugin: install-dirs sample_plugin.la
- $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_plugin$(soext) $(DESTDIR)$(plugindir)
+ $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_plugin$(soext) $(DESTDIR)$(plugindir)/sample_plugin.so
uninstall:
- -rm -f $(DESTDIR)$(plugindir)/sample_plugin$(soext)
+ -rm -f $(DESTDIR)$(plugindir)/sample_plugin.so
check:
/*
- * Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
cp = strtok(editor, " \t");
if (cp == NULL ||
(editor_path = find_in_path(editor, plugin_state.envp)) == NULL) {
+ free(editor);
return NULL;
}
if (editor_path != editor)
* Note: This plugin does not differentiate between tty and pipe I/O.
* It all gets logged to the same file.
*/
-struct io_plugin sample_io = {
+__dso_public struct io_plugin sample_io = {
SUDO_IO_PLUGIN,
SUDO_API_VERSION,
io_open,
+++ /dev/null
-#
-# Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# @configure_input@
-#
-
-#### Start of system configuration section. ####
-
-srcdir = @srcdir@
-devdir = @devdir@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-incdir = $(top_srcdir)/include
-cross_compiling = @CROSS_COMPILING@
-
-# Compiler & tools to use
-CC = @CC@
-LIBTOOL = @LIBTOOL@ @LT_STATIC@
-
-# Our install program supports extra flags...
-INSTALL = $(SHELL) $(top_srcdir)/install-sh -c
-
-# Libraries
-LT_LIBS = $(LIBOBJDIR)libreplace.la
-LIBS = $(LT_LIBS)
-
-# C preprocessor flags
-CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(top_srcdir) @CPPFLAGS@
-
-# Usually -O and/or -g
-CFLAGS = @CFLAGS@
-
-# Flags to pass to the link stage
-LDFLAGS = @LDFLAGS@
-LT_LDFLAGS = @LT_LDFLAGS@ @LT_LDMAP@ @LT_LDOPT@ @LT_LDEXPORTS@
-
-# PIE flags
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
-
-# Stack smashing protection flags
-SSP_CFLAGS = @SSP_CFLAGS@
-SSP_LDFLAGS = @SSP_LDFLAGS@
-
-# Where to install things...
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-bindir = @bindir@
-sbindir = @sbindir@
-sysconfdir = @sysconfdir@
-libexecdir = @libexecdir@
-datarootdir = @datarootdir@
-localstatedir = @localstatedir@
-plugindir = @PLUGINDIR@
-
-# File extension, mode and map file to use for shared libraries/objects
-soext = @SOEXT@
-shlib_mode = @SHLIB_MODE@
-shlib_exp = $(srcdir)/sample_group.exp
-shlib_map = sample_group.map
-shlib_opt = sample_group.opt
-
-# OS dependent defines
-DEFS = @OSDEFS@
-
-#### End of system configuration section. ####
-
-SHELL = @SHELL@
-
-OBJS = sample_group.lo getgrent.lo
-
-LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/
-
-VERSION = @PACKAGE_VERSION@
-
-all: sample_group.la
-
-Makefile: $(srcdir)/Makefile.in
- (cd $(top_builddir) && ./config.status --file plugins/sample_group/Makefile)
-
-.SUFFIXES: .o .c .h .lo
-
-.c.lo:
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $<
-
-$(shlib_map): $(shlib_exp)
- @awk 'BEGIN { print "{\n\tglobal:" } { print "\t\t"$$0";" } END { print "\tlocal:\n\t\t*;\n};" }' $(shlib_exp) > $@
-
-$(shlib_opt): $(shlib_exp)
- @sed 's/^/+e /' $(shlib_exp) > $@
-
-sample_group.la: $(OBJS) $(LT_LIBS) @LT_LDDEP@
- $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ $(OBJS) $(LIBS) -module -avoid-version -rpath $(plugindir)
-
-pre-install:
-
-install: install-plugin
-
-install-dirs:
- $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(plugindir)
-
-install-binaries:
-
-install-includes:
-
-install-doc:
-
-install-plugin: install-dirs sample_group.la
- $(INSTALL) -b~ -m $(shlib_mode) .libs/sample_group$(soext) $(DESTDIR)$(plugindir)
-
-uninstall:
- -rm -f $(DESTDIR)$(plugindir)/sample_group$(soext)
-
-check:
-
-clean:
- -$(LIBTOOL) --mode=clean rm -f *.lo *.o *.la *.a stamp-* core *.core core.*
-
-mostlyclean: clean
-
-distclean: clean
- -rm -rf Makefile .libs
-
-clobber: distclean
-
-realclean: distclean
- rm -f TAGS tags
-
-cleandir: realclean
-
-# Autogenerated dependencies, do not modify
-getgrent.lo: $(srcdir)/getgrent.c $(top_builddir)/config.h $(incdir)/missing.h
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/getgrent.c
-sample_group.lo: $(srcdir)/sample_group.c $(top_builddir)/config.h \
- $(top_srcdir)/compat/stdbool.h $(incdir)/sudo_plugin.h \
- $(incdir)/missing.h
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sample_group.c
+++ /dev/null
-/*
- * Copyright (c) 2005,2008,2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Trivial replacements for the libc getgr{uid,nam}() routines.
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-# include <memory.h>
-# endif
-# include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#include <fcntl.h>
-#include <limits.h>
-#include <pwd.h>
-#include <grp.h>
-
-#include "missing.h"
-
-#ifndef LINE_MAX
-# define LINE_MAX 2048
-#endif
-
-#undef GRMEM_MAX
-#define GRMEM_MAX 200
-
-static FILE *grf;
-static const char *grfile = "/etc/group";
-static int gr_stayopen;
-
-void mysetgrfile(const char *);
-void mysetgrent(void);
-void myendgrent(void);
-struct group *mygetgrent(void);
-struct group *mygetgrnam(const char *);
-struct group *mygetgrgid(gid_t);
-
-void
-mysetgrfile(const char *file)
-{
- grfile = file;
- if (grf != NULL)
- myendgrent();
-}
-
-void
-mysetgrent(void)
-{
- if (grf == NULL) {
- grf = fopen(grfile, "r");
- if (grf != NULL)
- fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
- } else {
- rewind(grf);
- }
- gr_stayopen = 1;
-}
-
-void
-myendgrent(void)
-{
- if (grf != NULL) {
- fclose(grf);
- grf = NULL;
- }
- gr_stayopen = 0;
-}
-
-struct group *
-mygetgrent(void)
-{
- static struct group gr;
- static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1];
- size_t len;
- char *cp, *colon;
- int n;
-
- if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL)
- return NULL;
-
- memset(&gr, 0, sizeof(gr));
- if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
- *colon++ = '\0';
- gr.gr_name = cp;
- if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
- *colon++ = '\0';
- gr.gr_passwd = cp;
- if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
- *colon++ = '\0';
- gr.gr_gid = atoi(cp);
- len = strlen(colon);
- if (len > 0 && colon[len - 1] == '\n')
- colon[len - 1] = '\0';
- if (*colon != '\0') {
- gr.gr_mem = gr_mem;
- cp = strtok(colon, ",");
- for (n = 0; cp != NULL && n < GRMEM_MAX; n++) {
- gr.gr_mem[n] = cp;
- cp = strtok(NULL, ",");
- }
- gr.gr_mem[n++] = NULL;
- } else
- gr.gr_mem = NULL;
- return &gr;
-}
-
-struct group *
-mygetgrnam(const char *name)
-{
- struct group *gr;
-
- if (grf == NULL) {
- if ((grf = fopen(grfile, "r")) == NULL)
- return NULL;
- fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
- } else {
- rewind(grf);
- }
- while ((gr = mygetgrent()) != NULL) {
- if (strcmp(gr->gr_name, name) == 0)
- break;
- }
- if (!gr_stayopen) {
- fclose(grf);
- grf = NULL;
- }
- return gr;
-}
-
-struct group *
-mygetgrgid(gid_t gid)
-{
- struct group *gr;
-
- if (grf == NULL) {
- if ((grf = fopen(grfile, "r")) == NULL)
- return NULL;
- fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
- } else {
- rewind(grf);
- }
- while ((gr = mygetgrent()) != NULL) {
- if (gr->gr_gid == gid)
- break;
- }
- if (!gr_stayopen) {
- fclose(grf);
- grf = NULL;
- }
- return gr;
-}
+++ /dev/null
-/*
- * Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <stdarg.h>
-#include <string.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <dlfcn.h>
-#include <errno.h>
-#include <limits.h>
-#include <pwd.h>
-
-#include "sudo_plugin.h"
-
-/*
- * Simple driver to test sudoer group plugins.
- * usage: plugin_test [-p "plugin.so plugin_args ..."] user:group ...
- */
-
-static void *group_handle;
-static struct sudoers_group_plugin *group_plugin;
-
-static int
-plugin_printf(int msg_type, const char *fmt, ...)
-{
- va_list ap;
- FILE *fp;
-
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- fp = stdout;
- break;
- case SUDO_CONV_ERROR_MSG:
- fp = stderr;
- break;
- default:
- errno = EINVAL;
- return -1;
- }
-
- va_start(ap, fmt);
- vfprintf(fp, fmt, ap);
- va_end(ap);
-
- return 0;
-}
-
-/*
- * Load the specified plugin and run its init function.
- * Returns -1 if unable to open the plugin, else it returns
- * the value from the plugin's init function.
- */
-static int
-group_plugin_load(char *plugin_info)
-{
- char *args, path[PATH_MAX], savedch;
- char **argv = NULL;
- int rc;
-
- /*
- * Fill in .so path and split out args (if any).
- */
- if ((args = strpbrk(plugin_info, " \t")) != NULL) {
- savedch = *args;
- *args = '\0';
- }
- strncpy(path, plugin_info, sizeof(path) - 1);
- path[sizeof(path) - 1] = '\0';
- if (args != NULL)
- *args++ = savedch;
-
- /* Open plugin and map in symbol. */
- group_handle = dlopen(path, RTLD_LAZY);
- if (!group_handle) {
- fprintf(stderr, "unable to dlopen %s: %s\n", path, dlerror());
- return -1;
- }
- group_plugin = dlsym(group_handle, "group_plugin");
- if (group_plugin == NULL) {
- fprintf(stderr, "unable to find symbol \"group_plugin\" in %s\n", path);
- return -1;
- }
-
- if (GROUP_API_VERSION_GET_MAJOR(group_plugin->version) != GROUP_API_VERSION_MAJOR) {
- fprintf(stderr,
- "%s: incompatible group plugin major version %d, expected %d\n",
- path, GROUP_API_VERSION_GET_MAJOR(group_plugin->version),
- GROUP_API_VERSION_MAJOR);
- return -1;
- }
-
- /*
- * Split args into a vector if specified.
- */
- if (args != NULL) {
- int ac = 0, wasblank = 1;
- char *cp;
-
- for (cp = args; *cp != '\0'; cp++) {
- if (isblank((unsigned char)*cp)) {
- wasblank = 1;
- } else if (wasblank) {
- wasblank = 0;
- ac++;
- }
- }
- if (ac != 0) {
- argv = malloc(ac * sizeof(char *));
- if (argv == NULL) {
- fprintf(stderr, "unable to allocate memory\n");
- return -1;
- }
- ac = 0;
- for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
- argv[ac++] = cp;
- }
- }
-
- rc = (group_plugin->init)(GROUP_API_VERSION, plugin_printf, argv);
-
- free(argv);
-
- return rc;
-}
-
-static void
-group_plugin_unload(void)
-{
- (group_plugin->cleanup)();
- dlclose(group_handle);
- group_handle = NULL;
-}
-
-static int
-group_plugin_query(const char *user, const char *group,
- const struct passwd *pwd)
-{
- return group_plugin->query)(user, group, pwd;
-}
-
-static void
-usage(void)
-{
- fprintf(stderr,
- "usage: plugin_test [-p \"plugin.so plugin_args ...\"] user:group ...\n");
- exit(1);
-}
-
-int
-main(int argc, char *argv[])
-{
- int ch, i, found;
- char *plugin = "sample_group.so";
- char *user, *group;
- struct passwd *pwd;
-
- while ((ch = getopt(argc, argv, "p:")) != -1) {
- switch (ch) {
- case 'p':
- plugin = optarg;
- break;
- default:
- usage();
- }
- }
- argc -= optind;
- argv += optind;
-
- if (argc < 1)
- usage();
-
- if (group_plugin_load(plugin) != 1) {
- fprintf(stderr, "unable to load plugin: %s\n", plugin);
- exit(1);
- }
-
- for (i = 0; argv[i] != NULL; i++) {
- user = argv[i];
- group = strchr(argv[i], ':');
- if (group == NULL)
- continue;
- *group++ = '\0';
- pwd = getpwnam(user);
- found = group_plugin_query(user, group, pwd);
- printf("user %s %s in group %s\n", user, found ? "is" : "NOT ", group);
- }
- group_plugin_unload();
-
- exit(0);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STDBOOL_H
-# include <stdbool.h>
-#else
-# include "compat/stdbool.h"
-#endif /* HAVE_STDBOOL_H */
-#ifdef HAVE_STRING_H
-# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
-# include <memory.h>
-# endif
-# include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <ctype.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <grp.h>
-#include <pwd.h>
-
-#include "sudo_plugin.h"
-#include "missing.h"
-
-/*
- * Sample sudoers group plugin that uses an extra group file with the
- * same format as /etc/group.
- */
-
-static sudo_printf_t sudo_log;
-
-extern void mysetgrfile(const char *);
-extern void mysetgrent(void);
-extern void myendgrent(void);
-extern struct group *mygetgrnam(const char *);
-
-static int
-sample_init(int version, sudo_printf_t sudo_printf, char *const argv[])
-{
- struct stat sb;
-
- sudo_log = sudo_printf;
-
- if (GROUP_API_VERSION_GET_MAJOR(version) != GROUP_API_VERSION_MAJOR) {
- sudo_log(SUDO_CONV_ERROR_MSG,
- "sample_group: incompatible major version %d, expected %d\n",
- GROUP_API_VERSION_GET_MAJOR(version),
- GROUP_API_VERSION_MAJOR);
- return -1;
- }
-
- /* Sanity check the specified group file. */
- if (argv == NULL || argv[0] == NULL) {
- sudo_log(SUDO_CONV_ERROR_MSG,
- "sample_group: path to group file not specified\n");
- return -1;
- }
- if (stat(argv[0], &sb) != 0) {
- sudo_log(SUDO_CONV_ERROR_MSG,
- "sample_group: %s: %s\n", argv[0], strerror(errno));
- return -1;
- }
- if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
- sudo_log(SUDO_CONV_ERROR_MSG,
- "%s must be only be writable by owner\n", argv[0]);
- return -1;
- }
-
- mysetgrfile(argv[0]);
- mysetgrent();
-
- return true;
-}
-
-static void
-sample_cleanup(void)
-{
- myendgrent();
-}
-
-/*
- * Returns true if "user" is a member of "group", else false.
- */
-static int
-sample_query(const char *user, const char *group, const struct passwd *pwd)
-{
- struct group *grp;
- char **member;
-
- grp = mygetgrnam(group);
- if (grp != NULL) {
- for (member = grp->gr_mem; *member != NULL; member++) {
- if (strcasecmp(user, *member) == 0)
- return true;
- }
- }
-
- return false;
-}
-
-struct sudoers_group_plugin group_plugin = {
- GROUP_API_VERSION,
- sample_init,
- sample_cleanup,
- sample_query
-};
+++ /dev/null
-group_plugin
#
-# Copyright (c) 1996, 1998-2005, 2007-2012
+# Copyright (c) 1996, 1998-2005, 2007-2013
# Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
PROGS = sudoers.la visudo sudoreplay testsudoers
-TEST_PROGS = check_iolog_path check_fill check_wrap check_addr check_symbols
+TEST_PROGS = check_iolog_path check_fill check_wrap check_addr check_symbols \
+ check_digest check_base64
AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
-LIBPARSESUDOERS_OBJS = alias.lo audit.lo defaults.lo gram.lo match.lo \
- match_addr.lo pwutil.lo timestr.lo toke.lo \
- toke_util.lo redblack.lo
+LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \
+ gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \
+ timestr.lo toke.lo toke_util.lo redblack.lo sha2.lo
-SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo goodpath.lo \
- group_plugin.lo find_path.lo interfaces.lo logging.lo \
- logwrap.lo parse.lo set_perms.lo sudoers.lo sudo_nss.lo \
- iolog.lo iolog_path.lo @SUDOERS_OBJS@
+SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \
+ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \
+ iolog_path.lo locale.lo logging.lo logwrap.lo parse.lo \
+ policy.lo prompt.lo set_perms.lo sudo_nss.lo sudoers.lo \
+ timestamp.lo @SUDOERS_OBJS@
-VISUDO_OBJS = visudo.o goodpath.o find_path.o error.o
+VISUDO_OBJS = find_path.o goodpath.o locale.o visudo.o
-REPLAY_OBJS = getdate.o sudoreplay.o error.o
+REPLAY_OBJS = getdate.o locale.o sudoreplay.o
-TEST_OBJS = interfaces.o testsudoers.o tsgetgrpw.o error.o group_plugin.o \
- net_ifs.o
+TEST_OBJS = group_plugin.o interfaces.o locale.o net_ifs.o \
+ testsudoers.o tsgetgrpw.o
-CHECK_ADDR_OBJS = check_addr.o match_addr.o interfaces.o error.o
+CHECK_ADDR_OBJS = check_addr.o interfaces.o locale.o match_addr.o
-CHECK_FILL_OBJS = check_fill.o toke_util.o error.o
+CHECK_BASE64_OBJS = check_base64.o base64.o locale.o
-CHECK_IOLOG_PATH_OBJS = check_iolog_path.o error.o iolog_path.o pwutil.o \
- redblack.o
+CHECK_DIGEST_OBJS = check_digest.o sha2.o
-CHECK_SYMBOLS_OBJS = check_symbols.o error.o
+CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o
-CHECK_WRAP_OBJS = check_wrap.o logwrap.o error.o
+CHECK_IOLOG_PATH_OBJS = check_iolog_path.o iolog_path.o locale.o \
+ pwutil.o pwutil_impl.o redblack.o
+
+CHECK_SYMBOLS_OBJS = check_symbols.o locale.o
+
+CHECK_WRAP_OBJS = check_wrap.o locale.o logwrap.o
LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/
check_addr: $(CHECK_ADDR_OBJS) $(LT_LIBS)
$(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_ADDR_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) $(NET_LIBS)
-check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS)
- $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
+check_base64: $(CHECK_BASE64_OBJS) $(LT_LIBS)
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_BASE64_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
+
+check_digest: $(CHECK_DIGEST_OBJS) $(LT_LIBS)
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_DIGEST_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
check_fill: $(CHECK_FILL_OBJS) $(LT_LIBS)
$(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_FILL_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
+check_iolog_path: $(CHECK_IOLOG_PATH_OBJS) $(LT_LIBS)
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_IOLOG_PATH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
+
check_symbols: $(CHECK_SYMBOLS_OBJS) $(LT_LIBS)
- $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@
+ if [ X"$(soext)" != X"" ]; then \
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@; \
+ fi
check_wrap: $(CHECK_WRAP_OBJS) $(LT_LIBS)
$(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_WRAP_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
else \
gram_y="$(srcdir)/gram.y"; \
fi; \
- cmd='$(YACC) -d '"$$gram_y"'; echo "#include <config.h>" > $(devdir)/gram.c; sed "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \
+ cmd='$(YACC) -d -p sudoers '"$$gram_y"'; echo "#include <config.h>" > $(devdir)/gram.c; sed "s/^\\(#line .*\\) \"y\\.tab\\.c\"/\1 \"gram.c\"/" y.tab.c >> $(devdir)/gram.c; rm -f y.tab.c; mv -f y.tab.h $(devdir)/gram.h'; \
echo "$$cmd"; eval $$cmd; \
fi
else \
toke_l="$(srcdir)/toke.l"; \
fi; \
- cmd='$(FLEX) '"$$toke_l"'; echo "#include <config.h>" > $(devdir)/toke.c; cat lex.yy.c >> $(devdir)/toke.c; rm -f lex.yy.c'; \
+ cmd='$(FLEX) '"$$toke_l"'; echo "#include <config.h>" > $(devdir)/toke.c; cat lex.sudoers.c >> $(devdir)/toke.c; rm -f lex.sudoers.c'; \
echo "$$cmd"; eval $$cmd; \
fi
if [ X"$(soext)" != X"" ]; then \
test X"$$SUDO_PREINSTALL_CMD" != X"" && \
$$SUDO_PREINSTALL_CMD .libs/sudoers$(soext); \
- $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/sudoers$(soext) $(DESTDIR)$(plugindir); \
+ $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m $(shlib_mode) .libs/sudoers$(soext) $(DESTDIR)$(plugindir)/sudoers.so; \
fi
install-sudoers: install-dirs
sudoers $(DESTDIR)$(sudoersdir)/sudoers
uninstall:
- -rm -f $(DESTDIR)$(plugindir)/sudoers$(soext)
+ -rm -f $(DESTDIR)$(plugindir)/sudoers.so
-rm -f $(DESTDIR)$(replaydir)/sudoreplay
-rm -f $(DESTDIR)$(visudodir)/visudo
-cmp $(DESTDIR)$(sudoersdir)/sudoers $(srcdir)/sudoers >/dev/null && \
rm -f $(DESTDIR)$(sudoersdir)/sudoers
check: $(TEST_PROGS) visudo testsudoers
- @-if test X"$(cross_compiling)" != X"yes"; then \
+ @if test X"$(cross_compiling)" != X"yes"; then \
rval=0; \
- PWD=`pwd`; \
- ./check_addr $(srcdir)/regress/parser/check_addr.in; \
- rval=`expr $$rval + $$?`; \
- ./check_fill; \
- rval=`expr $$rval + $$?`; \
- ./check_iolog_path $(srcdir)/regress/iolog_path/data; \
- rval=`expr $$rval + $$?`; \
+ CWD=`pwd`; \
+ mkdir -p regress/parser; \
+ ./check_addr $(srcdir)/regress/parser/check_addr.in || rval=`expr $$rval + $$?`; \
+ ./check_base64 || rval=`expr $$rval + $$?`; \
+ ./check_digest > regress/parser/check_digest.out; \
+ diff regress/parser/check_digest.out $(srcdir)/regress/parser/check_digest.out.ok || rval=`expr $$rval + $$?`; \
+ ./check_fill || rval=`expr $$rval + $$?`; \
+ ./check_iolog_path $(srcdir)/regress/iolog_path/data || rval=`expr $$rval + $$?`; \
if [ X"$(soext)" != X"" ]; then \
- ./check_symbols .libs/sudoers$(soext) $(shlib_exp); \
- rval=`expr $$rval + $$?`; \
+ ./check_symbols .libs/sudoers$(soext) $(shlib_exp) || rval=`expr $$rval + $$?`; \
fi; \
- ./check_wrap $(srcdir)/regress/logging/check_wrap.in > check_wrap.out; \
- diff check_wrap.out $(srcdir)/regress/logging/check_wrap.out.ok; \
- rval=`expr $$rval + $$?`; \
+ mkdir -p regress/logging; \
+ ./check_wrap $(srcdir)/regress/logging/check_wrap.in > regress/logging/check_wrap.out; \
+ diff regress/logging/check_wrap.out $(srcdir)/regress/logging/check_wrap.out.ok || rval=`expr $$rval + $$?`; \
passed=0; failed=0; total=0; \
mkdir -p regress/sudoers; \
dir=sudoers; \
base=`basename $$t .in`; \
out="regress/sudoers/$${base}.out"; \
toke="regress/sudoers/$${base}.toke"; \
- ./testsudoers -dt <$$t >$$out 2>$$toke; \
+ ./testsudoers -dt <$$t >$$out 2>$$toke || true; \
if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \
passed=`expr $$passed + 1`; \
echo "$$dir/$$base (parse): OK"; \
else \
failed=`expr $$failed + 1`; \
echo "$$dir/$$base: FAIL"; \
- diff $$out $(srcdir)/$$out.ok; \
+ diff $$out $(srcdir)/$$out.ok || true; \
fi; \
total=`expr $$total + 1`; \
if cmp $$toke $(srcdir)/$$toke.ok >/dev/null; then \
else \
failed=`expr $$failed + 1`; \
echo "$$dir/$$base (toke): FAIL"; \
- diff $$out $(srcdir)/$$out.ok; \
+ diff $$out $(srcdir)/$$out.ok || true; \
fi; \
total=`expr $$total + 1`; \
done; \
echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \
- rval=`expr $$rval + $$failed`; \
+ if test $$failed -ne 0; then \
+ rval=`expr $$rval + $$failed`; \
+ fi; \
for dir in testsudoers visudo; do \
mkdir -p regress/$$dir; \
passed=0; failed=0; total=0; \
base=`basename $$t .sh`; \
out="regress/$$dir/$${base}.out"; \
err="regress/$$dir/$${base}.err"; \
- TESTDIR=$$PWD/$(srcdir)/regress/$$dir \
+ TESTDIR=$$CWD/$(srcdir)/regress/$$dir \
$(SHELL) $$t >$$out 2>$$err; \
if cmp $$out $(srcdir)/$$out.ok >/dev/null; then \
passed=`expr $$passed + 1`; \
else \
failed=`expr $$failed + 1`; \
echo "$$dir/$$base: FAIL"; \
- diff $$out $(srcdir)/$$out.ok; \
+ diff $$out $(srcdir)/$$out.ok || true; \
fi; \
total=`expr $$total + 1`; \
if test -s $(srcdir)/$$err.ok; then \
else \
failed=`expr $$failed + 1`; \
echo "$$dir/$$base (stderr): FAIL"; \
- diff $$out $(srcdir)/$$out.ok; \
+ diff $$out $(srcdir)/$$out.ok || true; \
fi; \
total=`expr $$total + 1`; \
elif test -s $$err; then \
+ failed=`expr $$failed + 1`; \
+ echo "$$dir/$$base (stderr): FAIL"; \
cat $$err 1>&2; \
fi; \
done; \
echo "$$dir: $$passed/$$total tests passed; $$failed/$$total tests failed"; \
- rval=`expr $$rval + $$failed`; \
+ if test $$failed -ne 0; then \
+ rval=`expr $$rval + $$failed`; \
+ fi; \
done; \
exit $$rval; \
fi
clean:
- -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.* *.out *.toke *.err *.inc
+ -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la \
+ *.a stamp-* core *.core core.* regress/*/*.out regress/*/*.toke \
+ regress/*/*.err
mostlyclean: clean
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
$(srcdir)/parse.h $(srcdir)/redblack.h $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c
-audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h $(incdir)/missing.h \
+audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
$(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \
$(srcdir)/linux_audit.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c
+base64.lo: $(srcdir)/base64.c $(top_builddir)/config.h $(incdir)/missing.h \
+ $(incdir)/sudo_debug.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c
+base64.o: base64.lo
boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/sudo_debug.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c
$(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
$(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \
$(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
- $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
+ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
+ $(srcdir)/check.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/check.c
check_addr.o: $(srcdir)/regress/parser/check_addr.c $(top_builddir)/config.h \
$(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
$(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/parse.h \
$(srcdir)/interfaces.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_addr.c
+check_base64.o: $(srcdir)/regress/parser/check_base64.c \
+ $(top_builddir)/config.h $(incdir)/missing.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_base64.c
+check_digest.o: $(srcdir)/regress/parser/check_digest.c \
+ $(top_builddir)/config.h $(incdir)/missing.h $(srcdir)/sha2.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_digest.c
check_fill.o: $(srcdir)/regress/parser/check_fill.c $(top_builddir)/config.h \
- $(top_srcdir)/compat/stdbool.h $(incdir)/list.h \
- $(srcdir)/parse.h $(srcdir)/toke.h $(incdir)/sudo_plugin.h \
- $(devdir)/gram.h
+ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
+ $(incdir)/list.h $(srcdir)/parse.h $(srcdir)/toke.h \
+ $(incdir)/sudo_plugin.h $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/parser/check_fill.c
check_iolog_path.o: $(srcdir)/regress/iolog_path/check_iolog_path.c \
$(top_builddir)/config.h $(srcdir)/sudoers.h \
$(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env.c
-error.o: $(top_srcdir)/src/error.c $(top_builddir)/config.h \
- $(incdir)/missing.h $(incdir)/error.h $(incdir)/gettext.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(top_srcdir)/src/error.c
find_path.lo: $(srcdir)/find_path.c $(top_builddir)/config.h \
$(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
$(top_builddir)/pathnames.h $(incdir)/missing.h \
$(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
$(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
- $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h $(devdir)/gram.h
+ $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/gram.c
group_plugin.lo: $(srcdir)/group_plugin.c $(top_builddir)/config.h \
$(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \
$(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c
group_plugin.o: group_plugin.lo
+hexchar.lo: $(srcdir)/hexchar.c $(top_builddir)/config.h $(incdir)/missing.h \
+ $(incdir)/sudo_debug.h $(incdir)/error.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c
+hexchar.o: hexchar.lo
interfaces.lo: $(srcdir)/interfaces.c $(top_builddir)/config.h \
$(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
$(top_builddir)/pathnames.h $(incdir)/missing.h \
$(incdir)/gettext.h $(incdir)/sudo_debug.h \
$(srcdir)/linux_audit.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c
+locale.lo: $(srcdir)/locale.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
+ $(incdir)/error.h $(incdir)/alloc.h $(srcdir)/logging.h \
+ $(incdir)/gettext.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locale.c
+locale.o: locale.lo
logging.lo: $(srcdir)/logging.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
$(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
$(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/logwrap.c
logwrap.o: logwrap.lo
-match.lo: $(srcdir)/match.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
- $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
- $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
- $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \
- $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
- $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
- $(srcdir)/parse.h $(devdir)/gram.h $(top_srcdir)/compat/fnmatch.h \
- $(top_srcdir)/compat/glob.h
+match.lo: $(srcdir)/match.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/fnmatch.h $(top_srcdir)/compat/glob.h \
+ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
+ $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \
+ $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
+ $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
+ $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
+ $(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/sha2.h \
+ $(devdir)/gram.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/match.c
match_addr.lo: $(srcdir)/match_addr.c $(top_builddir)/config.h \
$(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
$(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/passwd.c
-plugin_error.lo: $(srcdir)/plugin_error.c $(top_builddir)/config.h \
- $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
- $(incdir)/sudo_plugin.h $(incdir)/gettext.h
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/plugin_error.c
+policy.lo: $(srcdir)/policy.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
+ $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
+ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
+ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \
+ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
+ $(srcdir)/sudoers_version.h $(srcdir)/interfaces.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/policy.c
+prompt.lo: $(srcdir)/prompt.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
+ $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
+ $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
+ $(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \
+ $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/prompt.c
pwutil.lo: $(srcdir)/pwutil.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
$(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
$(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
$(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \
$(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
- $(srcdir)/redblack.h
+ $(srcdir)/redblack.h $(srcdir)/pwutil.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil.c
pwutil.o: pwutil.lo
+pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(top_builddir)/config.h \
+ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
+ $(top_builddir)/pathnames.h $(incdir)/missing.h \
+ $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \
+ $(incdir)/fileops.h $(srcdir)/defaults.h $(devdir)/def_data.h \
+ $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
+ $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
+ $(incdir)/gettext.h $(srcdir)/pwutil.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil_impl.c
+pwutil_impl.o: pwutil_impl.lo
redblack.lo: $(srcdir)/redblack.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/alloc.h $(incdir)/sudo_debug.h $(srcdir)/redblack.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/redblack.c
$(srcdir)/logging.h $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_debug.h $(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/set_perms.c
+sha2.lo: $(srcdir)/sha2.c $(top_builddir)/config.h \
+ $(top_srcdir)/compat/endian.h $(srcdir)/sha2.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sha2.c
+sha2.o: sha2.lo
sia.lo: $(authdir)/sia.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
$(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \
$(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
$(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
$(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \
- $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/interfaces.h \
- $(srcdir)/sudoers_version.h $(srcdir)/auth/sudo_auth.h \
- $(incdir)/secure_path.h
+ $(incdir)/sudo_debug.h $(incdir)/gettext.h \
+ $(srcdir)/auth/sudo_auth.h $(incdir)/secure_path.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoers.c
sudoreplay.o: $(srcdir)/sudoreplay.c $(top_builddir)/config.h \
$(top_srcdir)/compat/timespec.h $(top_srcdir)/compat/stdbool.h \
$(top_builddir)/pathnames.h $(incdir)/missing.h \
$(incdir)/alloc.h $(incdir)/error.h $(incdir)/gettext.h \
- $(incdir)/sudo_plugin.h $(incdir)/sudo_conf.h $(incdir)/list.h \
- $(incdir)/sudo_debug.h
+ $(srcdir)/logging.h $(incdir)/sudo_plugin.h \
+ $(incdir)/sudo_conf.h $(incdir)/list.h $(incdir)/sudo_debug.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoreplay.c
testsudoers.o: $(srcdir)/testsudoers.c $(top_builddir)/config.h \
$(top_srcdir)/compat/fnmatch.h $(srcdir)/tsgetgrpw.h \
$(incdir)/sudo_conf.h $(incdir)/list.h $(incdir)/secure_path.h \
$(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/testsudoers.c
+timestamp.lo: $(srcdir)/timestamp.c $(top_builddir)/config.h \
+ $(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
+ $(top_builddir)/pathnames.h $(incdir)/missing.h \
+ $(incdir)/error.h $(incdir)/alloc.h $(incdir)/list.h \
+ $(incdir)/fileops.h $(srcdir)/defaults.h $(devdir)/def_data.h \
+ $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \
+ $(incdir)/sudo_debug.h $(incdir)/gettext.h $(srcdir)/check.h
+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestamp.c
timestr.lo: $(srcdir)/timestr.c $(top_builddir)/config.h $(incdir)/missing.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/timestr.c
toke.lo: $(devdir)/toke.c $(top_builddir)/config.h $(top_builddir)/config.h \
$(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
$(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
$(incdir)/gettext.h $(srcdir)/parse.h $(srcdir)/toke.h \
- $(devdir)/gram.h $(incdir)/lbuf.h $(incdir)/secure_path.h
+ $(devdir)/gram.h $(incdir)/lbuf.h $(srcdir)/sha2.h \
+ $(incdir)/secure_path.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(devdir)/toke.c
toke_util.lo: $(srcdir)/toke_util.c $(top_builddir)/config.h \
$(srcdir)/sudoers.h $(top_srcdir)/compat/stdbool.h \
$(incdir)/list.h $(incdir)/fileops.h $(srcdir)/defaults.h \
$(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
- $(srcdir)/interfaces.h $(srcdir)/parse.h $(srcdir)/redblack.h \
- $(incdir)/gettext.h $(srcdir)/sudoers_version.h \
- $(incdir)/sudo_conf.h $(incdir)/list.h $(devdir)/gram.h
+ $(srcdir)/parse.h $(srcdir)/redblack.h $(incdir)/gettext.h \
+ $(srcdir)/sudoers_version.h $(incdir)/sudo_conf.h $(incdir)/list.h \
+ $(devdir)/gram.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/visudo.c
/*
- * Copyright (c) 2004-2005, 2007-2011
+ * Copyright (c) 2004-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
* Globals
*/
struct rbtree *aliases;
-unsigned int alias_seqno;
/*
* Comparison function for the red-black tree.
/*
* Search the tree for an alias with the specified name and type.
* Returns a pointer to the alias structure or NULL if not found.
+ * Caller is responsible for calling alias_put() on the returned
+ * alias to mark it as unused.
*/
struct alias *
-alias_find(char *name, int type)
+alias_get(char *name, int type)
{
struct alias key;
struct rbnode *node;
struct alias *a = NULL;
- debug_decl(alias_find, SUDO_DEBUG_ALIAS)
+ debug_decl(alias_get, SUDO_DEBUG_ALIAS)
key.name = name;
key.type = type;
if ((node = rbfind(aliases, &key)) != NULL) {
/*
- * Compare the global sequence number with the one stored
- * in the alias. If they match then we've seen this alias
- * before and found a loop.
+ * Check whether this alias is already in use.
+ * If so, we've detected a loop. If not, set the flag,
+ * which the caller should clear with a call to alias_put().
*/
a = node->data;
- if (a->seqno == alias_seqno) {
+ if (a->used) {
errno = ELOOP;
debug_return_ptr(NULL);
}
- a->seqno = alias_seqno;
+ a->used = true;
} else {
errno = ENOENT;
}
debug_return_ptr(a);
}
+/*
+ * Clear the "used" flag in an alias once the caller is done with it.
+ */
+void
+alias_put(struct alias *a)
+{
+ debug_decl(alias_put, SUDO_DEBUG_ALIAS)
+ a->used = false;
+ debug_return;
+}
+
/*
* Add an alias to the aliases redblack tree.
* Returns NULL on success and an error string on failure.
a = ecalloc(1, sizeof(*a));
a->name = name;
a->type = type;
- /* a->seqno = 0; */
+ /* a->used = false; */
list2tq(&a->members, members);
if (rbinsert(aliases, a)) {
- snprintf(errbuf, sizeof(errbuf), _("Alias `%s' already defined"), name);
+ snprintf(errbuf, sizeof(errbuf), N_("Alias `%s' already defined"), name);
alias_free(a);
debug_return_str(errbuf);
}
/*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
audit_failure(char *exec_args[], char const *const fmt, ...)
{
va_list ap;
+ int oldlocale;
debug_decl(audit_success, SUDO_DEBUG_AUDIT)
+ /* Audit error messages should be in the sudoers locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+
if (exec_args != NULL) {
va_start(ap, fmt);
#ifdef HAVE_BSM_AUDIT
- bsm_audit_failure(exec_args, fmt, ap);
+ bsm_audit_failure(exec_args, _(fmt), ap);
#endif
#ifdef HAVE_LINUX_AUDIT
linux_audit_command(exec_args, 0);
va_end(ap);
}
+ sudoers_setlocale(oldlocale, NULL);
+
debug_return;
}
AUTH_FATAL A fatal error occurred. The routine should have
written an error message to stderr and optionally
- sent mail to the administrator. (If log_error()
- is called to do this, the NO_EXIT flag must be used.)
+ sent mail to the administrator.
When verify_user() gets AUTH_FATAL from an auth
function it does an exit(1).
/*
- * Copyright (c) 1999, 2001-2005, 2007, 2010-2011
+ * Copyright (c) 1999, 2001-2005, 2007, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
-#include <sys/param.h>
#include <sys/types.h>
#include <stdio.h>
#ifdef STDC_HEADERS
/*
- * Copyright (c) 1999-2005, 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 2000-2005, 2007-2008, 2010-2011
+ * Copyright (c) 2000-2005, 2007-2008, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
else
state.lc = login_getclass(pw->pw_uid ? LOGIN_DEFCLASS : LOGIN_DEFROOTCLASS);
if (state.lc == NULL) {
- log_error(USE_ERRNO|NO_MAIL,
- _("unable to get login class for user %s"), pw->pw_name);
+ log_warning(USE_ERRNO|NO_MAIL,
+ N_("unable to get login class for user %s"), pw->pw_name);
debug_return_int(AUTH_FATAL);
}
if ((state.as = auth_open()) == NULL) {
- log_error(USE_ERRNO|NO_MAIL,
- _("unable to begin bsd authentication"));
+ log_warning(USE_ERRNO|NO_MAIL,
+ N_("unable to begin bsd authentication"));
login_close(state.lc);
debug_return_int(AUTH_FATAL);
}
/* XXX - maybe sanity check the auth style earlier? */
login_style = login_getstyle(state.lc, login_style, "auth-sudo");
if (login_style == NULL) {
- log_error(NO_MAIL, _("invalid authentication type"));
+ log_warning(NO_MAIL, N_("invalid authentication type"));
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
if (auth_setitem(state.as, AUTHV_STYLE, login_style) < 0 ||
auth_setitem(state.as, AUTHV_NAME, pw->pw_name) < 0 ||
auth_setitem(state.as, AUTHV_CLASS, login_class) < 0) {
- log_error(NO_MAIL, _("unable to setup authentication"));
+ log_warning(NO_MAIL, N_("unable to setup authentication"));
auth_close(state.as);
login_close(state.lc);
debug_return_int(AUTH_FATAL);
debug_return_int(AUTH_INTR);
if ((s = auth_getvalue(as, "errormsg")) != NULL)
- log_error(NO_MAIL, "%s", s);
+ log_warning(NO_MAIL, "%s", s);
debug_return_int(AUTH_FAILURE);
}
/*
- * Copyright (c) 1996, 1998-2005, 2010-2011
+ * Copyright (c) 1996, 1998-2005, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1999-2005, 2008, 2010-2011
+ * Copyright (c) 1999-2005, 2008, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1999-2005, 2007-2008, 2010-2012
+ * Copyright (c) 1999-2005, 2007-2008, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
* API does not currently provide this unless the auth is standalone.
*/
if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
- log_error(NO_MAIL,
- _("%s: unable to unparse princ ('%s'): %s"), auth->name,
- pw->pw_name, error_message(error));
+ log_warning(NO_MAIL,
+ N_("%s: unable to convert principal to string ('%s'): %s"),
+ auth->name, pw->pw_name, error_message(error));
debug_return_int(AUTH_FAILURE);
}
error = krb5_parse_name(sudo_context, pname, &(sudo_krb5_data.princ));
if (error) {
- log_error(NO_MAIL,
- _("%s: unable to parse '%s': %s"), auth->name, pname,
+ log_warning(NO_MAIL,
+ N_("%s: unable to parse '%s': %s"), auth->name, pname,
error_message(error));
goto done;
}
(long) getpid());
if ((error = krb5_cc_resolve(sudo_context, cache_name,
&(sudo_krb5_data.ccache)))) {
- log_error(NO_MAIL,
- _("%s: unable to resolve ccache: %s"), auth->name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to resolve credential cache: %s"), auth->name,
error_message(error));
goto done;
}
/* Set default flags based on the local config file. */
error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
if (error) {
- log_error(NO_MAIL,
- _("%s: unable to allocate options: %s"), auth->name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to allocate options: %s"), auth->name,
error_message(error));
goto done;
}
NULL, 0, NULL, opts))) {
/* Don't print error if just a bad password */
if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
- log_error(NO_MAIL,
- _("%s: unable to get credentials: %s"), auth->name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to get credentials: %s"), auth->name,
error_message(error));
goto done;
}
if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name)))
goto done;
- /* Store cred in cred cache. */
+ /* Store credential in cache. */
if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
- log_error(NO_MAIL,
- _("%s: unable to initialize ccache: %s"), auth->name,
- error_message(error));
+ log_warning(NO_MAIL,
+ N_("%s: unable to initialize credential cache: %s"),
+ auth->name, error_message(error));
} else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
- log_error(NO_MAIL,
- _("%s: unable to store cred in ccache: %s"), auth->name,
- error_message(error));
+ log_warning(NO_MAIL,
+ N_("%s: unable to store credential in cache: %s"),
+ auth->name, error_message(error));
}
done:
*/
if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
KRB5_NT_SRV_HST, &server))) {
- log_error(NO_MAIL,
- _("%s: unable to get host principal: %s"), auth_name,
+ log_warning(NO_MAIL,
+ N_("%s: unable to get host principal: %s"), auth_name,
error_message(error));
debug_return_int(-1);
}
NULL, &vopt);
krb5_free_principal(sudo_context, server);
if (error)
- log_error(NO_MAIL,
- _("%s: Cannot verify TGT! Possible attack!: %s"),
+ log_warning(NO_MAIL,
+ N_("%s: Cannot verify TGT! Possible attack!: %s"),
auth_name, error_message(error));
debug_return_int(error);
}
/*
- * Copyright (c) 1999-2005, 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2007-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# endif
#endif
+/* We don't want to translate the strings in the calls to dgt(). */
+#ifdef PAM_TEXT_DOMAIN
+# define dgt(d, t) dgettext(d, t)
+#endif
+
#include "sudoers.h"
#include "sudo_auth.h"
# define PAM_CONST
#endif
-static int converse(int, PAM_CONST struct pam_message **,
- struct pam_response **, void *);
-static char *def_prompt = "Password:";
-static int getpass_error;
-
#ifndef PAM_DATA_SILENT
#define PAM_DATA_SILENT 0
#endif
+static int converse(int, PAM_CONST struct pam_message **,
+ struct pam_response **, void *);
+static char *def_prompt = "Password:";
+static bool sudo_pam_cred_established;
+static bool sudo_pam_authenticated;
+static int getpass_error;
static pam_handle_t *pamh;
int
#endif
pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
- log_error(USE_ERRNO|NO_MAIL, _("unable to initialize PAM"));
+ log_warning(USE_ERRNO|NO_MAIL, N_("unable to initialize PAM"));
debug_return_int(AUTH_FATAL);
}
*pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
+ sudo_pam_authenticated = true;
debug_return_int(AUTH_SUCCESS);
case PAM_AUTH_ERR:
- log_error(NO_MAIL, _("account validation failure, "
+ log_warning(NO_MAIL, N_("account validation failure, "
"is your account locked?"));
debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
- log_error(NO_MAIL, _("Account or password is "
+ log_warning(NO_MAIL, N_("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
debug_return_int(AUTH_SUCCESS);
- if ((s = pam_strerror(pamh, *pam_status)))
- log_error(NO_MAIL, _("pam_chauthtok: %s"), s);
+ if ((s = pam_strerror(pamh, *pam_status)) != NULL) {
+ log_warning(NO_MAIL,
+ N_("unable to change expired password: %s"), s);
+ }
debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
- log_error(NO_MAIL,
- _("Password expired, contact your system administrator"));
+ log_warning(NO_MAIL,
+ N_("Password expired, contact your system administrator"));
debug_return_int(AUTH_FATAL);
case PAM_ACCT_EXPIRED:
- log_error(NO_MAIL,
- _("Account expired or PAM config lacks an \"account\" "
+ log_warning(NO_MAIL,
+ N_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
debug_return_int(AUTH_FATAL);
}
case PAM_PERM_DENIED:
debug_return_int(AUTH_FAILURE);
default:
- if ((s = pam_strerror(pamh, *pam_status)))
- log_error(NO_MAIL, _("pam_authenticate: %s"), s);
+ if ((s = pam_strerror(pamh, *pam_status)) != NULL)
+ log_warning(NO_MAIL, N_("PAM authentication error: %s"), s);
debug_return_int(AUTH_FATAL);
}
}
* this is not set and so pam_setcred() returns PAM_PERM_DENIED.
* We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
*/
- (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ status = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ if (status == PAM_SUCCESS) {
+ sudo_pam_cred_established = true;
+ } else if (sudo_pam_authenticated) {
+ const char *s = pam_strerror(pamh, status);
+ if (s != NULL)
+ log_warning(NO_MAIL, N_("unable to establish credentials: %s"), s);
+ goto done;
+ }
#ifdef HAVE_PAM_GETENVLIST
/*
}
#endif /* HAVE_PAM_GETENVLIST */
-#ifndef NO_PAM_SESSION
- status = pam_open_session(pamh, 0);
- if (status != PAM_SUCCESS) {
- (void) pam_end(pamh, status | PAM_DATA_SILENT);
- pamh = NULL;
+ if (def_pam_session) {
+ status = pam_open_session(pamh, 0);
+ if (status != PAM_SUCCESS) {
+ (void) pam_end(pamh, status | PAM_DATA_SILENT);
+ pamh = NULL;
+ }
}
-#endif
done:
debug_return_int(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
* XXX - still needed now that session init is in parent?
*/
(void) pam_set_item(pamh, PAM_USER, pw->pw_name);
-#ifndef NO_PAM_SESSION
- (void) pam_close_session(pamh, PAM_SILENT);
-#endif
- (void) pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+ if (def_pam_session)
+ (void) pam_close_session(pamh, PAM_SILENT);
+ if (sudo_pam_cred_established)
+ (void) pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
pamh = NULL;
}
if (getpass_error)
goto done;
- /* Is the sudo prompt standard? (If so, we'l just use PAM's) */
+ /* Is the sudo prompt standard? (If so, we'll just use PAM's) */
std_prompt = strncmp(def_prompt, "Password:", 9) == 0 &&
(def_prompt[9] == '\0' ||
(def_prompt[9] == ' ' && def_prompt[10] == '\0'));
/* Only override PAM prompt if it matches /^Password: ?/ */
#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_LIBINTL_H)
if (!def_passprompt_override && (std_prompt ||
- (strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
- strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:")))))
+ (strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password: ")) &&
+ strcmp(pm->msg, dgt(PAM_TEXT_DOMAIN, "Password:")))))
prompt = pm->msg;
#else
if (!def_passprompt_override && (std_prompt ||
/*
- * Copyright (c) 1999-2005, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1994-1996, 1998-2005, 2010-2011
+ * Copyright (c) 1994-1996, 1998-2005, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1998-2005, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1998-2005, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1999-2005, 2007, 2010-2011
+ * Copyright (c) 1999-2005, 2007, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2002 Michael Stroucken <michael@stroucken.org>
*
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1999-2005, 2007, 2010-2011
+ * Copyright (c) 1999-2005, 2007, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
if (sia_ses_init(&siah, sudo_argc, sudo_argv, NULL, pw->pw_name, user_ttypath, 1, NULL) != SIASUCCESS) {
- log_error(USE_ERRNO|NO_MAIL,
- _("unable to initialize SIA session"));
+ log_warning(USE_ERRNO|NO_MAIL,
+ N_("unable to initialize SIA session"));
debug_return_int(AUTH_FATAL);
}
/*
- * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2008-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/* Make sure we haven't mixed standalone and shared auth methods. */
standalone = IS_STANDALONE(&auth_switch[0]);
if (standalone && auth_switch[1].name != NULL) {
- audit_failure(NewArgv, "invalid authentication methods");
- log_fatal(0, _("Invalid authentication methods compiled into sudo! "
- "You may mix standalone and non-standalone authentication."));
+ audit_failure(NewArgv, N_("invalid authentication methods"));
+ log_fatal(0, N_("Invalid authentication methods compiled into sudo! "
+ "You may not mix standalone and non-standalone authentication."));
debug_return_int(-1);
}
/* Make sure we have at least one auth method. */
/* XXX - check FLAG_DISABLED too */
if (auth_switch[0].name == NULL) {
- audit_failure(NewArgv, "no authentication methods");
- log_error(0,
- _("There are no authentication methods compiled into sudo! "
+ audit_failure(NewArgv, N_("no authentication methods"));
+ log_warning(0,
+ N_("There are no authentication methods compiled into sudo! "
"If you want to turn off authentication, use the "
"--disable-authentication configure option."));
debug_return_int(-1);
{
sudo_auth *auth;
int status = AUTH_SUCCESS;
- debug_decl(auth_begin_session, SUDO_DEBUG_AUTH)
+ debug_decl(sudo_auth_begin_session, SUDO_DEBUG_AUTH)
for (auth = auth_switch; auth->name; auth++) {
if (auth->begin_session && !IS_DISABLED(auth)) {
debug_return_int(status == AUTH_FATAL ? -1 : 1);
}
+bool
+sudo_auth_needs_end_session(void)
+{
+ sudo_auth *auth;
+ bool needed = false;
+ debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH)
+
+ for (auth = auth_switch; auth->name; auth++) {
+ if (auth->end_session && !IS_DISABLED(auth)) {
+ needed = true;
+ break;
+ }
+ }
+ debug_return_bool(needed);
+}
+
/*
* Call authentication method end session hooks.
* Returns 1 on success and -1 on error.
{
sudo_auth *auth;
int status = AUTH_SUCCESS;
- debug_decl(auth_end_session, SUDO_DEBUG_AUTH)
+ debug_decl(sudo_auth_end_session, SUDO_DEBUG_AUTH)
for (auth = auth_switch; auth->name; auth++) {
if (auth->end_session && !IS_DISABLED(auth)) {
/*
- * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+
+#include "missing.h"
+#include "sudo_debug.h"
+
+/*
+ * Decode a NUL-terminated string in base64 format and store the
+ * result in dst.
+ */
+size_t
+base64_decode(const char *str, unsigned char *dst, size_t dsize)
+{
+ static const char b64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ const unsigned char *dst0 = dst;
+ const unsigned char *dend = dst + dsize;
+ unsigned char ch[4];
+ char *pos;
+ int i;
+ debug_decl(base64_decode, SUDO_DEBUG_MATCH)
+
+ /*
+ * Convert from base64 to binary. Each base64 char holds 6 bits of data
+ * so 4 base64 chars equals 3 chars of data.
+ * Padding (with the '=' char) may or may not be present.
+ */
+ while (*str != '\0') {
+ for (i = 0; i < 4; i++) {
+ switch (*str) {
+ case '=':
+ str++;
+ /* FALLTHROUGH */
+ case '\0':
+ ch[i] = '=';
+ break;
+ default:
+ if ((pos = strchr(b64, *str++)) == NULL)
+ debug_return_size_t((size_t)-1);
+ ch[i] = (unsigned char)(pos - b64);
+ break;
+ }
+ }
+ if (ch[0] == '=' || ch[1] == '=' || dst == dend)
+ break;
+ *dst++ = (ch[0] << 2) | ((ch[1] & 0x30) >> 4);
+ if (ch[2] == '=' || dst == dend)
+ break;
+ *dst++ = ((ch[1] & 0x0f) << 4) | ((ch[2] & 0x3c) >> 2);
+ if (ch[3] == '=' || dst == dend)
+ break;
+ *dst++ = ((ch[2] & 0x03) << 6) | ch[3];
+ }
+ debug_return_size_t((size_t)(dst - dst0));
+}
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
-#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
int
get_boottime(struct timeval *tv)
{
- char *line = NULL;
+ char *ep, *line = NULL;
size_t linesize = 0;
ssize_t len;
FILE * fp;
if (fp != NULL) {
while ((len = getline(&line, &linesize, fp)) != -1) {
if (strncmp(line, "btime ", 6) == 0) {
- tv->tv_sec = atoi(line + 6);
- tv->tv_usec = 0;
- debug_return_bool(1);
+#ifdef HAVE_STRTOLL
+ long long llval = strtoll(line + 6, &ep, 10);
+ if (line[6] != '\0' && *ep == '\0' && (time_t)llval == llval) {
+ tv->tv_sec = (time_t)llval;
+ tv->tv_usec = 0;
+ debug_return_bool(1);
+ }
+#else
+ long lval = strtol(line + 6, &ep, 10);
+ if (line[6] != '\0' && *ep == '\0' && (time_t)lval == lval) {
+ tv->tv_sec = (time_t)llval;
+ tv->tv_usec = 0;
+ debug_return_bool(1);
+ }
+#endif
}
}
fclose(fp);
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2009 Christian S.J. Peron
*
* Permission to use, copy, modify, and distribute this software for any
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) {
if (errno == ENOSYS) {
if (getaudit(&ainfo) < 0)
- error(1, _("getaudit: failed"));
+ fatal("getaudit");
mask = &ainfo.ai_mask;
} else
- error(1, _("getaudit: failed"));
+ fatal("getaudit");
} else
mask = &ainfo_addr.ai_mask;
sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
if (errno == AUDIT_NOT_CONFIGURED)
return;
- error(1, _("Could not determine audit condition"));
+ fatal(_("Could not determine audit condition"));
}
if (au_cond == AUC_NOAUDIT)
debug_return;
if (!audit_sudo_selected(0))
debug_return;
if (getauid(&auid) < 0)
- error(1, _("getauid failed"));
+ fatal("getauid");
if ((aufd = au_open()) == -1)
- error(1, _("au_open: failed"));
+ fatal("au_open");
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo_addr.ai_termid);
* NB: We should probably watch out for ERANGE here.
*/
if (getaudit(&ainfo) < 0)
- error(1, _("getaudit: failed"));
+ fatal("getaudit");
tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo.ai_termid);
} else
- error(1, _("getaudit: failed"));
+ fatal("getaudit");
if (tok == NULL)
- error(1, _("au_to_subject: failed"));
+ fatal("au_to_subject");
au_write(aufd, tok);
tok = au_to_exec_args(exec_args);
if (tok == NULL)
- error(1, _("au_to_exec_args: failed"));
+ fatal("au_to_exec_args");
au_write(aufd, tok);
tok = au_to_return32(0, 0);
if (tok == NULL)
- error(1, _("au_to_return32: failed"));
+ fatal("au_to_return32");
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_sudo) == -1)
- error(1, _("unable to commit audit record"));
+ fatal(_("unable to commit audit record"));
debug_return;
}
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
if (errno == AUDIT_NOT_CONFIGURED)
debug_return;
- error(1, _("Could not determine audit condition"));
+ fatal(_("Could not determine audit condition"));
}
if (au_cond == AUC_NOAUDIT)
debug_return;
if (!audit_sudo_selected(1))
debug_return;
if (getauid(&auid) < 0)
- error(1, _("getauid: failed"));
+ fatal("getauid");
if ((aufd = au_open()) == -1)
- error(1, _("au_open: failed"));
+ fatal("au_open");
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo_addr.ai_termid);
} else if (errno == ENOSYS) {
if (getaudit(&ainfo) < 0)
- error(1, _("getaudit: failed"));
+ fatal("getaudit");
tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo.ai_termid);
} else
- error(1, _("getaudit: failed"));
+ fatal("getaudit");
if (tok == NULL)
- error(1, _("au_to_subject: failed"));
+ fatal("au_to_subject");
au_write(aufd, tok);
tok = au_to_exec_args(exec_args);
if (tok == NULL)
- error(1, _("au_to_exec_args: failed"));
+ fatal("au_to_exec_args");
au_write(aufd, tok);
(void) vsnprintf(text, sizeof(text), fmt, ap);
tok = au_to_text(text);
if (tok == NULL)
- error(1, _("au_to_text: failed"));
+ fatal("au_to_text");
au_write(aufd, tok);
tok = au_to_return32(EPERM, 1);
if (tok == NULL)
- error(1, _("au_to_return32: failed"));
+ fatal("au_to_return32");
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_sudo) == -1)
- error(1, _("unable to commit audit record"));
+ fatal(_("unable to commit audit record"));
debug_return;
}
/*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2010, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2009 Christian S.J. Peron
*
* Permission to use, copy, modify, and distribute this software for any
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_BSM_AUDIT_H
-#define _SUDO_BSM_AUDIT_H
+#ifndef _SUDOERS_BSM_AUDIT_H
+#define _SUDOERS_BSM_AUDIT_H
void bsm_audit_success(char **);
void bsm_audit_failure(char **, char const * const, va_list);
-#endif /* _SUDO_BSM_AUDIT_H */
+#endif /* _SUDOERS_BSM_AUDIT_H */
/*
- * Copyright (c) 1993-1996,1998-2005, 2007-2011
+ * Copyright (c) 1993-1996,1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/time.h>
-#include <sys/stat.h>
-#ifdef __linux__
-# include <sys/vfs.h>
-#endif
-#if defined(__sun) && defined(__SVR4)
-# include <sys/statvfs.h>
-#endif
-#ifndef __TANDEM
-# include <sys/file.h>
-#endif
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#endif
#include <errno.h>
#include <fcntl.h>
-#include <signal.h>
#include <pwd.h>
#include <grp.h>
#include "sudoers.h"
+#include "check.h"
-/* Status codes for timestamp_status() */
-#define TS_CURRENT 0
-#define TS_OLD 1
-#define TS_MISSING 2
-#define TS_NOFILE 3
-#define TS_ERROR 4
-
-/* Flags for timestamp_status() */
-#define TS_MAKE_DIRS 1
-#define TS_REMOVE 2
+static bool display_lecture(int);
+static struct passwd *get_authpw(void);
/*
- * Info stored in tty ticket from stat(2) to help with tty matching.
+ * Returns true if the user successfully authenticates, false if not
+ * or -1 on error.
*/
-static struct tty_info {
- dev_t dev; /* ID of device tty resides on */
- dev_t rdev; /* tty device ID */
- ino_t ino; /* tty inode number */
- struct timeval ctime; /* tty inode change time */
- pid_t sid; /* ID of session with controlling tty */
-} tty_info;
+static int
+check_user_interactive(int validated, int mode, struct passwd *auth_pw)
+{
+ int status, rval = true;
+ debug_decl(check_user_interactive, SUDO_DEBUG_AUTH)
-static int build_timestamp(char **, char **);
-static int timestamp_status(char *, char *, char *, int);
-static char *expand_prompt(char *, char *, char *);
-static void lecture(int);
-static void update_timestamp(char *, char *);
-static bool tty_is_devpts(const char *);
-static struct passwd *get_authpw(void);
+ /* Always need a password when -k was specified with the command. */
+ if (ISSET(mode, MODE_IGNORE_TICKET))
+ SET(validated, FLAG_CHECK_USER);
+
+ if (build_timestamp(auth_pw) == -1) {
+ rval = -1;
+ goto done;
+ }
+
+ status = timestamp_status(auth_pw);
+
+ if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
+ char *prompt;
+ bool lectured;
+
+ /* Bail out if we are non-interactive and a password is required */
+ if (ISSET(mode, MODE_NONINTERACTIVE)) {
+ validated |= FLAG_NON_INTERACTIVE;
+ log_auth_failure(validated, 0);
+ rval = -1;
+ goto done;
+ }
+
+ /* XXX - should not lecture if askpass helper is being used. */
+ lectured = display_lecture(status);
+
+ /* Expand any escapes in the prompt. */
+ prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
+ user_name, user_shost);
+
+ rval = verify_user(auth_pw, prompt, validated);
+ if (rval == true && lectured)
+ set_lectured();
+ efree(prompt);
+ }
+ /* Only update timestamp if user was validated. */
+ if (rval == true && ISSET(validated, VALIDATE_OK) &&
+ !ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR)
+ update_timestamp(auth_pw);
+done:
+ debug_return_bool(rval);
+}
/*
* Returns true if the user successfully authenticates, false if not
check_user(int validated, int mode)
{
struct passwd *auth_pw;
- char *timestampdir = NULL;
- char *timestampfile = NULL;
- char *prompt;
- struct stat sb;
- int status, rval = true;
+ int rval = true;
debug_decl(check_user, SUDO_DEBUG_AUTH)
/*
goto done;
}
- /* Always need a password when -k was specified with the command. */
- if (ISSET(mode, MODE_IGNORE_TICKET))
- SET(validated, FLAG_CHECK_USER);
-
- /* Stash the tty's device, session ID and ctime for ticket comparison. */
- if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
- tty_info.dev = sb.st_dev;
- tty_info.ino = sb.st_ino;
- tty_info.rdev = sb.st_rdev;
- if (tty_is_devpts(user_ttypath))
- ctim_get(&sb, &tty_info.ctime);
- tty_info.sid = user_sid;
- }
-
- if (build_timestamp(×tampdir, ×tampfile) == -1) {
- rval = -1;
- goto done;
- }
-
- status = timestamp_status(timestampdir, timestampfile, user_name,
- TS_MAKE_DIRS);
-
- if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
- /* Bail out if we are non-interactive and a password is required */
- if (ISSET(mode, MODE_NONINTERACTIVE)) {
- validated |= FLAG_NON_INTERACTIVE;
- log_auth_failure(validated, 0);
- rval = -1;
- goto done;
- }
-
- /* XXX - should not lecture if askpass helper is being used. */
- lecture(status);
-
- /* Expand any escapes in the prompt. */
- prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
- user_name, user_shost);
-
- rval = verify_user(auth_pw, prompt, validated);
- }
- /* Only update timestamp if user was validated. */
- if (rval == true && ISSET(validated, VALIDATE_OK) &&
- !ISSET(mode, MODE_IGNORE_TICKET) && status != TS_ERROR)
- update_timestamp(timestampdir, timestampfile);
- efree(timestampdir);
- efree(timestampfile);
+ rval = check_user_interactive(validated, mode, auth_pw);
done:
sudo_auth_cleanup(auth_pw);
debug_return_bool(rval);
}
-#define DEFAULT_LECTURE "\n" \
- "We trust you have received the usual lecture from the local System\n" \
- "Administrator. It usually boils down to these three things:\n\n" \
- " #1) Respect the privacy of others.\n" \
- " #2) Think before you type.\n" \
- " #3) With great power comes great responsibility.\n\n"
-
/*
- * Standard sudo lecture.
+ * Display sudo lecture (standard or custom).
+ * Returns true if the user was lectured, else false.
*/
-static void
-lecture(int status)
+static bool
+display_lecture(int status)
{
FILE *fp;
char buf[BUFSIZ];
debug_decl(lecture, SUDO_DEBUG_AUTH)
if (def_lecture == never ||
- (def_lecture == once && status != TS_MISSING && status != TS_ERROR))
- debug_return;
+ (def_lecture == once && already_lectured(status)))
+ debug_return_bool(false);
memset(&msg, 0, sizeof(msg));
memset(&repl, 0, sizeof(repl));
fclose(fp);
} else {
msg.msg_type = SUDO_CONV_ERROR_MSG;
- msg.msg = _(DEFAULT_LECTURE);
+ msg.msg = _("\n"
+ "We trust you have received the usual lecture from the local System\n"
+ "Administrator. It usually boils down to these three things:\n\n"
+ " #1) Respect the privacy of others.\n"
+ " #2) Think before you type.\n"
+ " #3) With great power comes great responsibility.\n\n");
sudo_conv(1, &msg, &repl);
}
- debug_return;
-}
-
-/*
- * Update the time on the timestamp file/dir or create it if necessary.
- */
-static void
-update_timestamp(char *timestampdir, char *timestampfile)
-{
- debug_decl(update_timestamp, SUDO_DEBUG_AUTH)
-
- /* If using tty timestamps but we have no tty there is nothing to do. */
- if (def_tty_tickets && !user_ttypath)
- debug_return;
-
- if (timestamp_uid != 0)
- set_perms(PERM_TIMESTAMP);
- if (timestampfile) {
- /*
- * Store tty info in timestamp file
- */
- int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
- if (fd == -1)
- log_error(USE_ERRNO, _("unable to open %s"), timestampfile);
- else {
- lock_file(fd, SUDO_LOCK);
- if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info)) {
- log_error(USE_ERRNO, _("unable to write to %s"),
- timestampfile);
- }
- close(fd);
- }
- } else {
- if (touch(-1, timestampdir, NULL) == -1) {
- if (mkdir(timestampdir, 0700) == -1) {
- log_error(USE_ERRNO, _("unable to mkdir %s"),
- timestampdir);
- }
- }
- }
- if (timestamp_uid != 0)
- restore_perms();
- debug_return;
-}
-
-/*
- * Expand %h and %u escapes in the prompt and pass back the dynamically
- * allocated result. Returns the same string if there are no escapes.
- */
-static char *
-expand_prompt(char *old_prompt, char *user, char *host)
-{
- size_t len, n;
- int subst;
- char *p, *np, *new_prompt, *endp;
- debug_decl(expand_prompt, SUDO_DEBUG_AUTH)
-
- /* How much space do we need to malloc for the prompt? */
- subst = 0;
- for (p = old_prompt, len = strlen(old_prompt); *p; p++) {
- if (p[0] =='%') {
- switch (p[1]) {
- case 'h':
- p++;
- len += strlen(user_shost) - 2;
- subst = 1;
- break;
- case 'H':
- p++;
- len += strlen(user_host) - 2;
- subst = 1;
- break;
- case 'p':
- p++;
- if (def_rootpw)
- len += 2;
- else if (def_targetpw || def_runaspw)
- len += strlen(runas_pw->pw_name) - 2;
- else
- len += strlen(user_name) - 2;
- subst = 1;
- break;
- case 'u':
- p++;
- len += strlen(user_name) - 2;
- subst = 1;
- break;
- case 'U':
- p++;
- len += strlen(runas_pw->pw_name) - 2;
- subst = 1;
- break;
- case '%':
- p++;
- len--;
- subst = 1;
- break;
- default:
- break;
- }
- }
- }
-
- if (subst) {
- new_prompt = emalloc(++len);
- endp = new_prompt + len;
- for (p = old_prompt, np = new_prompt; *p; p++) {
- if (p[0] =='%') {
- switch (p[1]) {
- case 'h':
- p++;
- n = strlcpy(np, user_shost, np - endp);
- if (n >= np - endp)
- goto oflow;
- np += n;
- continue;
- case 'H':
- p++;
- n = strlcpy(np, user_host, np - endp);
- if (n >= np - endp)
- goto oflow;
- np += n;
- continue;
- case 'p':
- p++;
- if (def_rootpw)
- n = strlcpy(np, "root", np - endp);
- else if (def_targetpw || def_runaspw)
- n = strlcpy(np, runas_pw->pw_name, np - endp);
- else
- n = strlcpy(np, user_name, np - endp);
- if (n >= np - endp)
- goto oflow;
- np += n;
- continue;
- case 'u':
- p++;
- n = strlcpy(np, user_name, np - endp);
- if (n >= np - endp)
- goto oflow;
- np += n;
- continue;
- case 'U':
- p++;
- n = strlcpy(np, runas_pw->pw_name, np - endp);
- if (n >= np - endp)
- goto oflow;
- np += n;
- continue;
- case '%':
- /* convert %% -> % */
- p++;
- break;
- default:
- /* no conversion */
- break;
- }
- }
- *np++ = *p;
- if (np >= endp)
- goto oflow;
- }
- *np = '\0';
- } else
- new_prompt = old_prompt;
-
- debug_return_str(new_prompt);
-
-oflow:
- /* We pre-allocate enough space, so this should never happen. */
- errorx(1, _("internal error, %s overflow"), "expand_prompt()");
+ debug_return_bool(true);
}
/*
debug_return_bool(rval);
}
-/*
- * Fills in timestampdir as well as timestampfile if using tty tickets.
- */
-static int
-build_timestamp(char **timestampdir, char **timestampfile)
-{
- char *dirparent;
- int len;
- debug_decl(build_timestamp, SUDO_DEBUG_AUTH)
-
- dirparent = def_timestampdir;
- *timestampfile = NULL;
- len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
- if (len >= PATH_MAX)
- goto bad;
-
- /*
- * Timestamp file may be a file in the directory or NUL to use
- * the directory as the timestamp.
- */
- if (def_tty_tickets) {
- char *p;
-
- if ((p = strrchr(user_tty, '/')))
- p++;
- else
- p = user_tty;
- if (def_targetpw)
- len = easprintf(timestampfile, "%s/%s/%s:%s", dirparent, user_name,
- p, runas_pw->pw_name);
- else
- len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
- if (len >= PATH_MAX)
- goto bad;
- } else if (def_targetpw) {
- len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
- runas_pw->pw_name);
- if (len >= PATH_MAX)
- goto bad;
- } else
- *timestampfile = NULL;
-
- debug_return_int(len);
-bad:
- log_fatal(0, _("timestamp path too long: %s"),
- *timestampfile ? *timestampfile : *timestampdir);
- /* NOTREACHED */
- debug_return_int(-1);
-}
-
-/*
- * Check the timestamp file and directory and return their status.
- */
-static int
-timestamp_status(char *timestampdir, char *timestampfile, char *user, int flags)
-{
- struct stat sb;
- struct timeval boottime, mtime;
- time_t now;
- char *dirparent = def_timestampdir;
- int status = TS_ERROR; /* assume the worst */
- debug_decl(timestamp_status, SUDO_DEBUG_AUTH)
-
- if (timestamp_uid != 0)
- set_perms(PERM_TIMESTAMP);
-
- /*
- * Sanity check dirparent and make it if it doesn't already exist.
- * We start out assuming the worst (that the dir is not sane) and
- * if it is ok upgrade the status to ``no timestamp file''.
- * Note that we don't check the parent(s) of dirparent for
- * sanity since the sudo dir is often just located in /tmp.
- */
- if (lstat(dirparent, &sb) == 0) {
- if (!S_ISDIR(sb.st_mode))
- log_error(0, _("%s exists but is not a directory (0%o)"),
- dirparent, (unsigned int) sb.st_mode);
- else if (sb.st_uid != timestamp_uid)
- log_error(0, _("%s owned by uid %u, should be uid %u"),
- dirparent, (unsigned int) sb.st_uid,
- (unsigned int) timestamp_uid);
- else if ((sb.st_mode & 0000022))
- log_error(0,
- _("%s writable by non-owner (0%o), should be mode 0700"),
- dirparent, (unsigned int) sb.st_mode);
- else {
- if ((sb.st_mode & 0000777) != 0700)
- (void) chmod(dirparent, 0700);
- status = TS_MISSING;
- }
- } else if (errno != ENOENT) {
- log_error(USE_ERRNO, _("unable to stat %s"), dirparent);
- } else {
- /* No dirparent, try to make one. */
- if (ISSET(flags, TS_MAKE_DIRS)) {
- if (mkdir(dirparent, S_IRWXU))
- log_error(USE_ERRNO, _("unable to mkdir %s"),
- dirparent);
- else
- status = TS_MISSING;
- }
- }
- if (status == TS_ERROR)
- goto done;
-
- /*
- * Sanity check the user's ticket dir. We start by downgrading
- * the status to TS_ERROR. If the ticket dir exists and is sane
- * this will be upgraded to TS_OLD. If the dir does not exist,
- * it will be upgraded to TS_MISSING.
- */
- status = TS_ERROR; /* downgrade status again */
- if (lstat(timestampdir, &sb) == 0) {
- if (!S_ISDIR(sb.st_mode)) {
- if (S_ISREG(sb.st_mode)) {
- /* convert from old style */
- if (unlink(timestampdir) == 0)
- status = TS_MISSING;
- } else
- log_error(0, _("%s exists but is not a directory (0%o)"),
- timestampdir, (unsigned int) sb.st_mode);
- } else if (sb.st_uid != timestamp_uid)
- log_error(0, _("%s owned by uid %u, should be uid %u"),
- timestampdir, (unsigned int) sb.st_uid,
- (unsigned int) timestamp_uid);
- else if ((sb.st_mode & 0000022))
- log_error(0,
- _("%s writable by non-owner (0%o), should be mode 0700"),
- timestampdir, (unsigned int) sb.st_mode);
- else {
- if ((sb.st_mode & 0000777) != 0700)
- (void) chmod(timestampdir, 0700);
- status = TS_OLD; /* do date check later */
- }
- } else if (errno != ENOENT) {
- log_error(USE_ERRNO, _("unable to stat %s"), timestampdir);
- } else
- status = TS_MISSING;
-
- /*
- * If there is no user ticket dir, AND we are in tty ticket mode,
- * AND the TS_MAKE_DIRS flag is set, create the user ticket dir.
- */
- if (status == TS_MISSING && timestampfile && ISSET(flags, TS_MAKE_DIRS)) {
- if (mkdir(timestampdir, S_IRWXU) == -1) {
- status = TS_ERROR;
- log_error(USE_ERRNO, _("unable to mkdir %s"), timestampdir);
- }
- }
-
- /*
- * Sanity check the tty ticket file if it exists.
- */
- if (timestampfile && status != TS_ERROR) {
- if (status != TS_MISSING)
- status = TS_NOFILE; /* dir there, file missing */
- if (def_tty_tickets && !user_ttypath)
- goto done; /* no tty, always prompt */
- if (lstat(timestampfile, &sb) == 0) {
- if (!S_ISREG(sb.st_mode)) {
- status = TS_ERROR;
- log_error(0, _("%s exists but is not a regular file (0%o)"),
- timestampfile, (unsigned int) sb.st_mode);
- } else {
- /* If bad uid or file mode, complain and kill the bogus file. */
- if (sb.st_uid != timestamp_uid) {
- log_error(0,
- _("%s owned by uid %u, should be uid %u"),
- timestampfile, (unsigned int) sb.st_uid,
- (unsigned int) timestamp_uid);
- (void) unlink(timestampfile);
- } else if ((sb.st_mode & 0000022)) {
- log_error(0,
- _("%s writable by non-owner (0%o), should be mode 0600"),
- timestampfile, (unsigned int) sb.st_mode);
- (void) unlink(timestampfile);
- } else {
- /* If not mode 0600, fix it. */
- if ((sb.st_mode & 0000777) != 0600)
- (void) chmod(timestampfile, 0600);
-
- /*
- * Check for stored tty info. If the file is zero-sized
- * it is an old-style timestamp with no tty info in it.
- * If removing, we don't care about the contents.
- * The actual mtime check is done later.
- */
- if (ISSET(flags, TS_REMOVE)) {
- status = TS_OLD;
- } else if (sb.st_size != 0) {
- struct tty_info info;
- int fd = open(timestampfile, O_RDONLY, 0644);
- if (fd != -1) {
- if (read(fd, &info, sizeof(info)) == sizeof(info) &&
- memcmp(&info, &tty_info, sizeof(info)) == 0) {
- status = TS_OLD;
- }
- close(fd);
- }
- }
- }
- }
- } else if (errno != ENOENT) {
- log_error(USE_ERRNO, _("unable to stat %s"), timestampfile);
- status = TS_ERROR;
- }
- }
-
- /*
- * If the file/dir exists and we are not removing it, check its mtime.
- */
- if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
- mtim_get(&sb, &mtime);
- if (timevalisset(&mtime)) {
- /* Negative timeouts only expire manually (sudo -k). */
- if (def_timestamp_timeout < 0) {
- status = TS_CURRENT;
- } else {
- now = time(NULL);
- if (def_timestamp_timeout &&
- now - mtime.tv_sec < 60 * def_timestamp_timeout) {
- /*
- * Check for bogus time on the stampfile. The clock may
- * have been set back or user could be trying to spoof us.
- */
- if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
- time_t tv_sec = (time_t)mtime.tv_sec;
- log_error(0,
- _("timestamp too far in the future: %20.20s"),
- 4 + ctime(&tv_sec));
- if (timestampfile)
- (void) unlink(timestampfile);
- else
- (void) rmdir(timestampdir);
- status = TS_MISSING;
- } else if (get_boottime(&boottime) &&
- timevalcmp(&mtime, &boottime, <)) {
- status = TS_OLD;
- } else {
- status = TS_CURRENT;
- }
- }
- }
- }
- }
-
-done:
- if (timestamp_uid != 0)
- restore_perms();
- debug_return_int(status);
-}
-
-/*
- * Remove the timestamp ticket file/dir.
- */
-void
-remove_timestamp(bool remove)
-{
- struct timeval tv;
- char *timestampdir, *timestampfile, *path;
- int status;
- debug_decl(remove_timestamp, SUDO_DEBUG_AUTH)
-
- if (build_timestamp(×tampdir, ×tampfile) == -1)
- debug_return;
-
- status = timestamp_status(timestampdir, timestampfile, user_name,
- TS_REMOVE);
- if (status != TS_MISSING && status != TS_ERROR) {
- path = timestampfile ? timestampfile : timestampdir;
- if (remove) {
- if (timestampfile)
- status = unlink(timestampfile);
- else
- status = rmdir(timestampdir);
- if (status == -1 && errno != ENOENT) {
- log_error(0,
- _("unable to remove %s (%s), will reset to the epoch"),
- path, strerror(errno));
- remove = false;
- }
- }
- if (!remove) {
- timevalclear(&tv);
- if (touch(-1, path, &tv) == -1 && errno != ENOENT)
- error(1, _("unable to reset %s to the epoch"), path);
- }
- }
- efree(timestampdir);
- efree(timestampfile);
-
- debug_return;
-}
-
-/*
- * Returns true if tty lives on a devpts, /dev or /devices filesystem, else
- * false. Unlike most filesystems, the ctime of devpts nodes is not updated
- * when the device node is written to, only when the inode's status changes,
- * typically via the chmod, chown, link, rename, or utimes system calls.
- * Since the ctime is "stable" in this case, we can stash it the tty ticket
- * file and use it to determine whether the tty ticket file is stale.
- */
-static bool
-tty_is_devpts(const char *tty)
-{
- bool retval = false;
-#ifdef __linux__
- struct statfs sfs;
- debug_decl(tty_is_devpts, SUDO_DEBUG_PTY)
-
-#ifndef DEVPTS_SUPER_MAGIC
-# define DEVPTS_SUPER_MAGIC 0x1cd1
-#endif
-
- if (statfs(tty, &sfs) == 0) {
- if (sfs.f_type == DEVPTS_SUPER_MAGIC)
- retval = true;
- }
-#elif defined(__sun) && defined(__SVR4)
- struct statvfs sfs;
- debug_decl(tty_is_devpts, SUDO_DEBUG_PTY)
-
- if (statvfs(tty, &sfs) == 0) {
- if (strcmp(sfs.f_fstr, "dev") == 0 || strcmp(sfs.f_fstr, "devices") == 0)
- retval = true;
- }
-#else
- debug_decl(tty_is_devpts, SUDO_DEBUG_PTY)
-#endif /* __linux__ */
- debug_return_bool(retval);
-}
-
/*
* Get passwd entry for the user we are going to authenticate as.
* By default, this is the user invoking sudo. In the most common
if (def_rootpw) {
if ((pw = sudo_getpwuid(ROOT_UID)) == NULL)
- log_fatal(0, _("unknown uid: %u"), ROOT_UID);
+ log_fatal(0, N_("unknown uid: %u"), ROOT_UID);
} else if (def_runaspw) {
if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
- log_fatal(0, _("unknown user: %s"), def_runas_default);
+ log_fatal(0, N_("unknown user: %s"), def_runas_default);
} else if (def_targetpw) {
if (runas_pw->pw_name == NULL)
- log_fatal(NO_MAIL|MSG_ONLY, _("unknown uid: %u"),
+ log_fatal(NO_MAIL|MSG_ONLY, N_("unknown uid: %u"),
(unsigned int) runas_pw->pw_uid);
sudo_pw_addref(runas_pw);
pw = runas_pw;
--- /dev/null
+/*
+ * Copyright (c) 1993-1996,1998-2005, 2007-2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDOERS_CHECK_H
+#define _SUDOERS_CHECK_H
+
+/* Status codes for timestamp_status() */
+#define TS_CURRENT 0
+#define TS_OLD 1
+#define TS_MISSING 2
+#define TS_NOFILE 3
+#define TS_ERROR 4
+
+/* This may be a function in some implementations. */
+#define already_lectured(s) (s != TS_MISSING && s != TS_ERROR)
+
+/*
+ * Info stored in tty ticket from stat(2) to help with tty matching.
+ */
+struct sudo_tty_info {
+ dev_t dev; /* ID of device tty resides on */
+ dev_t rdev; /* tty device ID */
+ ino_t ino; /* tty inode number */
+ uid_t uid; /* tty owner */
+ gid_t gid; /* tty group */
+ pid_t sid; /* ID of session with controlling tty */
+};
+
+bool update_timestamp(struct passwd *pw);
+int build_timestamp(struct passwd *pw);
+int timestamp_status(struct passwd *pw);
+
+#endif /* _SUDOERS_CHECK_H */
"limitprivs", T_STR,
N_("Set of limit privileges"),
NULL,
+ }, {
+ "exec_background", T_FLAG,
+ N_("Run commands on a pty in the background"),
+ NULL,
+ }, {
+ "pam_session", T_FLAG,
+ N_("Create a new PAM session for the command to run in"),
+ NULL,
+ }, {
+ "maxseq", T_UINT,
+ N_("Maximum I/O log sequence number"),
+ NULL,
}, {
NULL, 0, NULL
}
#define I_PRIVS 80
#define def_limitprivs (sudo_defs_table[81].sd_un.str)
#define I_LIMITPRIVS 81
+#define def_exec_background (sudo_defs_table[82].sd_un.flag)
+#define I_EXEC_BACKGROUND 82
+#define def_pam_session (sudo_defs_table[83].sd_un.flag)
+#define I_PAM_SESSION 83
+#define def_maxseq (sudo_defs_table[84].sd_un.ival)
+#define I_MAXSEQ 84
enum def_tuple {
never,
limitprivs
T_STR
"Set of limit privileges"
+exec_background
+ T_FLAG
+ "Run commands on a pty in the background"
+pam_session
+ T_FLAG
+ "Create a new PAM session for the command to run in"
+maxseq
+ T_UINT
+ "Maximum I/O log sequence number"
/*
- * Copyright (c) 1999-2005, 2007-2011
+ * Copyright (c) 1999-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
def_env_reset = ENV_RESET;
def_set_logname = true;
def_closefrom = STDERR_FILENO + 1;
+#ifdef NO_PAM_SESSION
+ def_pam_session = false;
+#else
+ def_pam_session = true;
+#endif
/* Syslog options need special care since they both strings and ints */
#if (LOGGING & SLOG_SYSLOG)
/* Now do the strings */
def_mailto = estrdup(MAILTO);
- def_mailsub = estrdup(_(MAILSUBJECT));
+ def_mailsub = estrdup(N_(MAILSUBJECT));
def_badpass_message = estrdup(_(INCORRECT_PASSWORD));
def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
def_passprompt = estrdup(_(PASSPROMPT));
rc = false;
break;
case DEFAULTS_USER:
+#if 1
+ if (ISSET(what, SETDEF_USER)) {
+ int m;
+ m = userlist_matches(sudo_user.pw, &def->binding);
+ if (m == ALLOW) {
+ if (!set_default(def->var, def->val, def->op))
+ rc = false;
+ }
+ }
+#else
if (ISSET(what, SETDEF_USER) &&
userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
!set_default(def->var, def->val, def->op))
rc = false;
+#endif
break;
case DEFAULTS_RUNAS:
if (ISSET(what, SETDEF_RUNAS) &&
/*
- * Copyright (c) 1999-2005, 2008-2010
+ * Copyright (c) 1999-2005, 2008-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
-#ifndef _SUDO_DEFAULTS_H
-#define _SUDO_DEFAULTS_H
+#ifndef _SUDOERS_DEFAULTS_H
+#define _SUDOERS_DEFAULTS_H
#include <def_data.h>
extern struct sudo_defs_types sudo_defs_table[];
-#endif /* _SUDO_DEFAULTS_H */
+#endif /* _SUDOERS_DEFAULTS_H */
/*
- * Copyright (c) 2000-2005, 2007-2011
+ * Copyright (c) 2000-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
size_t nsize;
if (env.env_size > SIZE_MAX - 128) {
- errorx2(1, _("internal error, %s overflow"),
+ fatalx_nodebug(_("internal error, %s overflow"),
"sudo_putenv_nodebug()");
}
nsize = env.env_size + 128;
if (nsize > SIZE_MAX / sizeof(char *)) {
- errorx2(1, _("internal error, %s overflow"),
+ fatalx_nodebug(_("internal error, %s overflow"),
"sudo_putenv_nodebug()");
}
nenvp = realloc(env.envp, nsize * sizeof(char *));
if (rval == -1) {
#ifdef ENV_DEBUG
if (env.envp[env.env_len] != NULL)
- errorx(1, _("sudo_putenv: corrupted envp, length mismatch"));
+ fatalx(_("sudo_putenv: corrupted envp, length mismatch"));
#endif
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
}
debug_return_int(rval);
}
strlcat(estring, "=", esize) >= esize ||
strlcat(estring, val, esize) >= esize) {
- errorx(1, _("internal error, %s overflow"), "sudo_setenv2()");
+ fatalx(_("internal error, %s overflow"), "sudo_setenv2()");
}
rval = sudo_putenv(estring, dupcheck, overwrite);
if (rval == -1)
debug_return_int(rval);
}
+/*
+ * Similar to setenv(3) but operates on a private copy of the environment.
+ */
+int
+sudo_setenv(const char *var, const char *val, int overwrite)
+{
+ return sudo_setenv2(var, val, true, (bool)overwrite);
+}
+
/*
* Similar to setenv(3) but operates on a private copy of the environment.
* Does not include warnings or debugging to avoid recursive calls.
static int
sudo_setenv_nodebug(const char *var, const char *val, int overwrite)
{
- char *estring;
+ char *ep, *estring = NULL;
+ const char *cp;
size_t esize;
int rval = -1;
- esize = strlen(var) + 1 + strlen(val) + 1;
- if ((estring = malloc(esize)) == NULL) {
- errno = ENOMEM;
+ if (var == NULL || *var == '\0') {
+ errno = EINVAL;
goto done;
}
- /* Build environment string and insert it. */
- if (strlcpy(estring, var, esize) >= esize ||
- strlcat(estring, "=", esize) >= esize ||
- strlcat(estring, val, esize) >= esize) {
+ /*
+ * POSIX says a var name with '=' is an error but BSD
+ * just ignores the '=' and anything after it.
+ */
+ for (cp = var; *cp && *cp != '='; cp++)
+ ;
+ esize = (size_t)(cp - var) + 2;
+ if (val) {
+ esize += strlen(val); /* glibc treats a NULL val as "" */
+ }
- errno = EINVAL;
+ /* Allocate and fill in estring. */
+ if ((estring = ep = malloc(esize)) == NULL) {
+ errno = ENOMEM;
goto done;
}
+ for (cp = var; *cp && *cp != '='; cp++)
+ *ep++ = *cp;
+ *ep++ = '=';
+ if (val) {
+ for (cp = val; *cp; cp++)
+ *ep++ = *cp;
+ }
+ *ep = '\0';
+
rval = sudo_putenv_nodebug(estring, true, overwrite);
done:
if (rval == -1)
- efree(estring);
+ free(estring);
return rval;
}
-/*
- * Similar to setenv(3) but operates on a private copy of the environment.
- */
-int
-sudo_setenv(const char *var, const char *val, int overwrite)
-{
- int rval;
- debug_decl(sudo_setenv, SUDO_DEBUG_ENV)
-
- rval = sudo_setenv_nodebug(var, val, overwrite);
- if (rval == -1) {
- if (errno == EINVAL)
- errorx(1, _("internal error, %s overflow"), "sudo_setenv()");
- errorx(1, _("unable to allocate memory"));
- }
- debug_return_int(rval);
-}
-
/*
* Similar to unsetenv(3) but operates on a private copy of the environment.
* Does not include warnings or debugging to avoid recursive calls.
if (bad != NULL) {
bad[blen - 2] = '\0'; /* remove trailing ", " */
log_fatal(NO_MAIL,
- _("sorry, you are not allowed to set the following environment variables: %s"), bad);
+ N_("sorry, you are not allowed to set the following environment variables: %s"), bad);
/* NOTREACHED */
efree(bad);
}
read_env_file(const char *path, int overwrite)
{
FILE *fp;
- char *cp, *var, *val;
- size_t var_len, val_len;
+ char *cp, *var, *val, *line = NULL;
+ size_t var_len, val_len, linesize = 0;
if ((fp = fopen(path, "r")) == NULL)
return;
- while ((var = sudo_parseln(fp)) != NULL) {
+ while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
/* Skip blank or comment lines */
- if (*var == '\0')
+ if (*(var = line) == '\0')
continue;
/* Skip optional "export " */
sudo_putenv(cp, true, overwrite);
}
+ free(line);
fclose(fp);
}
return SUDO_HOOK_RET_NEXT;
in_progress = true;
+
+ /* Hack to make GNU gettext() find the sudoers locale when needed. */
+ if (*name == 'L' && sudoers_getlocale() == SUDOERS_LOCALE_SUDOERS) {
+ if (strcmp(name, "LANGUAGE") == 0 || strcmp(name, "LANG") == 0) {
+ *value = NULL;
+ goto done;
+ }
+ if (strcmp(name, "LC_ALL") == 0 || strcmp(name, "LC_MESSAGES") == 0) {
+ *value = def_sudoers_locale;
+ goto done;
+ }
+ }
+
*value = sudo_getenv_nodebug(name);
+done:
in_progress = false;
return SUDO_HOOK_RET_STOP;
}
/*
- * Copyright (c) 1996, 1998-2005, 2010-2011
+ * Copyright (c) 1996, 1998-2005, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
int len; /* length parameter */
debug_decl(find_path, SUDO_DEBUG_UTIL)
- if (strlen(infile) >= PATH_MAX)
- errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG));
+ if (strlen(infile) >= PATH_MAX) {
+ errno = ENAMETOOLONG;
+ fatal("%s", infile);
+ }
/*
* If we were given a fully qualified or relative path
* Resolve the path and exit the loop if found.
*/
len = snprintf(command, sizeof(command), "%s/%s", path, infile);
- if (len <= 0 || len >= sizeof(command))
- errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG));
+ if (len <= 0 || len >= sizeof(command)) {
+ errno = ENAMETOOLONG;
+ fatal("%s", infile);
+ }
if ((found = sudo_goodpath(command, sbp)))
break;
*/
if (!found && checkdot) {
len = snprintf(command, sizeof(command), "./%s", infile);
- if (len <= 0 || len >= sizeof(command))
- errorx(1, _("%s: %s"), infile, strerror(ENAMETOOLONG));
+ if (len <= 0 || len >= sizeof(command)) {
+ errno = ENAMETOOLONG;
+ fatal("%s", infile);
+ }
found = sudo_goodpath(command, sbp);
if (found && ignore_dot)
debug_return_int(NOT_FOUND_DOT);
}
DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
? 29 : 28;
- /* Checking for 2038 bogusly assumes that time_t is 32 bits. But
- I'm too lazy to try to check for time_t overflow in another way. */
- if (Year < EPOCH || Year > 2038
+ /* 32-bit time_t cannot represent years past 2038 */
+ if (Year < EPOCH || (sizeof(time_t) == sizeof(int) && Year > 2038)
|| Month < 1 || Month > 12
/* Lint fluff: "conversion from long may lose accuracy" */
|| Day < 1 || Day > DaysInMonth[(int)--Month])
/* NOTREACHED */
}
#endif /* defined(TEST) */
-#line 979 "getdate.c"
+#line 978 "getdate.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
short *newss;
YYSTYPE *newvs;
- if ((newsize = yystacksize) == 0)
- newsize = YYINITSTACKSIZE;
- else if (newsize >= YYMAXDEPTH)
+ newsize = yystacksize ? yystacksize : YYINITSTACKSIZE;
+ if (newsize >= YYMAXDEPTH)
return -1;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
- i = yyssp - yyss;
#ifdef SIZE_MAX
#define YY_SIZE_MAX SIZE_MAX
#else
#define YY_SIZE_MAX 0x7fffffff
#endif
- if (!newsize || YY_SIZE_MAX / newsize < sizeof *newss)
+ if (YY_SIZE_MAX / newsize < sizeof *newss)
goto bail;
+ i = yyssp - yyss;
newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
(short *)malloc(newsize * sizeof *newss); /* overflow check above */
if (newss == NULL)
goto bail;
yyss = newss;
yyssp = newss + i;
- if (!newsize || YY_SIZE_MAX / newsize < sizeof *newvs)
- goto bail;
newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
(YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
if (newvs == NULL)
yyval.Meridian = yyvsp[0].Meridian;
}
break;
-#line 1474 "getdate.c"
+#line 1470 "getdate.c"
}
yyssp -= yym;
yystate = *yyssp;
}
DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
? 29 : 28;
- /* Checking for 2038 bogusly assumes that time_t is 32 bits. But
- I'm too lazy to try to check for time_t overflow in another way. */
- if (Year < EPOCH || Year > 2038
+ /* 32-bit time_t cannot represent years past 2038 */
+ if (Year < EPOCH || (sizeof(time_t) == sizeof(int) && Year > 2038)
|| Month < 1 || Month > 12
/* Lint fluff: "conversion from long may lose accuracy" */
|| Day < 1 || Day > DaysInMonth[(int)--Month])
/*
- * Copyright (c) 1996, 1998-2005, 2010
+ * Copyright (c) 1996, 1998-2005, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
/*
- * Copyright (c) 1996, 1998-2005, 2010-2011
+ * Copyright (c) 1996, 1998-2005, 2010-2012
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef HAVE_STRING_H
# include <string.h>
#define yyclearin (yychar=(YYEMPTY))
#define yyerrok (yyerrflag=0)
#define YYRECOVERING() (yyerrflag!=0)
-#define YYPREFIX "yy"
+#define yyparse sudoersparse
+#define yylex sudoerslex
+#define yyerror sudoerserror
+#define yychar sudoerschar
+#define yyval sudoersval
+#define yylval sudoerslval
+#define yydebug sudoersdebug
+#define yynerrs sudoersnerrs
+#define yyerrflag sudoerserrflag
+#define yyss sudoersss
+#define yysslim sudoerssslim
+#define yyssp sudoersssp
+#define yyvs sudoersvs
+#define yyvsp sudoersvsp
+#define yystacksize sudoersstacksize
+#define yylhs sudoerslhs
+#define yylen sudoerslen
+#define yydefred sudoersdefred
+#define yydgoto sudoersdgoto
+#define yysindex sudoerssindex
+#define yyrindex sudoersrindex
+#define yygindex sudoersgindex
+#define yytable sudoerstable
+#define yycheck sudoerscheck
+#define yyname sudoersname
+#define yyrule sudoersrule
+#define YYPREFIX "sudoers"
#line 2 "gram.y"
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#include "sudoers.h" /* XXX */
#include "parse.h"
#include "toke.h"
-#include "gram.h"
/*
* We must define SIZE_MAX for yacc's skeleton.c.
static void add_userspec(struct member *, struct privilege *);
static struct defaults *new_default(char *, char *, int);
static struct member *new_member(char *, int);
- void yyerror(const char *);
-
-void
-yyerror(const char *s)
-{
- debug_decl(yyerror, SUDO_DEBUG_PARSER)
-
- /* If we last saw a newline the error is on the preceding line. */
- if (last_token == COMMENT)
- sudolineno--;
-
- /* Save the line the first error occurred on. */
- if (errorlineno == -1) {
- errorlineno = sudolineno;
- errorfile = estrdup(sudoers);
- }
- if (sudoers_warnings && s != NULL) {
- LEXTRACE("<*> ");
-#ifndef TRACELEXER
- if (trace_print == NULL || trace_print == sudoers_trace_print)
- warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
-#endif
- }
- parse_error = true;
- debug_return;
-}
-#line 122 "gram.y"
+static struct sudo_digest *new_digest(int, const char *);
+#line 95 "gram.y"
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
struct member *member;
struct runascontainer *runas;
struct privilege *privilege;
+ struct sudo_digest *digest;
struct sudo_command command;
struct cmndtag tag;
struct selinux_info seinfo;
#define NETGROUP 261
#define USERGROUP 262
#define WORD 263
-#define DEFAULTS 264
-#define DEFAULTS_HOST 265
-#define DEFAULTS_USER 266
-#define DEFAULTS_RUNAS 267
-#define DEFAULTS_CMND 268
-#define NOPASSWD 269
-#define PASSWD 270
-#define NOEXEC 271
-#define EXEC 272
-#define SETENV 273
-#define NOSETENV 274
-#define LOG_INPUT 275
-#define NOLOG_INPUT 276
-#define LOG_OUTPUT 277
-#define NOLOG_OUTPUT 278
-#define ALL 279
-#define COMMENT 280
-#define HOSTALIAS 281
-#define CMNDALIAS 282
-#define USERALIAS 283
-#define RUNASALIAS 284
-#define ERROR 285
-#define TYPE 286
-#define ROLE 287
-#define PRIVS 288
-#define LIMITPRIVS 289
-#define MYSELF 290
+#define DIGEST 264
+#define DEFAULTS 265
+#define DEFAULTS_HOST 266
+#define DEFAULTS_USER 267
+#define DEFAULTS_RUNAS 268
+#define DEFAULTS_CMND 269
+#define NOPASSWD 270
+#define PASSWD 271
+#define NOEXEC 272
+#define EXEC 273
+#define SETENV 274
+#define NOSETENV 275
+#define LOG_INPUT 276
+#define NOLOG_INPUT 277
+#define LOG_OUTPUT 278
+#define NOLOG_OUTPUT 279
+#define ALL 280
+#define COMMENT 281
+#define HOSTALIAS 282
+#define CMNDALIAS 283
+#define USERALIAS 284
+#define RUNASALIAS 285
+#define ERROR 286
+#define TYPE 287
+#define ROLE 288
+#define PRIVS 289
+#define LIMITPRIVS 290
+#define MYSELF 291
+#define SHA224 292
+#define SHA256 293
+#define SHA384 294
+#define SHA512 295
#define YYERRCODE 256
#if defined(__cplusplus) || defined(__STDC__)
-const short yylhs[] =
+const short sudoerslhs[] =
#else
-short yylhs[] =
+short sudoerslhs[] =
#endif
{ -1,
- 0, 0, 28, 28, 29, 29, 29, 29, 29, 29,
- 29, 29, 29, 29, 29, 29, 4, 4, 3, 3,
- 3, 3, 3, 20, 20, 19, 10, 10, 8, 8,
- 8, 8, 8, 2, 2, 1, 6, 6, 23, 24,
- 22, 22, 22, 22, 22, 26, 27, 25, 25, 25,
- 25, 25, 17, 17, 18, 18, 18, 18, 18, 21,
- 21, 21, 21, 21, 21, 21, 21, 21, 21, 21,
- 5, 5, 5, 31, 31, 34, 9, 9, 32, 32,
- 35, 7, 7, 33, 33, 36, 30, 30, 37, 13,
- 13, 11, 11, 12, 12, 12, 12, 12, 16, 16,
- 14, 14, 15, 15, 15,
+ 0, 0, 30, 30, 31, 31, 31, 31, 31, 31,
+ 31, 31, 31, 31, 31, 31, 4, 4, 3, 3,
+ 3, 3, 3, 21, 21, 20, 11, 11, 9, 9,
+ 9, 9, 9, 2, 2, 1, 29, 29, 29, 29,
+ 7, 7, 6, 6, 24, 25, 23, 23, 23, 23,
+ 23, 27, 28, 26, 26, 26, 26, 26, 18, 18,
+ 19, 19, 19, 19, 19, 22, 22, 22, 22, 22,
+ 22, 22, 22, 22, 22, 22, 5, 5, 5, 33,
+ 33, 36, 10, 10, 34, 34, 37, 8, 8, 35,
+ 35, 38, 32, 32, 39, 14, 14, 12, 12, 13,
+ 13, 13, 13, 13, 17, 17, 15, 15, 16, 16,
+ 16,
};
#if defined(__cplusplus) || defined(__STDC__)
-const short yylen[] =
+const short sudoerslen[] =
#else
-short yylen[] =
+short sudoerslen[] =
#endif
{ 2,
0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
- 1, 1, 1, 1, 3, 5, 1, 2, 3, 3,
- 0, 1, 1, 2, 2, 3, 3, 0, 1, 1,
- 2, 2, 0, 3, 0, 1, 3, 2, 1, 0,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 1, 1, 1, 1, 3, 3, 1, 3, 1, 3,
- 3, 1, 3, 1, 3, 3, 1, 3, 3, 1,
- 3, 1, 2, 1, 1, 1, 1, 1, 1, 3,
- 1, 2, 1, 1, 1,
+ 1, 1, 1, 1, 3, 5, 3, 3, 3, 3,
+ 1, 2, 1, 2, 3, 3, 0, 1, 1, 2,
+ 2, 3, 3, 0, 1, 1, 2, 2, 0, 3,
+ 0, 1, 3, 2, 1, 0, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 1, 1, 1, 1,
+ 3, 3, 1, 3, 1, 3, 3, 1, 3, 1,
+ 3, 3, 1, 3, 3, 1, 3, 1, 2, 1,
+ 1, 1, 1, 1, 1, 3, 1, 2, 1, 1,
+ 1,
};
#if defined(__cplusplus) || defined(__STDC__)
-const short yydefred[] =
+const short sudoersdefred[] =
#else
-short yydefred[] =
+short sudoersdefred[] =
#endif
{ 0,
- 0, 94, 96, 97, 98, 0, 0, 0, 0, 0,
- 95, 5, 0, 0, 0, 0, 0, 0, 90, 92,
+ 0, 100, 102, 103, 104, 0, 0, 0, 0, 0,
+ 101, 5, 0, 0, 0, 0, 0, 0, 96, 98,
0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
- 31, 33, 30, 0, 27, 0, 77, 0, 0, 73,
- 72, 71, 0, 37, 82, 0, 0, 0, 74, 0,
- 0, 79, 0, 0, 87, 0, 0, 84, 93, 0,
- 0, 24, 0, 4, 0, 0, 0, 20, 0, 28,
- 0, 0, 0, 0, 38, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 91, 0, 0, 21, 22,
- 23, 18, 78, 83, 0, 75, 0, 80, 0, 88,
- 0, 85, 0, 34, 0, 0, 25, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 103, 105, 104, 0,
- 99, 101, 0, 0, 54, 35, 0, 0, 0, 0,
- 60, 0, 0, 44, 45, 102, 0, 0, 40, 39,
- 0, 0, 0, 51, 52, 100, 46, 47, 61, 62,
- 63, 64, 65, 66, 67, 68, 69, 70, 36,
+ 31, 33, 30, 0, 27, 0, 83, 0, 0, 79,
+ 78, 77, 0, 0, 0, 0, 0, 43, 41, 88,
+ 0, 0, 0, 0, 80, 0, 0, 85, 0, 0,
+ 93, 0, 0, 90, 99, 0, 0, 24, 0, 4,
+ 0, 0, 0, 20, 0, 28, 0, 0, 0, 0,
+ 44, 0, 0, 0, 0, 0, 0, 42, 0, 0,
+ 0, 0, 0, 0, 0, 0, 97, 0, 0, 21,
+ 22, 23, 18, 84, 37, 38, 39, 40, 89, 0,
+ 81, 0, 86, 0, 94, 0, 91, 0, 34, 0,
+ 0, 25, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 109, 111, 110, 0, 105, 107, 0, 0, 60,
+ 35, 0, 0, 0, 0, 66, 0, 0, 50, 51,
+ 108, 0, 0, 46, 45, 0, 0, 0, 57, 58,
+ 106, 52, 53, 67, 68, 69, 70, 71, 72, 73,
+ 74, 75, 76, 36,
};
#if defined(__cplusplus) || defined(__STDC__)
-const short yydgoto[] =
+const short sudoersdgoto[] =
#else
-short yydgoto[] =
+short sudoersdgoto[] =
#endif
{ 18,
- 104, 105, 27, 28, 44, 45, 46, 35, 61, 37,
- 19, 20, 21, 121, 122, 123, 106, 110, 62, 63,
- 143, 114, 115, 116, 131, 132, 133, 22, 23, 54,
- 48, 51, 57, 49, 52, 58, 55,
+ 119, 120, 27, 28, 48, 49, 50, 51, 35, 67,
+ 37, 19, 20, 21, 136, 137, 138, 121, 125, 68,
+ 69, 158, 129, 130, 131, 146, 147, 148, 52, 22,
+ 23, 60, 54, 57, 63, 55, 58, 64, 61,
};
#if defined(__cplusplus) || defined(__STDC__)
-const short yysindex[] =
+const short sudoerssindex[] =
#else
-short yysindex[] =
+short sudoerssindex[] =
#endif
- { 541,
- -270, 0, 0, 0, 0, -21, -5, 553, 553, 20,
- 0, 0, -242, -229, -216, -214, -240, 0, 0, 0,
- -27, 541, 0, 0, -18, -227, 0, 2, 0, 0,
- 0, 0, 0, -223, 0, -33, 0, -31, -31, 0,
- 0, 0, -243, 0, 0, -24, -12, -6, 0, 3,
- 4, 0, 5, 7, 0, 6, 10, 0, 0, 553,
- -20, 0, 11, 0, -206, -193, -191, 0, -21, 0,
- -5, 2, 2, 2, 0, 20, 2, -5, -242, 20,
- -229, 553, -216, 553, -214, 0, 33, -5, 0, 0,
- 0, 0, 0, 0, 31, 0, 32, 0, 34, 0,
- 34, 0, 513, 0, 35, -226, 0, 86, -25, 36,
- 33, 19, 21, -234, -202, -201, 0, 0, 0, -232,
- 0, 0, 41, 86, 0, 0, -176, -173, 37, 38,
- 0, -198, -195, 0, 0, 0, 86, 41, 0, 0,
- -169, -168, 569, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0,};
+ { -33,
+ -277, 0, 0, 0, 0, -13, 75, 105, 105, -15,
+ 0, 0, -246, -241, -217, -210, -226, 0, 0, 0,
+ -5, -33, 0, 0, -3, -244, 0, 5, 0, 0,
+ 0, 0, 0, -237, 0, -28, 0, -19, -19, 0,
+ 0, 0, -251, -7, -1, 4, 7, 0, 0, 0,
+ -14, -20, -2, 8, 0, 6, 11, 0, 9, 13,
+ 0, 12, 14, 0, 0, 105, -11, 0, 18, 0,
+ -203, -200, -188, 0, -13, 0, 75, 5, 5, 5,
+ 0, -187, -185, -184, -183, -15, 5, 0, 75, -246,
+ -15, -241, 105, -217, 105, -210, 0, 42, 75, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 39,
+ 0, 40, 0, 43, 0, 43, 0, 45, 0, 44,
+ -279, 0, 135, -6, 49, 42, 25, 32, -243, -195,
+ -192, 0, 0, 0, -236, 0, 0, 54, 135, 0,
+ 0, -164, -163, 41, 46, 0, -189, -180, 0, 0,
+ 0, 135, 54, 0, 0, -159, -158, 585, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0,};
#if defined(__cplusplus) || defined(__STDC__)
-const short yyrindex[] =
+const short sudoersrindex[] =
#else
-short yyrindex[] =
+short sudoersrindex[] =
#endif
- { 96,
+ { 106,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 110, 0, 0, 1, 0, 0, 181, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 97, 0, 0, 1, 0, 0, 177, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 207, 0, 0,
- 237, 0, 0, 271, 0, 0, 300, 0, 0, 0,
- 0, 0, 329, 0, 0, 0, 0, 0, 0, 0,
- 0, 358, 387, 417, 0, 0, 446, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 463, 0, 0, 0,
- 0, 0, 0, 0, 30, 0, 59, 0, 89, 0,
- 118, 0, 60, 0, 148, -28, 0, 62, 63, 0,
- 463, 0, 0, 594, 489, 512, 0, 0, 0, 0,
- 0, 0, 64, 0, 0, 0, 0, 0, 0, 0,
- 0, 623, 653, 0, 0, 0, 0, 65, 0, 0,
+ 0, 0, 0, 211, 0, 0, 241, 0, 0, 271,
+ 0, 0, 301, 0, 0, 0, 0, 0, 331, 0,
+ 0, 0, 0, 0, 0, 0, 0, 361, 391, 421,
+ 0, 0, 0, 0, 0, 0, 451, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 467, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 31,
+ 0, 61, 0, 91, 0, 121, 0, 70, 0, 151,
+ 495, 0, 71, 72, 0, 467, 0, 0, 615, 525,
+ 555, 0, 0, 0, 0, 0, 0, 73, 0, 0,
+ 0, 0, 0, 0, 0, 0, 645, 675, 0, 0,
+ 0, 0, 74, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0,};
+ 0, 0, 0, 0,};
#if defined(__cplusplus) || defined(__STDC__)
-const short yygindex[] =
+const short sudoersgindex[] =
#else
-short yygindex[] =
+short sudoersgindex[] =
#endif
{ 0,
- -11, 0, 39, 12, 66, -72, 27, 76, -4, 40,
- 52, 98, -1, -23, -7, -8, 0, 0, 42, 0,
- 0, 0, 8, 13, 0, -13, -9, 0, 99, 0,
- 0, 0, 0, 46, 45, 44, 48,
+ -10, 0, 47, 17, 80, 65, -84, 27, 92, -4,
+ 48, 62, 112, 2, -25, 10, -9, 0, 0, 33,
+ 0, 0, 0, 3, 16, 0, -17, -12, 0, 0,
+ 111, 0, 0, 0, 0, 50, 51, 52, 53,
};
-#define YYTABLESIZE 932
+#define YYTABLESIZE 970
#if defined(__cplusplus) || defined(__STDC__)
-const short yytable[] =
+const short sudoerstable[] =
#else
-short yytable[] =
+short sudoerstable[] =
#endif
- { 26,
- 19, 26, 36, 94, 41, 34, 38, 39, 26, 24,
- 71, 26, 60, 40, 41, 47, 60, 2, 60, 76,
- 3, 4, 5, 71, 66, 117, 67, 34, 50, 76,
- 118, 68, 124, 19, 29, 42, 30, 31, 11, 32,
- 87, 53, 65, 56, 19, 69, 119, 72, 78, 73,
- 74, 79, 43, 129, 130, 33, 89, 77, 81, 112,
- 113, 81, 76, 80, 83, 82, 84, 85, 88, 90,
- 159, 91, 103, 95, 71, 76, 125, 60, 111, 127,
- 99, 128, 101, 112, 137, 113, 139, 76, 89, 140,
- 130, 81, 129, 147, 148, 1, 2, 141, 142, 126,
- 55, 109, 59, 56, 58, 57, 97, 92, 75, 70,
- 93, 86, 136, 146, 59, 138, 81, 86, 120, 145,
- 64, 89, 144, 135, 96, 98, 0, 134, 102, 107,
- 100, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 89, 26, 0, 0,
- 86, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ { 17,
+ 19, 109, 36, 24, 26, 40, 41, 127, 128, 38,
+ 39, 53, 43, 26, 74, 77, 56, 43, 26, 26,
+ 29, 132, 30, 31, 66, 32, 133, 34, 42, 86,
+ 82, 2, 77, 19, 3, 4, 5, 66, 66, 72,
+ 59, 73, 33, 134, 19, 144, 145, 62, 75, 98,
+ 82, 139, 78, 11, 79, 80, 83, 71, 89, 100,
+ 87, 84, 101, 82, 85, 90, 91, 87, 92, 93,
+ 94, 96, 95, 174, 102, 99, 105, 17, 106, 107,
+ 108, 118, 77, 86, 110, 142, 66, 126, 82, 140,
+ 95, 127, 143, 87, 114, 128, 116, 152, 154, 155,
+ 145, 156, 123, 162, 163, 1, 157, 34, 144, 2,
+ 61, 65, 62, 64, 63, 141, 88, 112, 87, 124,
+ 92, 103, 81, 95, 104, 76, 161, 97, 65, 153,
+ 160, 122, 70, 150, 159, 0, 0, 17, 0, 111,
+ 0, 0, 113, 0, 151, 149, 115, 117, 95, 0,
+ 26, 0, 0, 92, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 135, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 92, 0,
+ 12, 0, 0, 26, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 26, 0,
+ 9, 0, 0, 12, 0, 0, 0, 0, 0, 0,
+ 0, 0, 1, 0, 2, 0, 0, 3, 4, 5,
+ 25, 6, 7, 8, 9, 10, 40, 41, 0, 25,
+ 10, 40, 41, 9, 25, 25, 11, 12, 13, 14,
+ 15, 16, 29, 0, 30, 31, 19, 32, 19, 42,
+ 0, 19, 19, 19, 42, 19, 19, 19, 19, 19,
+ 8, 0, 0, 10, 33, 0, 44, 45, 46, 47,
+ 19, 19, 19, 19, 19, 19, 82, 0, 82, 0,
+ 0, 82, 82, 82, 0, 82, 82, 82, 82, 82,
+ 11, 0, 2, 8, 0, 3, 4, 5, 0, 0,
+ 82, 82, 82, 82, 82, 82, 87, 0, 87, 0,
+ 0, 87, 87, 87, 11, 87, 87, 87, 87, 87,
+ 7, 0, 29, 11, 30, 31, 0, 32, 0, 0,
+ 87, 87, 87, 87, 87, 87, 95, 0, 95, 0,
+ 0, 95, 95, 95, 33, 95, 95, 95, 95, 95,
+ 15, 0, 2, 7, 0, 3, 4, 5, 0, 0,
+ 95, 95, 95, 95, 95, 95, 92, 0, 92, 0,
+ 0, 92, 92, 92, 11, 92, 92, 92, 92, 92,
+ 13, 0, 132, 15, 0, 0, 0, 133, 0, 0,
+ 92, 92, 92, 92, 92, 92, 26, 0, 26, 0,
+ 0, 26, 26, 26, 134, 26, 26, 26, 26, 26,
+ 14, 0, 0, 13, 0, 0, 0, 0, 0, 0,
+ 26, 26, 26, 26, 26, 26, 12, 0, 12, 0,
+ 0, 12, 12, 12, 0, 12, 12, 12, 12, 12,
+ 16, 0, 0, 14, 0, 0, 0, 0, 0, 0,
+ 12, 12, 12, 12, 12, 12, 9, 0, 9, 0,
+ 0, 9, 9, 9, 0, 9, 9, 9, 9, 9,
+ 0, 0, 0, 16, 0, 0, 0, 0, 0, 0,
+ 9, 9, 9, 9, 9, 9, 10, 0, 10, 59,
+ 0, 10, 10, 10, 0, 10, 10, 10, 10, 10,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 86, 12, 0, 0, 0,
- 26, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 10, 10, 10, 10, 10, 10, 8, 47, 8, 0,
+ 0, 8, 8, 8, 0, 8, 8, 8, 8, 8,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 26, 9, 0, 0, 12,
+ 8, 8, 8, 8, 8, 8, 11, 48, 11, 0,
+ 0, 11, 11, 11, 0, 11, 11, 11, 11, 11,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 25, 0, 25, 41, 41,
- 29, 0, 30, 31, 25, 32, 10, 25, 0, 9,
- 41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
- 41, 33, 29, 0, 30, 31, 19, 32, 19, 41,
- 41, 19, 19, 19, 19, 19, 19, 19, 19, 10,
- 8, 0, 0, 33, 0, 0, 40, 41, 0, 19,
- 19, 19, 19, 19, 19, 76, 0, 76, 0, 0,
- 76, 76, 76, 76, 76, 76, 76, 76, 42, 11,
- 0, 0, 0, 8, 0, 0, 0, 0, 76, 76,
- 76, 76, 76, 76, 81, 0, 81, 0, 0, 81,
- 81, 81, 81, 81, 81, 81, 81, 0, 7, 0,
- 0, 0, 11, 0, 0, 0, 0, 81, 81, 81,
- 81, 81, 81, 117, 89, 0, 89, 0, 118, 89,
- 89, 89, 89, 89, 89, 89, 89, 15, 0, 0,
- 0, 7, 0, 0, 119, 0, 0, 89, 89, 89,
- 89, 89, 89, 86, 0, 86, 0, 0, 86, 86,
- 86, 86, 86, 86, 86, 86, 13, 0, 0, 0,
- 15, 0, 0, 0, 0, 0, 86, 86, 86, 86,
- 86, 86, 0, 26, 0, 26, 0, 0, 26, 26,
- 26, 26, 26, 26, 26, 26, 14, 0, 0, 13,
- 0, 0, 0, 0, 0, 0, 26, 26, 26, 26,
- 26, 26, 12, 0, 12, 0, 0, 12, 12, 12,
- 12, 12, 12, 12, 12, 16, 0, 0, 0, 14,
- 0, 0, 0, 0, 0, 12, 12, 12, 12, 12,
- 12, 0, 9, 0, 9, 0, 0, 9, 9, 9,
- 9, 9, 9, 9, 9, 0, 0, 0, 16, 0,
- 0, 0, 0, 0, 0, 9, 9, 9, 9, 9,
- 9, 0, 10, 0, 10, 53, 0, 10, 10, 10,
- 10, 10, 10, 10, 10, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 10, 10, 10, 10, 10,
- 10, 42, 0, 0, 0, 0, 8, 0, 8, 0,
- 0, 8, 8, 8, 8, 8, 8, 8, 8, 0,
- 0, 0, 0, 0, 43, 17, 0, 0, 0, 8,
- 8, 8, 8, 8, 8, 11, 0, 11, 0, 0,
- 11, 11, 11, 11, 11, 11, 11, 11, 0, 0,
- 108, 0, 0, 17, 0, 0, 0, 0, 11, 11,
- 11, 11, 11, 11, 7, 17, 7, 0, 0, 7,
- 7, 7, 7, 7, 7, 7, 7, 0, 0, 0,
- 0, 43, 0, 0, 0, 0, 0, 7, 7, 7,
- 7, 7, 7, 15, 0, 15, 0, 0, 15, 15,
- 15, 15, 15, 15, 15, 15, 48, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 15, 15, 15, 15,
- 15, 15, 13, 0, 13, 0, 0, 13, 13, 13,
- 13, 13, 13, 13, 13, 49, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 13, 13, 13, 13, 13,
- 13, 0, 14, 0, 14, 0, 0, 14, 14, 14,
- 14, 14, 14, 14, 14, 50, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 14, 14, 14, 14, 14,
- 14, 16, 0, 16, 0, 0, 16, 16, 16, 16,
- 16, 16, 16, 16, 0, 0, 0, 0, 0, 53,
- 53, 0, 0, 0, 16, 16, 16, 16, 16, 16,
- 0, 53, 53, 53, 53, 53, 53, 53, 53, 53,
- 53, 53, 0, 0, 0, 42, 42, 0, 53, 53,
- 53, 53, 0, 0, 0, 0, 0, 42, 42, 42,
- 42, 42, 42, 42, 42, 42, 42, 42, 43, 43,
- 2, 0, 0, 3, 4, 5, 42, 42, 0, 0,
- 43, 43, 43, 43, 43, 43, 43, 43, 43, 43,
- 43, 11, 0, 0, 0, 0, 1, 0, 2, 43,
- 43, 3, 4, 5, 6, 7, 8, 9, 10, 0,
- 2, 0, 0, 3, 4, 5, 0, 0, 0, 11,
- 12, 13, 14, 15, 16, 40, 41, 0, 0, 0,
- 0, 11, 0, 0, 0, 0, 0, 149, 150, 151,
- 152, 153, 154, 155, 156, 157, 158, 42, 0, 0,
- 48, 48, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 48, 48, 48, 48, 48, 48, 48, 48,
- 48, 48, 48, 0, 0, 0, 0, 0, 0, 49,
- 49, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 49, 49, 49, 49, 49, 49, 49, 49, 49,
- 49, 49, 0, 0, 0, 0, 0, 0, 0, 50,
- 50, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 50, 50, 50, 50, 50, 50, 50, 50, 50,
- 50, 50,
+ 11, 11, 11, 11, 11, 11, 7, 49, 7, 0,
+ 0, 7, 7, 7, 0, 7, 7, 7, 7, 7,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 7, 7, 7, 7, 7, 7, 15, 43, 15, 0,
+ 0, 15, 15, 15, 0, 15, 15, 15, 15, 15,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 15, 15, 15, 15, 15, 15, 13, 54, 13, 0,
+ 0, 13, 13, 13, 0, 13, 13, 13, 13, 13,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 13, 13, 13, 13, 13, 13, 14, 55, 14, 0,
+ 0, 14, 14, 14, 0, 14, 14, 14, 14, 14,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 14, 14, 14, 14, 14, 14, 16, 56, 16, 0,
+ 0, 16, 16, 16, 0, 16, 16, 16, 16, 16,
+ 0, 0, 0, 59, 59, 0, 0, 0, 0, 0,
+ 16, 16, 16, 16, 16, 16, 59, 59, 59, 59,
+ 59, 59, 59, 59, 59, 59, 59, 0, 0, 0,
+ 0, 47, 47, 59, 59, 59, 59, 0, 59, 59,
+ 59, 59, 0, 0, 47, 47, 47, 47, 47, 47,
+ 47, 47, 47, 47, 47, 0, 0, 0, 0, 0,
+ 0, 48, 48, 47, 47, 0, 47, 47, 47, 47,
+ 0, 0, 0, 0, 48, 48, 48, 48, 48, 48,
+ 48, 48, 48, 48, 48, 0, 0, 0, 0, 0,
+ 0, 49, 49, 48, 48, 0, 48, 48, 48, 48,
+ 0, 0, 0, 0, 49, 49, 49, 49, 49, 49,
+ 49, 49, 49, 49, 49, 0, 0, 0, 0, 0,
+ 0, 40, 41, 49, 49, 0, 49, 49, 49, 49,
+ 0, 0, 0, 0, 164, 165, 166, 167, 168, 169,
+ 170, 171, 172, 173, 42, 0, 0, 0, 0, 0,
+ 0, 54, 54, 0, 0, 0, 44, 45, 46, 47,
+ 0, 0, 0, 0, 54, 54, 54, 54, 54, 54,
+ 54, 54, 54, 54, 54, 0, 0, 0, 0, 0,
+ 0, 55, 55, 0, 0, 0, 54, 54, 54, 54,
+ 0, 0, 0, 0, 55, 55, 55, 55, 55, 55,
+ 55, 55, 55, 55, 55, 0, 0, 0, 0, 0,
+ 0, 56, 56, 0, 0, 0, 55, 55, 55, 55,
+ 0, 0, 0, 0, 56, 56, 56, 56, 56, 56,
+ 56, 56, 56, 56, 56, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 56, 56, 56, 56,
};
#if defined(__cplusplus) || defined(__STDC__)
-const short yycheck[] =
+const short sudoerscheck[] =
#else
-short yycheck[] =
+short sudoerscheck[] =
#endif
{ 33,
- 0, 33, 7, 76, 33, 33, 8, 9, 33, 280,
- 44, 33, 44, 257, 258, 258, 44, 258, 44, 44,
- 261, 262, 263, 44, 43, 258, 45, 33, 258, 0,
- 263, 259, 58, 33, 258, 279, 260, 261, 279, 263,
- 61, 258, 61, 258, 44, 44, 279, 36, 61, 38,
- 39, 58, 33, 288, 289, 279, 263, 46, 0, 286,
- 287, 58, 33, 61, 58, 61, 61, 58, 58, 263,
- 143, 263, 40, 78, 44, 44, 41, 44, 44, 61,
- 82, 61, 84, 286, 44, 287, 263, 58, 0, 263,
- 289, 33, 288, 263, 263, 0, 0, 61, 61, 111,
- 41, 103, 41, 41, 41, 41, 80, 69, 43, 34,
- 71, 60, 120, 137, 17, 124, 58, 0, 33, 133,
- 22, 33, 132, 116, 79, 81, -1, 115, 85, 88,
- 83, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, 58, 0, -1, -1,
- 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 0, 86, 7, 281, 33, 257, 258, 287, 288, 8,
+ 9, 258, 33, 33, 259, 44, 258, 33, 33, 33,
+ 258, 258, 260, 261, 44, 263, 263, 33, 280, 44,
+ 0, 258, 44, 33, 261, 262, 263, 44, 44, 43,
+ 258, 45, 280, 280, 44, 289, 290, 258, 44, 61,
+ 58, 58, 36, 280, 38, 39, 58, 61, 61, 263,
+ 0, 58, 263, 33, 58, 58, 61, 51, 58, 61,
+ 58, 58, 61, 158, 263, 58, 264, 33, 264, 264,
+ 264, 40, 44, 44, 89, 61, 44, 44, 58, 41,
+ 0, 287, 61, 33, 93, 288, 95, 44, 263, 263,
+ 290, 61, 58, 263, 263, 0, 61, 33, 289, 0,
+ 41, 41, 41, 41, 41, 126, 52, 91, 58, 118,
+ 0, 75, 43, 33, 77, 34, 152, 66, 17, 139,
+ 148, 99, 22, 131, 147, -1, -1, 33, -1, 90,
+ -1, -1, 92, -1, 135, 130, 94, 96, 58, -1,
+ 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, 33, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 58, -1,
+ 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 58, -1,
+ 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ -1, -1, 256, -1, 258, -1, -1, 261, 262, 263,
+ 259, 265, 266, 267, 268, 269, 257, 258, -1, 259,
+ 0, 257, 258, 33, 259, 259, 280, 281, 282, 283,
+ 284, 285, 258, -1, 260, 261, 256, 263, 258, 280,
+ -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
+ 0, -1, -1, 33, 280, -1, 292, 293, 294, 295,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ 0, -1, 258, 33, -1, 261, 262, 263, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
+ 0, -1, 258, 33, 260, 261, -1, 263, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
+ 0, -1, 258, 33, -1, 261, 262, 263, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
+ 0, -1, 258, 33, -1, -1, -1, 263, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, 280, 265, 266, 267, 268, 269,
+ 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ 0, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ -1, -1, -1, 33, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, -1, 258, 33,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 58, 0, -1, -1, -1,
- 33, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 58, 0, -1, -1, 33,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 259, -1, 259, 257, 258,
- 258, -1, 260, 261, 259, 263, 0, 259, -1, 33,
- 269, 270, 271, 272, 273, 274, 275, 276, 277, 278,
- 279, 279, 258, -1, 260, 261, 256, 263, 258, 288,
- 289, 261, 262, 263, 264, 265, 266, 267, 268, 33,
- 0, -1, -1, 279, -1, -1, 257, 258, -1, 279,
- 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
- 261, 262, 263, 264, 265, 266, 267, 268, 279, 0,
- -1, -1, -1, 33, -1, -1, -1, -1, 279, 280,
- 281, 282, 283, 284, 256, -1, 258, -1, -1, 261,
- 262, 263, 264, 265, 266, 267, 268, -1, 0, -1,
- -1, -1, 33, -1, -1, -1, -1, 279, 280, 281,
- 282, 283, 284, 258, 256, -1, 258, -1, 263, 261,
- 262, 263, 264, 265, 266, 267, 268, 0, -1, -1,
- -1, 33, -1, -1, 279, -1, -1, 279, 280, 281,
- 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
- 263, 264, 265, 266, 267, 268, 0, -1, -1, -1,
- 33, -1, -1, -1, -1, -1, 279, 280, 281, 282,
- 283, 284, -1, 256, -1, 258, -1, -1, 261, 262,
- 263, 264, 265, 266, 267, 268, 0, -1, -1, 33,
- -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
- 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
- 264, 265, 266, 267, 268, 0, -1, -1, -1, 33,
- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
- 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
- 264, 265, 266, 267, 268, -1, -1, -1, 33, -1,
- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
- 284, -1, 256, -1, 258, 33, -1, 261, 262, 263,
- 264, 265, 266, 267, 268, -1, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
- 284, 33, -1, -1, -1, -1, 256, -1, 258, -1,
- -1, 261, 262, 263, 264, 265, 266, 267, 268, -1,
- -1, -1, -1, -1, 33, 33, -1, -1, -1, 279,
- 280, 281, 282, 283, 284, 256, -1, 258, -1, -1,
- 261, 262, 263, 264, 265, 266, 267, 268, -1, -1,
- 58, -1, -1, 33, -1, -1, -1, -1, 279, 280,
- 281, 282, 283, 284, 256, 33, 258, -1, -1, 261,
- 262, 263, 264, 265, 266, 267, 268, -1, -1, -1,
- -1, 33, -1, -1, -1, -1, -1, 279, 280, 281,
- 282, 283, 284, 256, -1, 258, -1, -1, 261, 262,
- 263, 264, 265, 266, 267, 268, 33, -1, -1, -1,
- -1, -1, -1, -1, -1, -1, 279, 280, 281, 282,
- 283, 284, 256, -1, 258, -1, -1, 261, 262, 263,
- 264, 265, 266, 267, 268, 33, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
- 284, -1, 256, -1, 258, -1, -1, 261, 262, 263,
- 264, 265, 266, 267, 268, 33, -1, -1, -1, -1,
- -1, -1, -1, -1, -1, 279, 280, 281, 282, 283,
- 284, 256, -1, 258, -1, -1, 261, 262, 263, 264,
- 265, 266, 267, 268, -1, -1, -1, -1, -1, 257,
- 258, -1, -1, -1, 279, 280, 281, 282, 283, 284,
- -1, 269, 270, 271, 272, 273, 274, 275, 276, 277,
- 278, 279, -1, -1, -1, 257, 258, -1, 286, 287,
- 288, 289, -1, -1, -1, -1, -1, 269, 270, 271,
- 272, 273, 274, 275, 276, 277, 278, 279, 257, 258,
- 258, -1, -1, 261, 262, 263, 288, 289, -1, -1,
- 269, 270, 271, 272, 273, 274, 275, 276, 277, 278,
- 279, 279, -1, -1, -1, -1, 256, -1, 258, 288,
- 289, 261, 262, 263, 264, 265, 266, 267, 268, -1,
- 258, -1, -1, 261, 262, 263, -1, -1, -1, 279,
- 280, 281, 282, 283, 284, 257, 258, -1, -1, -1,
- -1, 279, -1, -1, -1, -1, -1, 269, 270, 271,
- 272, 273, 274, 275, 276, 277, 278, 279, -1, -1,
- 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, -1, 269, 270, 271, 272, 273, 274, 275, 276,
- 277, 278, 279, -1, -1, -1, -1, -1, -1, 257,
- 258, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 269, 270, 271, 272, 273, 274, 275, 276, 277,
- 278, 279, -1, -1, -1, -1, -1, -1, -1, 257,
- 258, -1, -1, -1, -1, -1, -1, -1, -1, -1,
- -1, 269, 270, 271, 272, 273, 274, 275, 276, 277,
- 278, 279,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 256, 33, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ -1, -1, -1, 257, 258, -1, -1, -1, -1, -1,
+ 280, 281, 282, 283, 284, 285, 270, 271, 272, 273,
+ 274, 275, 276, 277, 278, 279, 280, -1, -1, -1,
+ -1, 257, 258, 287, 288, 289, 290, -1, 292, 293,
+ 294, 295, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, 257, 258, 289, 290, -1, 292, 293, 294, 295,
+ -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, 257, 258, 289, 290, -1, 292, 293, 294, 295,
+ -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, 257, 258, 289, 290, -1, 292, 293, 294, 295,
+ -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, 257, 258, -1, -1, -1, 292, 293, 294, 295,
+ -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, 257, 258, -1, -1, -1, 292, 293, 294, 295,
+ -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, 257, 258, -1, -1, -1, 292, 293, 294, 295,
+ -1, -1, -1, -1, 270, 271, 272, 273, 274, 275,
+ 276, 277, 278, 279, 280, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 292, 293, 294, 295,
};
#define YYFINAL 18
#ifndef YYDEBUG
#define YYDEBUG 0
#endif
-#define YYMAXTOKEN 290
+#define YYMAXTOKEN 295
#if YYDEBUG
#if defined(__cplusplus) || defined(__STDC__)
-const char * const yyname[] =
+const char * const sudoersname[] =
#else
-char *yyname[] =
+char *sudoersname[] =
#endif
{
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
-"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
-"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
-"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
-"LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
-"RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS","MYSELF",
+"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DIGEST",
+"DEFAULTS","DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND",
+"NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT",
+"NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS",
+"CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE","ROLE","PRIVS","LIMITPRIVS",
+"MYSELF","SHA224","SHA256","SHA384","SHA512",
};
#if defined(__cplusplus) || defined(__STDC__)
-const char * const yyrule[] =
+const char * const sudoersrule[] =
#else
-char *yyrule[] =
+char *sudoersrule[] =
#endif
{"$accept : file",
"file :",
"host : WORD",
"cmndspeclist : cmndspec",
"cmndspeclist : cmndspeclist ',' cmndspec",
-"cmndspec : runasspec selinux solarisprivs cmndtag opcmnd",
+"cmndspec : runasspec selinux solarisprivs cmndtag digcmnd",
+"digest : SHA224 ':' DIGEST",
+"digest : SHA256 ':' DIGEST",
+"digest : SHA384 ':' DIGEST",
+"digest : SHA512 ':' DIGEST",
+"digcmnd : opcmnd",
+"digcmnd : digest opcmnd",
"opcmnd : cmnd",
"opcmnd : '!' cmnd",
"rolespec : ROLE '=' WORD",
"cmndaliases : cmndalias",
"cmndaliases : cmndaliases ':' cmndalias",
"cmndalias : ALIAS '=' cmndlist",
-"cmndlist : opcmnd",
-"cmndlist : cmndlist ',' opcmnd",
+"cmndlist : digcmnd",
+"cmndlist : cmndlist ',' digcmnd",
"runasaliases : runasalias",
"runasaliases : runasaliases ':' runasalias",
"runasalias : ALIAS '=' userlist",
short *yysslim;
YYSTYPE *yyvs;
int yystacksize;
-#line 674 "gram.y"
+#line 681 "gram.y"
+void
+sudoerserror(const char *s)
+{
+ debug_decl(sudoerserror, SUDO_DEBUG_PARSER)
+
+ /* If we last saw a newline the error is on the preceding line. */
+ if (last_token == COMMENT)
+ sudolineno--;
+
+ /* Save the line the first error occurred on. */
+ if (errorlineno == -1) {
+ errorlineno = sudolineno;
+ errorfile = estrdup(sudoers);
+ }
+ if (sudoers_warnings && s != NULL) {
+ LEXTRACE("<*> ");
+#ifndef TRACELEXER
+ if (trace_print == NULL || trace_print == sudoers_trace_print) {
+ const char fmt[] = ">>> %s: %s near line %d <<<\n";
+ int oldlocale;
+
+ /* Warnings are displayed in the user's locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
+ sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno);
+ sudoers_setlocale(oldlocale, NULL);
+ }
+#endif
+ }
+ parse_error = true;
+ debug_return;
+}
+
static struct defaults *
new_default(char *var, char *val, int op)
{
debug_return_ptr(m);
}
+struct sudo_digest *
+new_digest(int digest_type, const char *digest_str)
+{
+ struct sudo_digest *dig;
+ debug_decl(new_digest, SUDO_DEBUG_PARSER)
+
+ dig = emalloc(sizeof(*dig));
+ dig->digest_type = digest_type;
+ dig->digest_str = estrdup(digest_str);
+
+ debug_return_ptr(dig);
+}
+
/*
* Add a list of defaults structures to the defaults list.
* The binding, if non-NULL, specifies a list of hosts, users, or
debug_return;
}
-#line 827 "gram.c"
+#line 898 "gram.c"
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
#if defined(__cplusplus) || defined(__STDC__)
static int yygrowstack(void)
switch (yyn)
{
case 1:
-#line 204 "gram.y"
+#line 185 "gram.y"
{ ; }
break;
case 5:
-#line 212 "gram.y"
+#line 193 "gram.y"
{
;
}
break;
case 6:
-#line 215 "gram.y"
+#line 196 "gram.y"
{
yyerrok;
}
break;
case 7:
-#line 218 "gram.y"
+#line 199 "gram.y"
{
add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
}
break;
case 8:
-#line 221 "gram.y"
+#line 202 "gram.y"
{
;
}
break;
case 9:
-#line 224 "gram.y"
+#line 205 "gram.y"
{
;
}
break;
case 10:
-#line 227 "gram.y"
+#line 208 "gram.y"
{
;
}
break;
case 11:
-#line 230 "gram.y"
+#line 211 "gram.y"
{
;
}
break;
case 12:
-#line 233 "gram.y"
+#line 214 "gram.y"
{
add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
}
break;
case 13:
-#line 236 "gram.y"
+#line 217 "gram.y"
{
add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 14:
-#line 239 "gram.y"
+#line 220 "gram.y"
{
add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 15:
-#line 242 "gram.y"
+#line 223 "gram.y"
{
add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 16:
-#line 245 "gram.y"
+#line 226 "gram.y"
{
add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
}
break;
case 18:
-#line 251 "gram.y"
+#line 232 "gram.y"
{
list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
yyval.defaults = yyvsp[-2].defaults;
}
break;
case 19:
-#line 257 "gram.y"
+#line 238 "gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, true);
}
break;
case 20:
-#line 260 "gram.y"
+#line 241 "gram.y"
{
yyval.defaults = new_default(yyvsp[0].string, NULL, false);
}
break;
case 21:
-#line 263 "gram.y"
+#line 244 "gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
}
break;
case 22:
-#line 266 "gram.y"
+#line 247 "gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
}
break;
case 23:
-#line 269 "gram.y"
+#line 250 "gram.y"
{
yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
}
break;
case 25:
-#line 275 "gram.y"
+#line 256 "gram.y"
{
list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
yyval.privilege = yyvsp[-2].privilege;
}
break;
case 26:
-#line 281 "gram.y"
+#line 262 "gram.y"
{
struct privilege *p = ecalloc(1, sizeof(*p));
list2tq(&p->hostlist, yyvsp[-2].member);
}
break;
case 27:
-#line 291 "gram.y"
+#line 272 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
case 28:
-#line 295 "gram.y"
+#line 276 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
case 29:
-#line 301 "gram.y"
+#line 282 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
case 30:
-#line 304 "gram.y"
+#line 285 "gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
case 31:
-#line 307 "gram.y"
+#line 288 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
}
break;
case 32:
-#line 310 "gram.y"
+#line 291 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, NTWKADDR);
}
break;
case 33:
-#line 313 "gram.y"
+#line 294 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
case 35:
-#line 319 "gram.y"
+#line 300 "gram.y"
{
list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
#ifdef HAVE_SELINUX
}
break;
case 36:
-#line 358 "gram.y"
+#line 339 "gram.y"
{
struct cmndspec *cs = ecalloc(1, sizeof(*cs));
if (yyvsp[-4].runas != NULL) {
}
break;
case 37:
-#line 388 "gram.y"
+#line 369 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string);
+ }
+break;
+case 38:
+#line 372 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string);
+ }
+break;
+case 39:
+#line 375 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string);
+ }
+break;
+case 40:
+#line 378 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string);
+ }
+break;
+case 41:
+#line 383 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ }
+break;
+case 42:
+#line 386 "gram.y"
+{
+ /* XXX - yuck */
+ struct sudo_command *c = (struct sudo_command *)(yyvsp[0].member->name);
+ c->digest = yyvsp[-1].digest;
+ yyval.member = yyvsp[0].member;
+ }
+break;
+case 43:
+#line 394 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
-case 38:
-#line 392 "gram.y"
+case 44:
+#line 398 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
-case 39:
-#line 398 "gram.y"
+case 45:
+#line 404 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
-case 40:
-#line 403 "gram.y"
+case 46:
+#line 409 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
-case 41:
-#line 408 "gram.y"
+case 47:
+#line 414 "gram.y"
{
yyval.seinfo.role = NULL;
yyval.seinfo.type = NULL;
}
break;
-case 42:
-#line 412 "gram.y"
+case 48:
+#line 418 "gram.y"
{
yyval.seinfo.role = yyvsp[0].string;
yyval.seinfo.type = NULL;
}
break;
-case 43:
-#line 416 "gram.y"
+case 49:
+#line 422 "gram.y"
{
yyval.seinfo.type = yyvsp[0].string;
yyval.seinfo.role = NULL;
}
break;
-case 44:
-#line 420 "gram.y"
+case 50:
+#line 426 "gram.y"
{
yyval.seinfo.role = yyvsp[-1].string;
yyval.seinfo.type = yyvsp[0].string;
}
break;
-case 45:
-#line 424 "gram.y"
+case 51:
+#line 430 "gram.y"
{
yyval.seinfo.type = yyvsp[-1].string;
yyval.seinfo.role = yyvsp[0].string;
}
break;
-case 46:
-#line 430 "gram.y"
+case 52:
+#line 436 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
-case 47:
-#line 434 "gram.y"
+case 53:
+#line 440 "gram.y"
{
yyval.string = yyvsp[0].string;
}
break;
-case 48:
-#line 439 "gram.y"
+case 54:
+#line 445 "gram.y"
{
yyval.privinfo.privs = NULL;
yyval.privinfo.limitprivs = NULL;
}
break;
-case 49:
-#line 443 "gram.y"
+case 55:
+#line 449 "gram.y"
{
yyval.privinfo.privs = yyvsp[0].string;
yyval.privinfo.limitprivs = NULL;
}
break;
-case 50:
-#line 447 "gram.y"
+case 56:
+#line 453 "gram.y"
{
yyval.privinfo.privs = NULL;
yyval.privinfo.limitprivs = yyvsp[0].string;
}
break;
-case 51:
-#line 451 "gram.y"
+case 57:
+#line 457 "gram.y"
{
yyval.privinfo.privs = yyvsp[-1].string;
yyval.privinfo.limitprivs = yyvsp[0].string;
}
break;
-case 52:
-#line 455 "gram.y"
+case 58:
+#line 461 "gram.y"
{
yyval.privinfo.limitprivs = yyvsp[-1].string;
yyval.privinfo.privs = yyvsp[0].string;
}
break;
-case 53:
-#line 460 "gram.y"
+case 59:
+#line 467 "gram.y"
{
yyval.runas = NULL;
}
break;
-case 54:
-#line 463 "gram.y"
+case 60:
+#line 470 "gram.y"
{
yyval.runas = yyvsp[-1].runas;
}
break;
-case 55:
-#line 468 "gram.y"
+case 61:
+#line 475 "gram.y"
{
yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = new_member(NULL, MYSELF);
/* $$->runasgroups = NULL; */
}
break;
-case 56:
-#line 473 "gram.y"
+case 62:
+#line 480 "gram.y"
{
yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[0].member;
/* $$->runasgroups = NULL; */
}
break;
-case 57:
-#line 478 "gram.y"
+case 63:
+#line 485 "gram.y"
{
yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = yyvsp[-2].member;
yyval.runas->runasgroups = yyvsp[0].member;
}
break;
-case 58:
-#line 483 "gram.y"
+case 64:
+#line 490 "gram.y"
{
yyval.runas = ecalloc(1, sizeof(struct runascontainer));
/* $$->runasusers = NULL; */
yyval.runas->runasgroups = yyvsp[0].member;
}
break;
-case 59:
-#line 488 "gram.y"
+case 65:
+#line 495 "gram.y"
{
yyval.runas = ecalloc(1, sizeof(struct runascontainer));
yyval.runas->runasusers = new_member(NULL, MYSELF);
/* $$->runasgroups = NULL; */
}
break;
-case 60:
-#line 495 "gram.y"
+case 66:
+#line 502 "gram.y"
{
yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
}
break;
-case 61:
-#line 499 "gram.y"
+case 67:
+#line 506 "gram.y"
{
yyval.tag.nopasswd = true;
}
break;
-case 62:
-#line 502 "gram.y"
+case 68:
+#line 509 "gram.y"
{
yyval.tag.nopasswd = false;
}
break;
-case 63:
-#line 505 "gram.y"
+case 69:
+#line 512 "gram.y"
{
yyval.tag.noexec = true;
}
break;
-case 64:
-#line 508 "gram.y"
+case 70:
+#line 515 "gram.y"
{
yyval.tag.noexec = false;
}
break;
-case 65:
-#line 511 "gram.y"
+case 71:
+#line 518 "gram.y"
{
yyval.tag.setenv = true;
}
break;
-case 66:
-#line 514 "gram.y"
+case 72:
+#line 521 "gram.y"
{
yyval.tag.setenv = false;
}
break;
-case 67:
-#line 517 "gram.y"
+case 73:
+#line 524 "gram.y"
{
yyval.tag.log_input = true;
}
break;
-case 68:
-#line 520 "gram.y"
+case 74:
+#line 527 "gram.y"
{
yyval.tag.log_input = false;
}
break;
-case 69:
-#line 523 "gram.y"
+case 75:
+#line 530 "gram.y"
{
yyval.tag.log_output = true;
}
break;
-case 70:
-#line 526 "gram.y"
+case 76:
+#line 533 "gram.y"
{
yyval.tag.log_output = false;
}
break;
-case 71:
-#line 531 "gram.y"
+case 77:
+#line 538 "gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
-case 72:
-#line 534 "gram.y"
+case 78:
+#line 541 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
-case 73:
-#line 537 "gram.y"
+case 79:
+#line 544 "gram.y"
{
struct sudo_command *c = ecalloc(1, sizeof(*c));
c->cmnd = yyvsp[0].command.cmnd;
yyval.member = new_member((char *)c, COMMAND);
}
break;
-case 76:
-#line 549 "gram.y"
+case 82:
+#line 556 "gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
break;
-case 78:
-#line 559 "gram.y"
+case 84:
+#line 566 "gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
-case 81:
-#line 569 "gram.y"
+case 87:
+#line 576 "gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
break;
-case 83:
-#line 579 "gram.y"
+case 89:
+#line 586 "gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
-case 86:
-#line 589 "gram.y"
+case 92:
+#line 596 "gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
break;
-case 89:
-#line 602 "gram.y"
+case 95:
+#line 609 "gram.y"
{
char *s;
if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
break;
-case 91:
-#line 612 "gram.y"
+case 97:
+#line 619 "gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
-case 92:
-#line 618 "gram.y"
+case 98:
+#line 625 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
-case 93:
-#line 622 "gram.y"
+case 99:
+#line 629 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
-case 94:
-#line 628 "gram.y"
+case 100:
+#line 635 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
-case 95:
-#line 631 "gram.y"
+case 101:
+#line 638 "gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
-case 96:
-#line 634 "gram.y"
+case 102:
+#line 641 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, NETGROUP);
}
break;
-case 97:
-#line 637 "gram.y"
+case 103:
+#line 644 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, USERGROUP);
}
break;
-case 98:
-#line 640 "gram.y"
+case 104:
+#line 647 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
-case 100:
-#line 646 "gram.y"
+case 106:
+#line 653 "gram.y"
{
list_append(yyvsp[-2].member, yyvsp[0].member);
yyval.member = yyvsp[-2].member;
}
break;
-case 101:
-#line 652 "gram.y"
+case 107:
+#line 659 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = false;
}
break;
-case 102:
-#line 656 "gram.y"
+case 108:
+#line 663 "gram.y"
{
yyval.member = yyvsp[0].member;
yyval.member->negated = true;
}
break;
-case 103:
-#line 662 "gram.y"
+case 109:
+#line 669 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, ALIAS);
}
break;
-case 104:
-#line 665 "gram.y"
+case 110:
+#line 672 "gram.y"
{
yyval.member = new_member(NULL, ALL);
}
break;
-case 105:
-#line 668 "gram.y"
+case 111:
+#line 675 "gram.y"
{
yyval.member = new_member(yyvsp[0].string, WORD);
}
break;
-#line 1667 "gram.c"
+#line 1777 "gram.c"
}
yyssp -= yym;
yystate = *yyssp;
#define NETGROUP 261
#define USERGROUP 262
#define WORD 263
-#define DEFAULTS 264
-#define DEFAULTS_HOST 265
-#define DEFAULTS_USER 266
-#define DEFAULTS_RUNAS 267
-#define DEFAULTS_CMND 268
-#define NOPASSWD 269
-#define PASSWD 270
-#define NOEXEC 271
-#define EXEC 272
-#define SETENV 273
-#define NOSETENV 274
-#define LOG_INPUT 275
-#define NOLOG_INPUT 276
-#define LOG_OUTPUT 277
-#define NOLOG_OUTPUT 278
-#define ALL 279
-#define COMMENT 280
-#define HOSTALIAS 281
-#define CMNDALIAS 282
-#define USERALIAS 283
-#define RUNASALIAS 284
-#define ERROR 285
-#define TYPE 286
-#define ROLE 287
-#define PRIVS 288
-#define LIMITPRIVS 289
-#define MYSELF 290
+#define DIGEST 264
+#define DEFAULTS 265
+#define DEFAULTS_HOST 266
+#define DEFAULTS_USER 267
+#define DEFAULTS_RUNAS 268
+#define DEFAULTS_CMND 269
+#define NOPASSWD 270
+#define PASSWD 271
+#define NOEXEC 272
+#define EXEC 273
+#define SETENV 274
+#define NOSETENV 275
+#define LOG_INPUT 276
+#define NOLOG_INPUT 277
+#define LOG_OUTPUT 278
+#define NOLOG_OUTPUT 279
+#define ALL 280
+#define COMMENT 281
+#define HOSTALIAS 282
+#define CMNDALIAS 283
+#define USERALIAS 284
+#define RUNASALIAS 285
+#define ERROR 286
+#define TYPE 287
+#define ROLE 288
+#define PRIVS 289
+#define LIMITPRIVS 290
+#define MYSELF 291
+#define SHA224 292
+#define SHA256 293
+#define SHA384 294
+#define SHA512 295
#ifndef YYSTYPE_DEFINED
#define YYSTYPE_DEFINED
typedef union {
struct member *member;
struct runascontainer *runas;
struct privilege *privilege;
+ struct sudo_digest *digest;
struct sudo_command command;
struct cmndtag tag;
struct selinux_info seinfo;
int tok;
} YYSTYPE;
#endif /* YYSTYPE_DEFINED */
-extern YYSTYPE yylval;
+extern YYSTYPE sudoerslval;
%{
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#include "sudoers.h" /* XXX */
#include "parse.h"
#include "toke.h"
-#include "gram.h"
/*
* We must define SIZE_MAX for yacc's skeleton.c.
static void add_userspec(struct member *, struct privilege *);
static struct defaults *new_default(char *, char *, int);
static struct member *new_member(char *, int);
- void yyerror(const char *);
-
-void
-yyerror(const char *s)
-{
- debug_decl(yyerror, SUDO_DEBUG_PARSER)
-
- /* If we last saw a newline the error is on the preceding line. */
- if (last_token == COMMENT)
- sudolineno--;
-
- /* Save the line the first error occurred on. */
- if (errorlineno == -1) {
- errorlineno = sudolineno;
- errorfile = estrdup(sudoers);
- }
- if (sudoers_warnings && s != NULL) {
- LEXTRACE("<*> ");
-#ifndef TRACELEXER
- if (trace_print == NULL || trace_print == sudoers_trace_print)
- warningx(_(">>> %s: %s near line %d <<<"), sudoers, s, sudolineno);
-#endif
- }
- parse_error = true;
- debug_return;
-}
+static struct sudo_digest *new_digest(int, const char *);
%}
%union {
struct member *member;
struct runascontainer *runas;
struct privilege *privilege;
+ struct sudo_digest *digest;
struct sudo_command command;
struct cmndtag tag;
struct selinux_info seinfo;
%token <string> NETGROUP /* a netgroup (+NAME) */
%token <string> USERGROUP /* a usergroup (%NAME) */
%token <string> WORD /* a word */
+%token <string> DIGEST /* a SHA-2 digest */
%token <tok> DEFAULTS /* Defaults entry */
%token <tok> DEFAULTS_HOST /* Host-specific defaults entry */
%token <tok> DEFAULTS_USER /* User-specific defaults entry */
%token <tok> PRIVS /* Solaris privileges */
%token <tok> LIMITPRIVS /* Solaris limit privileges */
%token <tok> MYSELF /* run as myself, not another user */
+%token <tok> SHA224 /* sha224 digest */
+%token <tok> SHA256 /* sha256 digest */
+%token <tok> SHA384 /* sha384 digest */
+%token <tok> SHA512 /* sha512 digest */
%type <cmndspec> cmndspec
%type <cmndspec> cmndspeclist
%type <defaults> defaults_list
%type <member> cmnd
%type <member> opcmnd
+%type <member> digcmnd
%type <member> cmndlist
%type <member> host
%type <member> hostlist
%type <privinfo> solarisprivs
%type <string> privsspec
%type <string> limitprivsspec
+%type <digest> digest
%%
}
;
-cmndspec : runasspec selinux solarisprivs cmndtag opcmnd {
+cmndspec : runasspec selinux solarisprivs cmndtag digcmnd {
struct cmndspec *cs = ecalloc(1, sizeof(*cs));
if ($1 != NULL) {
list2tq(&cs->runasuserlist, $1->runasusers);
}
;
+digest : SHA224 ':' DIGEST {
+ $$ = new_digest(SUDO_DIGEST_SHA224, $3);
+ }
+ | SHA256 ':' DIGEST {
+ $$ = new_digest(SUDO_DIGEST_SHA256, $3);
+ }
+ | SHA384 ':' DIGEST {
+ $$ = new_digest(SUDO_DIGEST_SHA384, $3);
+ }
+ | SHA512 ':' DIGEST {
+ $$ = new_digest(SUDO_DIGEST_SHA512, $3);
+ }
+ ;
+
+digcmnd : opcmnd {
+ $$ = $1;
+ }
+ | digest opcmnd {
+ /* XXX - yuck */
+ struct sudo_command *c = (struct sudo_command *)($2->name);
+ c->digest = $1;
+ $$ = $2;
+ }
+ ;
+
opcmnd : cmnd {
$$ = $1;
$$->negated = false;
| privsspec {
$$.privs = $1;
$$.limitprivs = NULL;
- }
+ }
| limitprivsspec {
$$.privs = NULL;
$$.limitprivs = $1;
- }
+ }
| privsspec limitprivsspec {
$$.privs = $1;
$$.limitprivs = $2;
- }
+ }
| limitprivsspec privsspec {
$$.limitprivs = $1;
$$.privs = $2;
- }
+ }
+ ;
runasspec : /* empty */ {
$$ = NULL;
hostalias : ALIAS '=' hostlist {
char *s;
if ((s = alias_add($1, HOSTALIAS, $3)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
cmndalias : ALIAS '=' cmndlist {
char *s;
if ((s = alias_add($1, CMNDALIAS, $3)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
;
-cmndlist : opcmnd
- | cmndlist ',' opcmnd {
+cmndlist : digcmnd
+ | cmndlist ',' digcmnd {
list_append($1, $3);
$$ = $1;
}
runasalias : ALIAS '=' userlist {
char *s;
if ((s = alias_add($1, RUNASALIAS, $3)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
useralias : ALIAS '=' userlist {
char *s;
if ((s = alias_add($1, USERALIAS, $3)) != NULL) {
- yyerror(s);
+ sudoerserror(s);
YYERROR;
}
}
;
%%
+void
+sudoerserror(const char *s)
+{
+ debug_decl(sudoerserror, SUDO_DEBUG_PARSER)
+
+ /* If we last saw a newline the error is on the preceding line. */
+ if (last_token == COMMENT)
+ sudolineno--;
+
+ /* Save the line the first error occurred on. */
+ if (errorlineno == -1) {
+ errorlineno = sudolineno;
+ errorfile = estrdup(sudoers);
+ }
+ if (sudoers_warnings && s != NULL) {
+ LEXTRACE("<*> ");
+#ifndef TRACELEXER
+ if (trace_print == NULL || trace_print == sudoers_trace_print) {
+ const char fmt[] = ">>> %s: %s near line %d <<<\n";
+ int oldlocale;
+
+ /* Warnings are displayed in the user's locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
+ sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), sudolineno);
+ sudoers_setlocale(oldlocale, NULL);
+ }
+#endif
+ }
+ parse_error = true;
+ debug_return;
+}
+
static struct defaults *
new_default(char *var, char *val, int op)
{
debug_return_ptr(m);
}
+struct sudo_digest *
+new_digest(int digest_type, const char *digest_str)
+{
+ struct sudo_digest *dig;
+ debug_decl(new_digest, SUDO_DEBUG_PARSER)
+
+ dig = emalloc(sizeof(*dig));
+ dig->digest_type = digest_type;
+ dig->digest_str = estrdup(digest_str);
+
+ debug_return_ptr(dig);
+}
+
/*
* Add a list of defaults structures to the defaults list.
* The binding, if non-NULL, specifies a list of hosts, users, or
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <stdio.h>
(*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
}
if (len <= 0 || len >= sizeof(path)) {
- warningx(_("%s%s: %s"),
- (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info,
- strerror(ENAMETOOLONG));
+ errno = ENAMETOOLONG;
+ warning("%s%s",
+ (*plugin_info != '/') ? _PATH_SUDO_PLUGIN_DIR : "", plugin_info);
goto done;
}
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+
+#include "missing.h"
+#include "sudo_debug.h"
+#include "error.h"
+
+int
+hexchar(const char *s)
+{
+ unsigned char result[2];
+ int i;
+ debug_decl(hexchar, SUDO_DEBUG_UTIL)
+
+ for (i = 0; i < 2; i++) {
+ switch (s[i]) {
+ case '0':
+ result[i] = 0;
+ break;
+ case '1':
+ result[i] = 1;
+ break;
+ case '2':
+ result[i] = 2;
+ break;
+ case '3':
+ result[i] = 3;
+ break;
+ case '4':
+ result[i] = 4;
+ break;
+ case '5':
+ result[i] = 5;
+ break;
+ case '6':
+ result[i] = 6;
+ break;
+ case '7':
+ result[i] = 7;
+ break;
+ case '8':
+ result[i] = 8;
+ break;
+ case '9':
+ result[i] = 9;
+ break;
+ case 'A':
+ case 'a':
+ result[i] = 10;
+ break;
+ case 'B':
+ case 'b':
+ result[i] = 11;
+ break;
+ case 'C':
+ case 'c':
+ result[i] = 12;
+ break;
+ case 'D':
+ case 'd':
+ result[i] = 13;
+ break;
+ case 'E':
+ case 'e':
+ result[i] = 14;
+ break;
+ case 'F':
+ case 'f':
+ result[i] = 15;
+ break;
+ default:
+ /* Should not happen. */
+ fatalx("internal error, \\x%s not in proper hex format", s);
+ }
+ }
+ debug_return_int((result[0] << 4) | result[1]);
+}
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_INS_2001_H
-#define _SUDO_INS_2001_H
+#ifndef _SUDOERS_INS_2001_H
+#define _SUDOERS_INS_2001_H
/*
* HAL insults (paraphrased) from 2001.
"This mission is too important for me to allow you to jeopardize it.",
"I feel much better now.",
-#endif /* _SUDO_INS_2001_H */
+#endif /* _SUDOERS_INS_2001_H */
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_INS_CLASSIC_H
-#define _SUDO_INS_CLASSIC_H
+#ifndef _SUDOERS_INS_CLASSIC_H
+#define _SUDOERS_INS_CLASSIC_H
/*
* Insults from the original sudo(8).
"Do you think like you type?",
"Your mind just hasn't been the same since the electro-shock, has it?",
-#endif /* _SUDO_INS_CLASSIC_H */
+#endif /* _SUDOERS_INS_CLASSIC_H */
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_INS_CSOPS_H
-#define _SUDO_INS_CSOPS_H
+#ifndef _SUDOERS_INS_CSOPS_H
+#define _SUDOERS_INS_CSOPS_H
/*
* CSOps insults (may be site dependent).
"Have you considered trying to match wits with a rutabaga?",
"You speak an infinite deal of nothing",
-#endif /* _SUDO_INS_CSOPS_H */
+#endif /* _SUDOERS_INS_CSOPS_H */
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_INS_GOONS_H
-#define _SUDO_INS_GOONS_H
+#ifndef _SUDOERS_INS_GOONS_H
+#define _SUDOERS_INS_GOONS_H
/*
* Insults from the "Goon Show."
"It's only your word against mine.",
"I think ... err ... I think ... I think I'll go home",
-#endif /* _SUDO_INS_GOONS_H */
+#endif /* _SUDOERS_INS_GOONS_H */
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_INSULTS_H
-#define _SUDO_INSULTS_H
+#ifndef _SUDOERS_INSULTS_H
+#define _SUDOERS_INSULTS_H
#if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS)
#endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS */
-#endif /* _SUDO_INSULTS_H */
+#endif /* _SUDOERS_INSULTS_H */
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <sys/types.h>
#include <sys/socket.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# define INADDR_NONE ((unsigned int)-1)
#endif
+static struct interface *interfaces;
+
/*
* Parse a space-delimited list of IP address/netmask pairs and
* store in a list of interface structures.
debug_return;
}
+struct interface *
+get_interfaces(void)
+{
+ return interfaces;
+}
+
void
dump_interfaces(const char *ai)
{
/*
- * Copyright (c) 1996, 1998-2005, 2007, 2010
+ * Copyright (c) 1996, 1998-2005, 2007, 2010-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
-#ifndef _SUDO_INTERFACES_H
-#define _SUDO_INTERFACES_H
+#ifndef _SUDOERS_INTERFACES_H
+#define _SUDOERS_INTERFACES_H
/*
* Union to hold either strucr in_addr or in6_add
int get_net_ifs(char **addrinfo);
void dump_interfaces(const char *);
void set_interfaces(const char *);
+struct interface *get_interfaces(void);
-/*
- * Definitions for external variables.
- */
-#ifndef _SUDO_MAIN
-extern struct interface *interfaces;
-#endif
-
-#endif /* _SUDO_INTERFACES_H */
+#endif /* _SUDOERS_INTERFACES_H */
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
-#include <setjmp.h>
#include <pwd.h>
#include <grp.h>
#ifdef HAVE_ZLIB_H
#include "sudoers.h"
-/* plugin_error.c */
-extern sigjmp_buf error_jmp;
-
-union io_fd {
- FILE *f;
-#ifdef HAVE_ZLIB_H
- gzFile g;
-#endif
- void *v;
-};
-
struct script_buf {
int len; /* buffer length (how much read in) */
int off; /* write position (how much already consumed) */
const char *iolog_path;
struct passwd *runas_pw;
struct group *runas_gr;
- int iolog_stdin;
- int iolog_stdout;
- int iolog_stderr;
- int iolog_ttyin;
- int iolog_ttyout;
+ int lines;
+ int cols;
};
-#define IOFD_STDIN 0
-#define IOFD_STDOUT 1
-#define IOFD_STDERR 2
-#define IOFD_TTYIN 3
-#define IOFD_TTYOUT 4
-#define IOFD_TIMING 5
-#define IOFD_MAX 6
+union io_fd {
+ FILE *f;
+#ifdef HAVE_ZLIB_H
+ gzFile g;
+#endif
+ void *v;
+};
+
+static struct io_log_file {
+ bool enabled;
+ const char *suffix;
+ union io_fd fd;
+} io_log_files[] = {
+#define IOFD_LOG 0
+ { true, "/log" },
+#define IOFD_TIMING 1
+ { true, "/timing" },
+#define IOFD_STDIN 2
+ { false, "/stdin" },
+#define IOFD_STDOUT 3
+ { false, "/stdout" },
+#define IOFD_STDERR 4
+ { false, "/stderr" },
+#define IOFD_TTYIN 5
+ { false, "/ttyin" },
+#define IOFD_TTYOUT 6
+ { false, "/ttyout" },
+#define IOFD_MAX 7
+ { false, NULL }
+};
#define SESSID_MAX 2176782336U
static int iolog_compress;
static struct timeval last_time;
-static union io_fd io_fds[IOFD_MAX];
+static unsigned int sessid_max = SESSID_MAX;
+
+/* sudoers_io is declared at the end of this file. */
extern __dso_public struct io_plugin sudoers_io;
/*
- * Create parent directories for path as needed, but not path itself.
+ * Create path and any parent directories as needed.
+ * If is_temp is set, use mkdtemp() for the final directory.
*/
static void
-mkdir_parents(char *path)
+io_mkdirs(char *path, mode_t mode, bool is_temp)
{
struct stat sb;
+ gid_t parent_gid = 0;
char *slash = path;
- debug_decl(mkdir_parents, SUDO_DEBUG_UTIL)
+ debug_decl(io_mkdirs, SUDO_DEBUG_UTIL)
- for (;;) {
- if ((slash = strchr(slash + 1, '/')) == NULL)
- break;
+ /* Fast path: not a temporary and already exists. */
+ if (!is_temp && stat(path, &sb) == 0) {
+ if (!S_ISDIR(sb.st_mode)) {
+ log_fatal(0, N_("%s exists but is not a directory (0%o)"),
+ path, (unsigned int) sb.st_mode);
+ }
+ debug_return;
+ }
+
+ while ((slash = strchr(slash + 1, '/')) != NULL) {
*slash = '\0';
if (stat(path, &sb) != 0) {
- if (mkdir(path, S_IRWXU) != 0)
- log_fatal(USE_ERRNO, _("unable to mkdir %s"), path);
+ if (mkdir(path, mode) != 0)
+ log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path);
+ ignore_result(chown(path, (uid_t)-1, parent_gid));
} else if (!S_ISDIR(sb.st_mode)) {
- log_fatal(0, _("%s: %s"), path, strerror(ENOTDIR));
+ log_fatal(0, N_("%s exists but is not a directory (0%o)"),
+ path, (unsigned int) sb.st_mode);
+ } else {
+ /* Inherit gid of parent dir for ownership. */
+ parent_gid = sb.st_gid;
}
*slash = '/';
}
+ /* Create final path component. */
+ if (is_temp) {
+ if (mkdtemp(path) == NULL)
+ log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path);
+ ignore_result(chown(path, (uid_t)-1, parent_gid));
+ } else {
+ if (mkdir(path, mode) != 0 && errno != EEXIST)
+ log_fatal(USE_ERRNO, N_("unable to mkdir %s"), path);
+ ignore_result(chown(path, (uid_t)-1, parent_gid));
+ }
debug_return;
}
+/*
+ * Set max session ID (aka sequence number)
+ */
+int
+io_set_max_sessid(const char *maxval)
+{
+ unsigned long ulval;
+ char *ep;
+
+ errno = 0;
+ ulval = strtoul(maxval, &ep, 0);
+ if (*maxval != '\0' && *ep == '\0' &&
+ (errno != ERANGE || ulval != ULONG_MAX)) {
+ sessid_max = MIN((unsigned int)ulval, SESSID_MAX);
+ return true;
+ }
+ return false;
+}
+
/*
* Read the on-disk sequence number, set sessid to the next
* number, and update the on-disk copy.
/*
* Create I/O log directory if it doesn't already exist.
*/
- mkdir_parents(iolog_dir);
- if (stat(iolog_dir, &sb) != 0) {
- if (mkdir(iolog_dir, S_IRWXU) != 0)
- log_fatal(USE_ERRNO, _("unable to mkdir %s"), iolog_dir);
- } else if (!S_ISDIR(sb.st_mode)) {
- log_fatal(0, _("%s exists but is not a directory (0%o)"),
- iolog_dir, (unsigned int) sb.st_mode);
- }
+ io_mkdirs(iolog_dir, S_IRWXU, false);
/*
* Open sequence file
}
fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
if (fd == -1)
- log_fatal(USE_ERRNO, _("unable to open %s"), pathbuf);
+ log_fatal(USE_ERRNO, N_("unable to open %s"), pathbuf);
lock_file(fd, SUDO_LOCK);
/*
nread = read(fd2, buf, sizeof(buf));
if (nread > 0) {
id = strtoul(buf, &ep, 36);
- if (buf == ep || id >= SESSID_MAX)
+ if (buf == ep || id >= sessid_max)
id = 0;
}
close(fd2);
nread = read(fd, buf, sizeof(buf));
if (nread != 0) {
if (nread == -1)
- log_fatal(USE_ERRNO, _("unable to read %s"), pathbuf);
+ log_fatal(USE_ERRNO, N_("unable to read %s"), pathbuf);
id = strtoul(buf, &ep, 36);
- if (buf == ep || id >= SESSID_MAX)
- log_fatal(0, _("invalid sequence number %s"), pathbuf);
+ if (buf == ep || id >= sessid_max)
+ id = 0;
}
}
id++;
/* Rewind and overwrite old seq file. */
if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7)
- log_fatal(USE_ERRNO, _("unable to write to %s"), pathbuf);
+ log_fatal(USE_ERRNO, N_("unable to write to %s"), pathbuf);
close(fd);
debug_return;
mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize)
{
size_t len;
+ bool is_temp = false;
debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL)
len = strlcpy(pathbuf, iolog_path, pathsize);
* Create path and intermediate subdirs as needed.
* If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp().
*/
- mkdir_parents(pathbuf);
- if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) {
- if (mkdtemp(pathbuf) == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- } else {
- if (mkdir(pathbuf, S_IRWXU) != 0)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- }
+ if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0)
+ is_temp = true;
+ io_mkdirs(pathbuf, S_IRWXU, is_temp);
debug_return_size_t(len);
}
* Append suffix to pathbuf after len chars and open the resulting file.
* Note that the size of pathbuf is assumed to be PATH_MAX.
* Uses zlib if docompress is true.
- * Returns the open file handle which has the close-on-exec flag set.
+ * Stores the open file handle which has the close-on-exec flag set.
*/
-static void *
-open_io_fd(char *pathbuf, size_t len, const char *suffix, bool docompress)
+static void
+open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
{
- void *vfd = NULL;
int fd;
debug_decl(open_io_fd, SUDO_DEBUG_UTIL)
pathbuf[len] = '\0';
- strlcat(pathbuf, suffix, PATH_MAX);
- fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
- if (fd != -1) {
- fcntl(fd, F_SETFD, FD_CLOEXEC);
+ strlcat(pathbuf, iol->suffix, PATH_MAX);
+ if (iol->enabled) {
+ fd = open(pathbuf, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+ if (fd != -1) {
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB_H
- if (docompress)
- vfd = gzdopen(fd, "w");
- else
+ if (docompress)
+ iol->fd.g = gzdopen(fd, "w");
+ else
#endif
- vfd = fdopen(fd, "w");
+ iol->fd.f = fdopen(fd, "w");
+ }
+ if (fd == -1 || iol->fd.v == NULL) {
+ log_fatal(USE_ERRNO, N_("unable to create %s"), pathbuf);
+ if (fd != -1)
+ close(fd);
+ }
+ } else {
+ /* Remove old log file if we recycled sequence numbers. */
+ unlink(pathbuf);
}
- debug_return_ptr(vfd);
+ debug_return;
}
/*
* Pull out I/O log related data from user_info and command_info arrays.
+ * Returns true if I/O logging is enabled, else false.
*/
-static void
+static bool
iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
char * const command_info[])
{
gid_t runas_gid = 0;
debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL)
- memset(details, 0, sizeof(*details));
+ details->lines = 24;
+ details->cols = 80;
for (cur = user_info; *cur != NULL; cur++) {
switch (**cur) {
case 'c':
+ if (strncmp(*cur, "cols=", sizeof("cols=") - 1) == 0) {
+ details->cols = atoi(*cur + sizeof("cols=") - 1);
+ continue;
+ }
if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) {
details->cwd = *cur + sizeof("cwd=") - 1;
continue;
}
break;
+ case 'l':
+ if (strncmp(*cur, "lines=", sizeof("lines=") - 1) == 0) {
+ details->lines = atoi(*cur + sizeof("lines=") - 1);
+ continue;
+ }
+ break;
case 't':
if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) {
details->tty = *cur + sizeof("tty=") - 1;
}
if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_stdin=") - 1) == true)
- details->iolog_stdin = true;
+ io_log_files[IOFD_STDIN].enabled = true;
continue;
}
if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_stdout=") - 1) == true)
- details->iolog_stdout = true;
+ io_log_files[IOFD_STDOUT].enabled = true;
continue;
}
if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_stderr=") - 1) == true)
- details->iolog_stderr = true;
+ io_log_files[IOFD_STDERR].enabled = true;
continue;
}
if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == true)
- details->iolog_ttyin = true;
+ io_log_files[IOFD_TTYIN].enabled = true;
continue;
}
if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) {
if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == true)
- details->iolog_ttyout = true;
+ io_log_files[IOFD_TTYOUT].enabled = true;
continue;
}
if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) {
continue;
}
break;
+ case 'm':
+ if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0)
+ io_set_max_sessid(*cur + sizeof("maxseq=") - 1);
+ break;
case 'r':
if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) {
runas_gid_str = *cur + sizeof("runas_gid=") - 1;
details->runas_gr = sudo_fakegrnam(id);
}
}
- debug_return;
+ debug_return_bool(
+ io_log_files[IOFD_STDIN].enabled || io_log_files[IOFD_STDOUT].enabled ||
+ io_log_files[IOFD_STDERR].enabled || io_log_files[IOFD_TTYIN].enabled ||
+ io_log_files[IOFD_TTYOUT].enabled);
}
static int
char *tofree = NULL;
char * const *cur;
const char *debug_flags = NULL;
- FILE *io_logfile;
size_t len;
- int rval = -1;
+ int i, rval = -1;
debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN)
- if (!sudo_conv)
- sudo_conv = conversation;
- if (!sudo_printf)
- sudo_printf = plugin_printf;
+ sudo_conv = conversation;
+ sudo_printf = plugin_printf;
/* If we have no command (because -V was specified) just return. */
if (argc == 0)
debug_return_bool(true);
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
+ memset(&details, 0, sizeof(details));
+
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
rval = -1;
goto done;
}
sudo_debug_init(NULL, debug_flags);
/*
- * Pull iolog settings out of command_info, if any.
+ * Pull iolog settings out of command_info.
*/
- iolog_deserialize_info(&details, user_info, command_info);
- /* Did policy module disable I/O logging? */
- if (!details.iolog_stdin && !details.iolog_ttyin &&
- !details.iolog_stdout && !details.iolog_stderr &&
- !details.iolog_ttyout) {
+ if (!iolog_deserialize_info(&details, user_info, command_info)) {
rval = false;
goto done;
}
/*
* We create 7 files: a log file, a timing file and 5 for input/output.
*/
- io_logfile = open_io_fd(pathbuf, len, "/log", false);
- if (io_logfile == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
-
- io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing",
- iolog_compress);
- if (io_fds[IOFD_TIMING].v == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
-
- if (details.iolog_ttyin) {
- io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin",
- iolog_compress);
- if (io_fds[IOFD_TTYIN].v == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- } else {
- sudoers_io.log_ttyin = NULL;
- }
- if (details.iolog_stdin) {
- io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin",
- iolog_compress);
- if (io_fds[IOFD_STDIN].v == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- } else {
- sudoers_io.log_stdin = NULL;
- }
- if (details.iolog_ttyout) {
- io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout",
- iolog_compress);
- if (io_fds[IOFD_TTYOUT].v == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- } else {
- sudoers_io.log_ttyout = NULL;
- }
- if (details.iolog_stdout) {
- io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout",
- iolog_compress);
- if (io_fds[IOFD_STDOUT].v == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- } else {
- sudoers_io.log_stdout = NULL;
- }
- if (details.iolog_stderr) {
- io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr",
- iolog_compress);
- if (io_fds[IOFD_STDERR].v == NULL)
- log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
- } else {
- sudoers_io.log_stderr = NULL;
+ for (i = 0; i < IOFD_MAX; i++) {
+ open_io_fd(pathbuf, len, &io_log_files[i], i ? iolog_compress : false);
}
gettimeofday(&last_time, NULL);
-
- fprintf(io_logfile, "%ld:%s:%s:%s:%s\n", (long)last_time.tv_sec,
+ fprintf(io_log_files[IOFD_LOG].fd.f, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s",
+ (long long)last_time.tv_sec,
details.user ? details.user : "unknown", details.runas_pw->pw_name,
details.runas_gr ? details.runas_gr->gr_name : "",
- details.tty ? details.tty : "unknown");
- fputs(details.cwd ? details.cwd : "unknown", io_logfile);
- fputc('\n', io_logfile);
- fputs(details.command ? details.command : "unknown", io_logfile);
+ details.tty ? details.tty : "unknown", details.lines, details.cols,
+ details.cwd ? details.cwd : "unknown",
+ details.command ? details.command : "unknown");
for (cur = &argv[1]; *cur != NULL; cur++) {
- fputc(' ', io_logfile);
- fputs(*cur, io_logfile);
+ fputc(' ', io_log_files[IOFD_LOG].fd.f);
+ fputs(*cur, io_log_files[IOFD_LOG].fd.f);
}
- fputc('\n', io_logfile);
- fclose(io_logfile);
+ fputc('\n', io_log_files[IOFD_LOG].fd.f);
+ fclose(io_log_files[IOFD_LOG].fd.f);
+ io_log_files[IOFD_LOG].fd.f = NULL;
+
+ /*
+ * Clear I/O log function pointers for disabled log functions.
+ */
+ if (!io_log_files[IOFD_STDIN].enabled)
+ sudoers_io.log_stdin = NULL;
+ if (!io_log_files[IOFD_STDOUT].enabled)
+ sudoers_io.log_stdout = NULL;
+ if (!io_log_files[IOFD_STDERR].enabled)
+ sudoers_io.log_stderr = NULL;
+ if (!io_log_files[IOFD_TTYIN].enabled)
+ sudoers_io.log_ttyin = NULL;
+ if (!io_log_files[IOFD_TTYOUT].enabled)
+ sudoers_io.log_ttyout = NULL;
rval = true;
done:
+ fatal_disable_setjmp();
efree(tofree);
if (details.runas_pw)
sudo_pw_delref(details.runas_pw);
int i;
debug_decl(sudoers_io_close, SUDO_DEBUG_PLUGIN)
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
+ fatal_disable_setjmp();
debug_return;
}
for (i = 0; i < IOFD_MAX; i++) {
- if (io_fds[i].v == NULL)
+ if (io_log_files[i].fd.v == NULL)
continue;
#ifdef HAVE_ZLIB_H
if (iolog_compress)
- gzclose(io_fds[i].g);
+ gzclose(io_log_files[i].fd.g);
else
#endif
- fclose(io_fds[i].f);
+ fclose(io_log_files[i].fd.f);
}
debug_return;
}
{
debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN)
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
+ fatal_disable_setjmp();
debug_return_bool(-1);
}
gettimeofday(&now, NULL);
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
+ fatal_disable_setjmp();
debug_return_bool(-1);
}
#ifdef HAVE_ZLIB_H
if (iolog_compress)
- ignore_result(gzwrite(io_fds[idx].g, (const voidp)buf, len));
+ ignore_result(gzwrite(io_log_files[idx].fd.g, (const voidp)buf, len));
else
#endif
- ignore_result(fwrite(buf, 1, len, io_fds[idx].f));
+ ignore_result(fwrite(buf, 1, len, io_log_files[idx].fd.f));
delay.tv_sec = now.tv_sec;
delay.tv_usec = now.tv_usec;
timevalsub(&delay, &last_time);
#ifdef HAVE_ZLIB_H
if (iolog_compress)
- gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx,
+ gzprintf(io_log_files[IOFD_TIMING].fd.g, "%d %f %d\n", idx,
delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
else
#endif
- fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx,
+ fprintf(io_log_files[IOFD_TIMING].fd.f, "%d %f %d\n", idx,
delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
last_time.tv_sec = now.tv_sec;
last_time.tv_usec = now.tv_usec;
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#include <pwd.h>
#include <grp.h>
#include <time.h>
size_t (*copy_fn)(char *, size_t, char *);
};
-static size_t fill_seq(char *, size_t, char *);
-static size_t fill_user(char *, size_t, char *);
-static size_t fill_group(char *, size_t, char *);
-static size_t fill_runas_user(char *, size_t, char *);
-static size_t fill_runas_group(char *, size_t, char *);
-static size_t fill_hostname(char *, size_t, char *);
-static size_t fill_command(char *, size_t, char *);
-
-/* Note: "seq" must be first in the list. */
-static struct path_escape io_path_escapes[] = {
- { "seq", fill_seq },
- { "user", fill_user },
- { "group", fill_group },
- { "runas_user", fill_runas_user },
- { "runas_group", fill_runas_group },
- { "hostname", fill_hostname },
- { "command", fill_command },
- { NULL, NULL }
-};
-
static size_t
fill_seq(char *str, size_t strsize, char *logdir)
{
+#ifdef SUDOERS_NO_SEQ
+ debug_decl(fill_seq, SUDO_DEBUG_UTIL)
+ debug_return_size_t(strlcpy(str, "%{seq}", strsize));
+#else
static char sessid[7];
int len;
- debug_decl(sudoers_io_version, SUDO_DEBUG_UTIL)
+ debug_decl(fill_seq, SUDO_DEBUG_UTIL)
if (sessid[0] == '\0')
io_nextid(logdir, def_iolog_dir, sessid);
if (len < 0)
debug_return_size_t(strsize); /* handle non-standard snprintf() */
debug_return_size_t(len);
+#endif /* SUDOERS_NO_SEQ */
}
static size_t
debug_return_size_t(strlcpy(str, user_base, strsize));
}
+/* Note: "seq" must be first in the list. */
+static struct path_escape io_path_escapes[] = {
+ { "seq", fill_seq },
+ { "user", fill_user },
+ { "group", fill_group },
+ { "runas_user", fill_runas_user },
+ { "runas_group", fill_runas_group },
+ { "hostname", fill_hostname },
+ { "command", fill_command },
+ { NULL, NULL }
+};
+
/*
* Concatenate dir + file, expanding any escape sequences.
* Returns the concatenated path and sets slashp point to
char *dst, *dst0, *path, *pathend, tmpbuf[PATH_MAX];
char *slash = NULL;
const char *endbrace, *src = dir;
- static struct path_escape *escapes;
- int pass;
+ struct path_escape *escapes = NULL;
+ int pass, oldlocale;
bool strfit;
debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL)
switch (pass) {
case 0:
src = dir;
- escapes = io_path_escapes + 1; /* skip "${seq}" */
+ escapes = io_path_escapes + 1; /* skip "%{seq}" */
break;
case 1:
/* Trim trailing slashes from dir component. */
time(&now);
timeptr = localtime(&now);
-#ifdef HAVE_SETLOCALE
- if (!setlocale(LC_ALL, def_sudoers_locale)) {
- warningx(_("unable to set locale to \"%s\", using \"C\""),
- def_sudoers_locale);
- setlocale(LC_ALL, "C");
- }
-#endif
+ /* Use sudoers locale for strftime() */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+
/* We only calls strftime() on the current part of the buffer. */
tmpbuf[sizeof(tmpbuf) - 1] = '\0';
len = strftime(tmpbuf, sizeof(tmpbuf), dst0, timeptr);
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, "");
-#endif
+ /* Restore old locale. */
+ sudoers_setlocale(oldlocale, NULL);
+
if (len == 0 || tmpbuf[sizeof(tmpbuf) - 1] != '\0')
goto bad; /* strftime() failed, buf too small? */
/*
- * Copyright (c) 2003-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* This code is derived from software contributed by Aaron Spangler.
*
#include <sys/types.h>
#include <sys/time.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#include <grp.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <netdb.h>
#ifdef HAVE_LBER_H
# include <lber.h>
#endif
(var) != NULL; \
(var) = ldap_next_entry((ld), (var)))
-#define DPRINTF(args, level) if (ldap_conf.debug >= level) warningx args
+#if defined(__GNUC__) && __GNUC__ == 2
+# define DPRINTF1(fmt...) do { \
+ if (ldap_conf.debug >= 1) \
+ warningx(__VA_ARGS__); \
+ sudo_debug_printf(SUDO_DEBUG_DIAG, fmt); \
+} while (0)
+# define DPRINTF2(fmt...) do { \
+ if (ldap_conf.debug >= 2) \
+ warningx(__VA_ARGS__); \
+ sudo_debug_printf(SUDO_DEBUG_INFO, fmt); \
+} while (0)
+#else
+# define DPRINTF1(...) do { \
+ if (ldap_conf.debug >= 1) \
+ warningx(__VA_ARGS__); \
+ sudo_debug_printf(SUDO_DEBUG_DIAG, __VA_ARGS__); \
+} while (0)
+# define DPRINTF2(...) do { \
+ if (ldap_conf.debug >= 2) \
+ warningx(__VA_ARGS__); \
+ sudo_debug_printf(SUDO_DEBUG_INFO, __VA_ARGS__); \
+} while (0)
+#endif
#define CONF_BOOL 0
#define CONF_INT 1
hostbuf[0] = '\0';
if (snprintf(defport, sizeof(defport), ":%d", ldap_conf.port) >= sizeof(defport))
- errorx(1, _("sudo_ldap_conf_add_ports: port too large"));
+ fatalx(_("sudo_ldap_conf_add_ports: port too large"));
for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) {
if (hostbuf[0] != '\0') {
debug_return;
toobig:
- errorx(1, _("sudo_ldap_conf_add_ports: out of space expanding hostbuf"));
+ fatalx(_("sudo_ldap_conf_add_ports: out of space expanding hostbuf"));
}
#endif
debug_return_int(rc);
toobig:
- errorx(1, _("sudo_ldap_parse_uri: out of space building hostbuf"));
+ fatalx(_("sudo_ldap_parse_uri: out of space building hostbuf"));
}
#else
static char *
#ifdef HAVE_LDAPSSL_INIT
if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) {
const int defsecure = ldap_conf.ssl_mode == SUDO_LDAP_SSL;
- DPRINTF(("ldapssl_clientauth_init(%s, %s)",
+ DPRINTF2("ldapssl_clientauth_init(%s, %s)",
ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
- ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
+ ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL");
rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL);
/*
}
}
if (retry) {
- DPRINTF(("ldapssl_clientauth_init(%s, %s)",
+ DPRINTF2("ldapssl_clientauth_init(%s, %s)",
ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
- ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
+ ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL");
rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL);
}
ldapssl_err2string(rc));
if (ldap_conf.tls_certfile == NULL)
warningx(_("you must set TLS_CERT in %s to use SSL"),
- _PATH_LDAP_CONF);
+ path_ldap_conf);
goto done;
}
- DPRINTF(("ldapssl_init(%s, %d, %d)", host, port, defsecure), 2);
+ DPRINTF2("ldapssl_init(%s, %d, %d)", host, port, defsecure);
if ((ld = ldapssl_init(host, port, defsecure)) != NULL)
rc = LDAP_SUCCESS;
} else
warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc));
debug_return_int(-1);
}
- DPRINTF(("ldap_ssl_init(%s, %d, NULL)", host, port), 2);
+ DPRINTF2("ldap_ssl_init(%s, %d, NULL)", host, port);
if ((ld = ldap_ssl_init((char *)host, port, NULL)) != NULL)
rc = LDAP_SUCCESS;
} else
#endif
{
#ifdef HAVE_LDAP_CREATE
- DPRINTF(("ldap_create()"), 2);
+ DPRINTF2("ldap_create()");
if ((rc = ldap_create(&ld)) != LDAP_SUCCESS)
goto done;
- DPRINTF(("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host), 2);
+ DPRINTF2("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host);
rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, host);
#else
- DPRINTF(("ldap_init(%s, %d)", host, port), 2);
+ DPRINTF2("ldap_init(%s, %d)", host, port);
if ((ld = ldap_init((char *)host, port)) != NULL)
rc = LDAP_SUCCESS;
#endif
/*
* Walk through search results and return true if we have a matching
- * netgroup, else false.
+ * non-Unix group (including netgroups), else false.
*/
static bool
-sudo_ldap_check_user_netgroup(LDAP *ld, LDAPMessage *entry, char *user)
+sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw)
{
struct berval **bv, **p;
char *val;
int ret = false;
- debug_decl(sudo_ldap_check_user_netgroup, SUDO_DEBUG_LDAP)
+ debug_decl(sudo_ldap_check_non_unix_group, SUDO_DEBUG_LDAP)
if (!entry)
debug_return_bool(ret);
/* walk through values */
for (p = bv; *p != NULL && !ret; p++) {
val = (*p)->bv_val;
- /* match any */
- if (netgr_matches(val, NULL, NULL, user))
- ret = true;
- DPRINTF(("ldap sudoUser netgroup '%s' ... %s", val,
- ret ? "MATCH!" : "not"), 2 + ((ret) ? 0 : 1));
+ if (*val == '+') {
+ if (netgr_matches(val, NULL, NULL, pw->pw_name))
+ ret = true;
+ DPRINTF2("ldap sudoUser netgroup '%s' ... %s", val,
+ ret ? "MATCH!" : "not");
+ } else {
+ if (group_plugin_query(pw->pw_name, val + 2, pw))
+ ret = true;
+ DPRINTF2("ldap sudoUser non-Unix group '%s' ... %s", val,
+ ret ? "MATCH!" : "not");
+ }
}
ldap_value_free_len(bv); /* cleanup */
netgr_matches(val, user_host, user_shost, NULL) ||
hostname_matches(user_shost, user_host, val))
ret = true;
- DPRINTF(("ldap sudoHost '%s' ... %s", val,
- ret ? "MATCH!" : "not"), 2);
+ DPRINTF2("ldap sudoHost '%s' ... %s", val, ret ? "MATCH!" : "not");
}
ldap_value_free_len(bv); /* cleanup */
}
/* FALLTHROUGH */
default:
- if (strcasecmp(val, runas_pw->pw_name) == 0)
+ if (userpw_matches(val, runas_pw->pw_name, runas_pw))
ret = true;
break;
}
- DPRINTF(("ldap sudoRunAsUser '%s' ... %s", val,
- ret ? "MATCH!" : "not"), 2);
+ DPRINTF2("ldap sudoRunAsUser '%s' ... %s", val, ret ? "MATCH!" : "not");
}
ldap_value_free_len(bv); /* cleanup */
val = (*p)->bv_val;
if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr))
ret = true;
- DPRINTF(("ldap sudoRunAsGroup '%s' ... %s", val,
- ret ? "MATCH!" : "not"), 2);
+ DPRINTF2("ldap sudoRunAsGroup '%s' ... %s",
+ val, ret ? "MATCH!" : "not");
}
ldap_value_free_len(bv); /* cleanup */
debug_return_bool(ret);
}
+static struct sudo_digest *
+sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest)
+{
+ char *ep, *cp = *cmnd;
+ int digest_type = SUDO_DIGEST_INVALID;
+ debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP)
+
+ /*
+ * Check for and extract a digest prefix, e.g.
+ * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls
+ */
+ if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') {
+ switch (cp[3]) {
+ case '2':
+ if (cp[4] == '2' && cp[5] == '4')
+ digest_type = SUDO_DIGEST_SHA224;
+ else if (cp[4] == '5' && cp[5] == '6')
+ digest_type = SUDO_DIGEST_SHA256;
+ break;
+ case '3':
+ if (cp[4] == '8' && cp[5] == '4')
+ digest_type = SUDO_DIGEST_SHA384;
+ break;
+ case '5':
+ if (cp[4] == '1' && cp[5] == '2')
+ digest_type = SUDO_DIGEST_SHA512;
+ break;
+ }
+ if (digest_type != SUDO_DIGEST_INVALID) {
+ cp += 6;
+ while (isblank((unsigned char)*cp))
+ cp++;
+ if (*cp == ':') {
+ cp++;
+ while (isblank((unsigned char)*cp))
+ cp++;
+ ep = cp;
+ while (*ep != '\0' && !isblank((unsigned char)*ep))
+ ep++;
+ if (*ep != '\0') {
+ digest->digest_type = digest_type;
+ digest->digest_str = estrndup(cp, (size_t)(ep - cp));
+ cp = ep + 1;
+ while (isblank((unsigned char)*cp))
+ cp++;
+ *cmnd = cp;
+ DPRINTF1("%s digest %s for %s",
+ digest_type == SUDO_DIGEST_SHA224 ? "sha224" :
+ digest_type == SUDO_DIGEST_SHA256 ? "sha256" :
+ digest_type == SUDO_DIGEST_SHA384 ? "sha384" :
+ "sha512", digest->digest_str, cp);
+ debug_return_ptr(digest);
+ }
+ }
+ }
+ }
+ debug_return_ptr(NULL);
+}
+
/*
* Walk through search results and return true if we have a command match,
* false if disallowed and UNSPEC if not matched.
static int
sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied)
{
+ struct sudo_digest digest, *allowed_digest = NULL;
struct berval **bv, **p;
char *allowed_cmnd, *allowed_args, *val;
bool foundbang;
ret = true;
if (setenv_implied != NULL)
*setenv_implied = true;
- DPRINTF(("ldap sudoCommand '%s' ... MATCH!", val), 2);
+ DPRINTF2("ldap sudoCommand '%s' ... MATCH!", val);
continue;
}
+ /* check for sha-2 digest */
+ allowed_digest = sudo_ldap_extract_digest(&val, &digest);
+
/* check for !command */
if (*val == '!') {
foundbang = true;
*allowed_args++ = '\0';
/* check the command like normal */
- if (command_matches(allowed_cmnd, allowed_args)) {
+ if (command_matches(allowed_cmnd, allowed_args, allowed_digest)) {
/*
* If allowed (no bang) set ret but keep on checking.
* If disallowed (bang), exit loop.
*/
ret = foundbang ? false : true;
}
- DPRINTF(("ldap sudoCommand '%s' ... %s", val,
- ret == true ? "MATCH!" : "not"), 2);
+ DPRINTF2("ldap sudoCommand '%s' ... %s",
+ val, ret == true ? "MATCH!" : "not");
efree(allowed_cmnd); /* cleanup */
+ if (allowed_digest != NULL)
+ efree(allowed_digest->digest_str);
}
ldap_value_free_len(bv); /* more cleanup */
/* walk through options */
for (p = bv; *p != NULL; p++) {
var = (*p)->bv_val;;
- DPRINTF(("ldap sudoOption: '%s'", var), 2);
+ DPRINTF2("ldap sudoOption: '%s'", var);
if ((ch = *var) == '!')
var++;
/* walk through options */
for (p = bv; *p != NULL; p++) {
var = estrdup((*p)->bv_val);
- DPRINTF(("ldap sudoOption: '%s'", var), 2);
+ DPRINTF2("ldap sudoOption: '%s'", var);
/* check for equals sign past first char */
val = strchr(var, '=');
/* Add ALL to list and end the global OR */
if (strlcat(buf, "(sudoUser=ALL)", sz) >= sz)
- errorx(1, _("sudo_ldap_build_pass1 allocation mismatch"));
+ fatalx(_("sudo_ldap_build_pass1 allocation mismatch"));
/* Add the time restriction, or simply end the global OR. */
if (ldap_conf.timed) {
}
/*
- * Builds up a filter to check against netgroup entries in LDAP.
+ * Builds up a filter to check against non-Unix group
+ * entries in LDAP, including netgroups.
*/
static char *
sudo_ldap_build_pass2(void)
sudo_ldap_timefilter(timebuffer, sizeof(timebuffer));
/*
- * Match all sudoUsers beginning with a '+'.
+ * Match all sudoUsers beginning with '+' or '%:'.
* If a search filter or time restriction is specified,
* those get ANDed in to the expression.
*/
- easprintf(&filt, "%s%s(sudoUser=+*)%s%s",
- (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "",
- ldap_conf.search_filter ? ldap_conf.search_filter : "",
- ldap_conf.timed ? timebuffer : "",
- (ldap_conf.timed || ldap_conf.search_filter) ? ")" : "");
+ if (def_group_plugin) {
+ easprintf(&filt, "%s%s(|(sudoUser=+*)(sudoUser=%%:*))%s%s",
+ (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "",
+ ldap_conf.search_filter ? ldap_conf.search_filter : "",
+ ldap_conf.timed ? timebuffer : "",
+ (ldap_conf.timed || ldap_conf.search_filter) ? ")" : "");
+ } else {
+ easprintf(&filt, "%s%s(sudoUser=+*)%s%s",
+ (ldap_conf.timed || ldap_conf.search_filter) ? "(&" : "",
+ ldap_conf.search_filter ? ldap_conf.search_filter : "",
+ ldap_conf.timed ? timebuffer : "",
+ (ldap_conf.timed || ldap_conf.search_filter) ? ")" : "");
+ }
debug_return_str(filt);
}
char buf[LINE_MAX], *cp;
debug_decl(sudo_ldap_read_secret, SUDO_DEBUG_LDAP)
- if ((fp = fopen(_PATH_LDAP_SECRET, "r")) != NULL) {
+ if ((fp = fopen(path_ldap_secret, "r")) != NULL) {
if (fgets(buf, sizeof(buf), fp) != NULL) {
if ((cp = strchr(buf, '\n')) != NULL)
*cp = '\0';
sudo_ldap_read_config(void)
{
FILE *fp;
- char *cp, *keyword, *value;
+ char *cp, *keyword, *value, *line = NULL;
+ size_t linesize = 0;
debug_decl(sudo_ldap_read_config, SUDO_DEBUG_LDAP)
/* defaults */
ldap_conf.rootuse_sasl = -1;
ldap_conf.deref = -1;
- if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL)
+ if ((fp = fopen(path_ldap_conf, "r")) == NULL)
debug_return_bool(false);
- while ((cp = sudo_parseln(fp)) != NULL) {
- if (*cp == '\0')
+ while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
+ if (*line == '\0')
continue; /* skip empty line */
/* split into keyword and value */
- keyword = cp;
+ keyword = cp = line;
while (*cp && !isblank((unsigned char) *cp))
cp++;
if (*cp)
if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))
sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);
}
+ free(line);
fclose(fp);
if (!ldap_conf.host)
ldap_conf.host = estrdup("localhost");
- if (ldap_conf.debug > 1) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "LDAP Config Summary\n");
- sudo_printf(SUDO_CONV_ERROR_MSG, "===================\n");
- if (ldap_conf.uri) {
- struct ldap_config_list_str *uri = ldap_conf.uri;
+ DPRINTF1("LDAP Config Summary");
+ DPRINTF1("===================");
+ if (ldap_conf.uri) {
+ struct ldap_config_list_str *uri = ldap_conf.uri;
- do {
- sudo_printf(SUDO_CONV_ERROR_MSG, "uri %s\n",
- uri->val);
- } while ((uri = uri->next) != NULL);
- } else {
- sudo_printf(SUDO_CONV_ERROR_MSG, "host %s\n",
- ldap_conf.host ? ldap_conf.host : "(NONE)");
- sudo_printf(SUDO_CONV_ERROR_MSG, "port %d\n",
- ldap_conf.port);
- }
- sudo_printf(SUDO_CONV_ERROR_MSG, "ldap_version %d\n",
- ldap_conf.version);
-
- if (ldap_conf.base) {
- struct ldap_config_list_str *base = ldap_conf.base;
- do {
- sudo_printf(SUDO_CONV_ERROR_MSG, "sudoers_base %s\n",
- base->val);
- } while ((base = base->next) != NULL);
- } else {
- sudo_printf(SUDO_CONV_ERROR_MSG, "sudoers_base %s\n",
- "(NONE: LDAP disabled)");
- }
- if (ldap_conf.search_filter) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "search_filter %s\n",
- ldap_conf.search_filter);
- }
- sudo_printf(SUDO_CONV_ERROR_MSG, "binddn %s\n",
- ldap_conf.binddn ? ldap_conf.binddn : "(anonymous)");
- sudo_printf(SUDO_CONV_ERROR_MSG, "bindpw %s\n",
- ldap_conf.bindpw ? ldap_conf.bindpw : "(anonymous)");
- if (ldap_conf.bind_timelimit > 0) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "bind_timelimit %d\n",
- ldap_conf.bind_timelimit);
- }
- if (ldap_conf.timelimit > 0) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "timelimit %d\n",
- ldap_conf.timelimit);
- }
- if (ldap_conf.deref != -1) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "deref %d\n",
- ldap_conf.deref);
- }
- sudo_printf(SUDO_CONV_ERROR_MSG, "ssl %s\n",
- ldap_conf.ssl ? ldap_conf.ssl : "(no)");
- if (ldap_conf.tls_checkpeer != -1) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_checkpeer %s\n",
- ldap_conf.tls_checkpeer ? "(yes)" : "(no)");
- }
- if (ldap_conf.tls_cacertfile != NULL) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_cacertfile %s\n",
- ldap_conf.tls_cacertfile);
- }
- if (ldap_conf.tls_cacertdir != NULL) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_cacertdir %s\n",
- ldap_conf.tls_cacertdir);
- }
- if (ldap_conf.tls_random_file != NULL) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_random_file %s\n",
- ldap_conf.tls_random_file);
- }
- if (ldap_conf.tls_cipher_suite != NULL) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_cipher_suite %s\n",
- ldap_conf.tls_cipher_suite);
- }
- if (ldap_conf.tls_certfile != NULL) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_certfile %s\n",
- ldap_conf.tls_certfile);
- }
- if (ldap_conf.tls_keyfile != NULL) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "tls_keyfile %s\n",
- ldap_conf.tls_keyfile);
- }
+ do {
+ DPRINTF1("uri %s", uri->val);
+ } while ((uri = uri->next) != NULL);
+ } else {
+ DPRINTF1("host %s",
+ ldap_conf.host ? ldap_conf.host : "(NONE)");
+ DPRINTF1("port %d", ldap_conf.port);
+ }
+ DPRINTF1("ldap_version %d", ldap_conf.version);
+
+ if (ldap_conf.base) {
+ struct ldap_config_list_str *base = ldap_conf.base;
+ do {
+ DPRINTF1("sudoers_base %s", base->val);
+ } while ((base = base->next) != NULL);
+ } else {
+ DPRINTF1("sudoers_base %s", "(NONE: LDAP disabled)");
+ }
+ if (ldap_conf.search_filter) {
+ DPRINTF1("search_filter %s", ldap_conf.search_filter);
+ }
+ DPRINTF1("binddn %s",
+ ldap_conf.binddn ? ldap_conf.binddn : "(anonymous)");
+ DPRINTF1("bindpw %s",
+ ldap_conf.bindpw ? ldap_conf.bindpw : "(anonymous)");
+ if (ldap_conf.bind_timelimit > 0) {
+ DPRINTF1("bind_timelimit %d", ldap_conf.bind_timelimit);
+ }
+ if (ldap_conf.timelimit > 0) {
+ DPRINTF1("timelimit %d", ldap_conf.timelimit);
+ }
+ if (ldap_conf.deref != -1) {
+ DPRINTF1("deref %d", ldap_conf.deref);
+ }
+ DPRINTF1("ssl %s", ldap_conf.ssl ? ldap_conf.ssl : "(no)");
+ if (ldap_conf.tls_checkpeer != -1) {
+ DPRINTF1("tls_checkpeer %s",
+ ldap_conf.tls_checkpeer ? "(yes)" : "(no)");
+ }
+ if (ldap_conf.tls_cacertfile != NULL) {
+ DPRINTF1("tls_cacertfile %s", ldap_conf.tls_cacertfile);
+ }
+ if (ldap_conf.tls_cacertdir != NULL) {
+ DPRINTF1("tls_cacertdir %s", ldap_conf.tls_cacertdir);
+ }
+ if (ldap_conf.tls_random_file != NULL) {
+ DPRINTF1("tls_random_file %s", ldap_conf.tls_random_file);
+ }
+ if (ldap_conf.tls_cipher_suite != NULL) {
+ DPRINTF1("tls_cipher_suite %s", ldap_conf.tls_cipher_suite);
+ }
+ if (ldap_conf.tls_certfile != NULL) {
+ DPRINTF1("tls_certfile %s", ldap_conf.tls_certfile);
+ }
+ if (ldap_conf.tls_keyfile != NULL) {
+ DPRINTF1("tls_keyfile %s", ldap_conf.tls_keyfile);
+ }
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
- if (ldap_conf.use_sasl != -1) {
- sudo_printf(SUDO_CONV_ERROR_MSG, "use_sasl %s\n",
- ldap_conf.use_sasl ? "yes" : "no");
- sudo_printf(SUDO_CONV_ERROR_MSG, "sasl_auth_id %s\n",
- ldap_conf.sasl_auth_id ? ldap_conf.sasl_auth_id : "(NONE)");
- sudo_printf(SUDO_CONV_ERROR_MSG, "rootuse_sasl %d\n",
- ldap_conf.rootuse_sasl);
- sudo_printf(SUDO_CONV_ERROR_MSG, "rootsasl_auth_id %s\n",
- ldap_conf.rootsasl_auth_id ? ldap_conf.rootsasl_auth_id : "(NONE)");
- sudo_printf(SUDO_CONV_ERROR_MSG, "sasl_secprops %s\n",
- ldap_conf.sasl_secprops ? ldap_conf.sasl_secprops : "(NONE)");
- sudo_printf(SUDO_CONV_ERROR_MSG, "krb5_ccname %s\n",
- ldap_conf.krb5_ccname ? ldap_conf.krb5_ccname : "(NONE)");
- }
-#endif
- sudo_printf(SUDO_CONV_ERROR_MSG, "===================\n");
+ if (ldap_conf.use_sasl != -1) {
+ DPRINTF1("use_sasl %s", ldap_conf.use_sasl ? "yes" : "no");
+ DPRINTF1("sasl_auth_id %s",
+ ldap_conf.sasl_auth_id ? ldap_conf.sasl_auth_id : "(NONE)");
+ DPRINTF1("rootuse_sasl %d",
+ ldap_conf.rootuse_sasl);
+ DPRINTF1("rootsasl_auth_id %s",
+ ldap_conf.rootsasl_auth_id ? ldap_conf.rootsasl_auth_id : "(NONE)");
+ DPRINTF1("sasl_secprops %s",
+ ldap_conf.sasl_secprops ? ldap_conf.sasl_secprops : "(NONE)");
+ DPRINTF1("krb5_ccname %s",
+ ldap_conf.krb5_ccname ? ldap_conf.krb5_ccname : "(NONE)");
}
+#endif
+ DPRINTF1("===================");
+
if (!ldap_conf.base)
debug_return_bool(false); /* if no base is defined, ignore LDAP */
/* If rootbinddn set, read in /etc/ldap.secret if it exists. */
if (ldap_conf.rootbinddn)
- sudo_ldap_read_secret(_PATH_LDAP_SECRET);
+ sudo_ldap_read_secret(path_ldap_secret);
#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
/*
value = ldap_conf.krb5_ccname +
(ldap_conf.krb5_ccname[4] == ':' ? 5 : 7);
if ((fp = fopen(value, "r")) != NULL) {
- DPRINTF(("using krb5 credential cache: %s", value), 1);
+ sudo_debug_printf(SUDO_DEBUG_INFO,
+ "using krb5 credential cache: %s", value);
fclose(fp);
} else {
/* Can't open it, just ignore the entry. */
- DPRINTF(("unable to open krb5 credential cache: %s", value), 1);
+ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
+ "unable to open krb5 credential cache: %s", value);
efree(ldap_conf.krb5_ccname);
ldap_conf.krb5_ccname = NULL;
}
goto done;
ld = handle->ld;
- DPRINTF(("ldap search for command list"), 1);
+ DPRINTF1("ldap search for command list");
lres = sudo_ldap_result_get(nss, pw);
/* Display all matching entries. */
* The sudo_ldap_result_get() function returns all nodes that match
* the user and the host.
*/
- DPRINTF(("ldap search for command list"), 1);
+ DPRINTF1("ldap search for command list");
lres = sudo_ldap_result_get(nss, pw);
for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry;
case CONF_INT:
ival = *(int *)(cur->valp);
if (ival >= 0) {
- DPRINTF(("ldap_set_option: %s -> %d", cur->conf_str, ival), 1);
+ DPRINTF1("ldap_set_option: %s -> %d", cur->conf_str, ival);
rc = ldap_set_option(ld, cur->opt_val, &ival);
if (rc != LDAP_OPT_SUCCESS) {
warningx("ldap_set_option: %s -> %d: %s",
case CONF_STR:
sval = *(char **)(cur->valp);
if (sval != NULL) {
- DPRINTF(("ldap_set_option: %s -> %s", cur->conf_str, sval), 1);
+ DPRINTF1("ldap_set_option: %s -> %s", cur->conf_str, sval);
rc = ldap_set_option(ld, cur->opt_val, sval);
if (rc != LDAP_OPT_SUCCESS) {
warningx("ldap_set_option: %s -> %s: %s",
struct timeval tv;
tv.tv_sec = ldap_conf.timeout;
tv.tv_usec = 0;
- DPRINTF(("ldap_set_option(LDAP_OPT_TIMEOUT, %ld)",
- (long)tv.tv_sec), 1);
+ DPRINTF1("ldap_set_option(LDAP_OPT_TIMEOUT, %d)", ldap_conf.timeout);
rc = ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv);
if (rc != LDAP_OPT_SUCCESS) {
- warningx("ldap_set_option(TIMEOUT, %ld): %s",
- (long)tv.tv_sec, ldap_err2string(rc));
+ warningx("ldap_set_option(TIMEOUT, %d): %s",
+ ldap_conf.timeout, ldap_err2string(rc));
}
}
#endif
struct timeval tv;
tv.tv_sec = ldap_conf.bind_timelimit / 1000;
tv.tv_usec = 0;
- DPRINTF(("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %ld)",
- (long)tv.tv_sec), 1);
+ DPRINTF1("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %d)",
+ ldap_conf.bind_timelimit / 1000);
rc = ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
# if !defined(LDAP_OPT_CONNECT_TIMEOUT) || LDAP_VENDOR_VERSION != 510
/* Tivoli Directory Server 6.3 libs always return a (bogus) error. */
if (rc != LDAP_OPT_SUCCESS) {
- warningx("ldap_set_option(NETWORK_TIMEOUT, %ld): %s",
- (long)tv.tv_sec, ldap_err2string(rc));
+ warningx("ldap_set_option(NETWORK_TIMEOUT, %d): %s",
+ ldap_conf.bind_timelimit / 1000, ldap_err2string(rc));
}
# endif
}
#if defined(LDAP_OPT_X_TLS) && !defined(HAVE_LDAPSSL_INIT)
if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
int val = LDAP_OPT_X_TLS_HARD;
- DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"), 1);
+ DPRINTF1("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)");
rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &val);
if (rc != LDAP_SUCCESS) {
warningx("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD): %s",
if (gss_krb5_ccache_name(&status, ldap_conf.krb5_ccname, &old_ccname)
!= GSS_S_COMPLETE) {
old_ccname = NULL;
- DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1);
+ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
+ "gss_krb5_ccache_name() failed: %d", status);
}
# else
sudo_setenv("KRB5CCNAME", ldap_conf.krb5_ccname, true);
if (ldap_conf.krb5_ccname != NULL) {
# ifdef HAVE_GSS_KRB5_CCACHE_NAME
if (gss_krb5_ccache_name(&status, old_ccname, NULL) != GSS_S_COMPLETE)
- DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1);
+ sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
+ "gss_krb5_ccache_name() failed: %d", status);
# else
if (old_ccname != NULL)
sudo_setenv("KRB5CCNAME", old_ccname, true);
ldap_err2string(rc));
debug_return_int(-1);
}
- DPRINTF(("ldap_sasl_interactive_bind_s() ok"), 1);
+ DPRINTF1("ldap_sasl_interactive_bind_s() ok");
} else
#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
#ifdef HAVE_LDAP_SASL_BIND_S
warningx("ldap_sasl_bind_s(): %s", ldap_err2string(rc));
debug_return_int(-1);
}
- DPRINTF(("ldap_sasl_bind_s() ok"), 1);
+ DPRINTF1("ldap_sasl_bind_s() ok");
}
#else
{
warningx("ldap_simple_bind_s(): %s", ldap_err2string(rc));
debug_return_int(-1);
}
- DPRINTF(("ldap_simple_bind_s() ok"), 1);
+ DPRINTF1("ldap_simple_bind_s() ok");
}
#endif
debug_return_int(0);
#ifdef HAVE_LDAP_INITIALIZE
if (ldap_conf.uri != NULL) {
char *buf = sudo_ldap_join_uri(ldap_conf.uri);
- DPRINTF(("ldap_initialize(ld, %s)", buf), 2);
+ DPRINTF2("ldap_initialize(ld, %s)", buf);
rc = ldap_initialize(&ld, buf);
efree(buf);
if (rc != LDAP_SUCCESS)
warningx("ldap_start_tls_s(): %s", ldap_err2string(rc));
debug_return_int(-1);
}
- DPRINTF(("ldap_start_tls_s() ok"), 1);
+ DPRINTF1("ldap_start_tls_s() ok");
#elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP)
if (ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw, 0, &rc) != LDAP_SUCCESS) {
warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc));
warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc));
debug_return_int(-1);
}
- DPRINTF(("ldap_start_tls_s_np() ok"), 1);
+ DPRINTF1("ldap_start_tls_s_np() ok");
#else
warningx(_("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"));
#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
ld = handle->ld;
filt = sudo_ldap_build_default_filter();
- DPRINTF(("Looking for cn=defaults: %s", filt), 1);
+ DPRINTF1("Looking for cn=defaults: %s", filt);
for (base = ldap_conf.base; base != NULL; base = base->next) {
if (ldap_conf.timeout > 0) {
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
filt, NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
- DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1);
+ DPRINTF1("found:%s", ldap_get_dn(ld, entry));
sudo_ldap_parse_options(ld, entry);
- } else
- DPRINTF(("no default options found in %s", base->val), 1);
-
+ } else {
+ DPRINTF1("no default options found in %s", base->val);
+ }
if (result)
ldap_msgfree(result);
}
enum def_tuple pwcheck =
(pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
- DPRINTF(("perform search for pwflag %d", pwflag), 1);
+ DPRINTF1("perform search for pwflag %d", pwflag);
for (i = 0; i < lres->nentries; i++) {
entry = lres->entries[i].entry;
if ((pwcheck == any && doauth != false) ||
goto done;
}
- DPRINTF(("searching LDAP for sudoers entries"), 1);
+ DPRINTF1("searching LDAP for sudoers entries");
setenv_implied = false;
for (i = 0; i < lres->nentries; i++) {
rc = sudo_ldap_check_command(ld, entry, &setenv_implied);
if (rc != UNSPEC) {
/* We have a match. */
- DPRINTF(("Command %sallowed", rc == true ? "" : "NOT "), 1);
+ DPRINTF1("Command %sallowed", rc == true ? "" : "NOT ");
if (rc == true) {
- DPRINTF(("LDAP entry: %p", entry), 1);
+ DPRINTF1("LDAP entry: %p", entry);
/* Apply entry-specific options. */
if (setenv_implied)
def_setenv = true;
}
done:
- DPRINTF(("done with LDAP searches"), 1);
- DPRINTF(("user_matches=%d", lres->user_matches), 1);
- DPRINTF(("host_matches=%d", lres->host_matches), 1);
+ DPRINTF1("done with LDAP searches");
+ DPRINTF1("user_matches=%d", lres->user_matches);
+ DPRINTF1("host_matches=%d", lres->host_matches);
if (!ISSET(ret, VALIDATE_OK)) {
/* No matching entries. */
CLR(ret, FLAG_NO_USER);
if (lres->host_matches)
CLR(ret, FLAG_NO_HOST);
- DPRINTF(("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret), 1);
+ DPRINTF1("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret);
debug_return_int(ret);
}
if (bv != NULL) {
if (ldap_count_values_len(bv) > 0) {
/* Get the value of this attribute, 0 if not present. */
- DPRINTF(("order attribute raw: %s", (*bv)->bv_val), 1);
+ DPRINTF2("order attribute raw: %s", (*bv)->bv_val);
order = strtod((*bv)->bv_val, &ep);
if (ep == (*bv)->bv_val || *ep != '\0') {
warningx(_("invalid sudoOrder attribute: %s"), (*bv)->bv_val);
order = 0.0;
}
- DPRINTF(("order attribute: %f", order), 1);
+ DPRINTF2("order attribute: %f", order);
}
ldap_value_free_len(bv);
}
debug_decl(sudo_ldap_result_free_nss, SUDO_DEBUG_LDAP)
if (handle->result != NULL) {
- DPRINTF(("removing reusable search result"), 1);
+ DPRINTF1("removing reusable search result");
sudo_ldap_result_free(handle->result);
if (handle->username) {
efree(handle->username);
struct timeval tv, *tvp = NULL;
LDAPMessage *entry, *result;
LDAP *ld = handle->ld;
- int do_netgr, rc;
+ int pass, rc;
char *filt;
debug_decl(sudo_ldap_result_get, SUDO_DEBUG_LDAP)
if (handle->result) {
if (handle->grlist == user_group_list &&
strcmp(pw->pw_name, handle->username) == 0) {
- DPRINTF(("reusing previous result (user %s) with %d entries",
- handle->username, handle->result->nentries), 1);
+ DPRINTF1("reusing previous result (user %s) with %d entries",
+ handle->username, handle->result->nentries);
debug_return_ptr(handle->result);
}
/* User mismatch, cached result cannot be used. */
- DPRINTF(("removing result (user %s), new search (user %s)",
- handle->username, pw->pw_name), 1);
+ DPRINTF1("removing result (user %s), new search (user %s)",
+ handle->username, pw->pw_name);
sudo_ldap_result_free_nss(nss);
}
* sudoUser in this pass since the LDAP server already scanned
* it for us.
*
- * The second pass will return all the entries that contain
- * user netgroups. Then we take the netgroups returned and
- * try to match them against the username.
+ * The second pass will return all the entries that contain non-
+ * Unix groups, including netgroups. Then we take the non-Unix
+ * groups returned and try to match them against the username.
*
* Since we have to sort the possible entries before we make a
* decision, we perform the queries and store all of the results in
* an ldap_result object. The results are then sorted by sudoOrder.
*/
lres = sudo_ldap_result_alloc();
- for (do_netgr = 0; do_netgr < 2; do_netgr++) {
- filt = do_netgr ? sudo_ldap_build_pass2() : sudo_ldap_build_pass1(pw);
- DPRINTF(("ldap search '%s'", filt), 1);
+ for (pass = 0; pass < 2; pass++) {
+ filt = pass ? sudo_ldap_build_pass2() : sudo_ldap_build_pass1(pw);
+ DPRINTF1("ldap search '%s'", filt);
for (base = ldap_conf.base; base != NULL; base = base->next) {
- DPRINTF(("searching from base '%s'", base->val), 1);
+ DPRINTF1("searching from base '%s'",
+ base->val);
if (ldap_conf.timeout > 0) {
tv.tv_sec = ldap_conf.timeout;
tv.tv_usec = 0;
rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
NULL, 0, NULL, NULL, tvp, 0, &result);
if (rc != LDAP_SUCCESS) {
- DPRINTF(("nothing found for '%s'", filt), 1);
+ DPRINTF1("nothing found for '%s'", filt);
continue;
}
lres->user_matches = true;
/* Add the seach result to list of search results. */
- DPRINTF(("adding search result"), 1);
+ DPRINTF1("adding search result");
sudo_ldap_result_add_search(lres, ld, result);
LDAP_FOREACH(entry, ld, result) {
- if ((!do_netgr ||
- sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+ if ((!pass ||
+ sudo_ldap_check_non_unix_group(ld, entry, pw)) &&
sudo_ldap_check_host(ld, entry)) {
lres->host_matches = true;
sudo_ldap_result_add_entry(lres, entry);
}
}
- DPRINTF(("result now has %d entries", lres->nentries), 1);
+ DPRINTF1("result now has %d entries", lres->nentries);
}
efree(filt);
}
/* Sort the entries by the sudoOrder attribute. */
- DPRINTF(("sorting remaining %d entries", lres->nentries), 1);
+ DPRINTF1("sorting remaining %d entries", lres->nentries);
qsort(lres->entries, lres->nentries, sizeof(lres->entries[0]),
ldap_entry_compare);
LDAP_FOREACH(entry, last->ldap, last->searchresult) {
sudo_ldap_result_add_entry(result, entry);
}
- DPRINTF(("sudo_ldap_result_from_search: %d entries found",
- result->nentries), 2);
+ DPRINTF1("sudo_ldap_result_from_search: %d entries found", result->nentries);
return result;
}
#endif
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
if (au_fd == -1) {
/* Kernel may not have audit support. */
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
- error(1, _("unable to open audit system"));
+ fatal(_("unable to open audit system"));
} else {
(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
}
for (av = argv; *av != NULL; av++) {
n = strlcpy(cp, *av, size - (cp - command));
if (n >= size - (cp - command)) {
- errorx(1, _("internal error, %s overflow"),
+ fatalx(_("internal error, %s overflow"),
"linux_audit_command()");
}
cp += n;
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_LINUX_AUDIT_H
-#define _SUDO_LINUX_AUDIT_H
+#ifndef _SUDOERS_LINUX_AUDIT_H
+#define _SUDOERS_LINUX_AUDIT_H
int linux_audit_command(char *argv[], int result);
-#endif /* _SUDO_LINUX_AUDIT_H */
+#endif /* _SUDOERS_LINUX_AUDIT_H */
--- /dev/null
+/*
+ * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# include "compat/stdbool.h"
+#endif /* HAVE_STDBOOL_H */
+
+#include "missing.h"
+#include "error.h"
+#include "alloc.h"
+#include "logging.h"
+#include "gettext.h"
+
+static int current_locale = SUDOERS_LOCALE_USER;
+static char *user_locale;
+static char *sudoers_locale;
+
+int
+sudoers_getlocale(void)
+{
+ return current_locale;
+}
+
+void
+sudoers_initlocale(const char *ulocale, const char *slocale)
+{
+ if (ulocale != NULL) {
+ efree(user_locale);
+ user_locale = estrdup(ulocale);
+ }
+ if (slocale != NULL) {
+ efree(sudoers_locale);
+ sudoers_locale = estrdup(slocale);
+ }
+}
+
+/*
+ * Set locale to user or sudoers value.
+ * Returns true on success and false on failure,
+ * If prevlocale is non-NULL it will be filled in with the
+ * old SUDOERS_LOCALE_* value.
+ */
+bool
+sudoers_setlocale(int newlocale, int *prevlocale)
+{
+ char *res = NULL;
+
+ switch (newlocale) {
+ case SUDOERS_LOCALE_USER:
+ if (prevlocale)
+ *prevlocale = current_locale;
+ if (current_locale != SUDOERS_LOCALE_USER) {
+ current_locale = SUDOERS_LOCALE_USER;
+ res = setlocale(LC_ALL, user_locale ? user_locale : "");
+ if (res != NULL && user_locale == NULL)
+ user_locale = estrdup(setlocale(LC_ALL, NULL));
+ }
+ break;
+ case SUDOERS_LOCALE_SUDOERS:
+ if (prevlocale)
+ *prevlocale = current_locale;
+ if (current_locale != SUDOERS_LOCALE_SUDOERS) {
+ current_locale = SUDOERS_LOCALE_SUDOERS;
+ res = setlocale(LC_ALL, sudoers_locale ? sudoers_locale : "C");
+ if (res == NULL && sudoers_locale != NULL) {
+ if (strcmp(sudoers_locale, "C") != 0) {
+ efree(sudoers_locale);
+ sudoers_locale = estrdup("C");
+ res = setlocale(LC_ALL, "C");
+ }
+ }
+ }
+ break;
+ }
+ return res ? true : false;
+}
+
+static int warning_locale;
+
+void
+warning_set_locale(void)
+{
+ sudoers_setlocale(SUDOERS_LOCALE_USER, &warning_locale);
+}
+
+void
+warning_restore_locale(void)
+{
+ sudoers_setlocale(warning_locale, NULL);
+}
/*
- * Copyright (c) 1994-1996, 1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996, 1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/wait.h>
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif /* HAVE_SETLOCALE */
#ifdef HAVE_NL_LANGINFO
# include <langinfo.h>
#endif /* HAVE_NL_LANGINFO */
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
-#include <setjmp.h>
#include "sudoers.h"
+#ifndef va_copy
+# define va_copy(d, s) memcpy(&(d), &(s), sizeof(d));
+#endif
+
+/* Special message for log_warning() so we know to use ngettext() */
+#define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01)
+
static void do_syslog(int, char *);
static void do_logfile(char *);
static void send_mail(const char *fmt, ...);
static void mysyslog(int, const char *, ...);
static char *new_logline(const char *, int);
-extern sigjmp_buf error_jmp;
-
extern char **NewArgv; /* XXX - for auditing */
#define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */
debug_return;
}
-#define FMT_FIRST "%8s : %s"
-#define FMT_CONTD "%8s : (command continued) %s"
-
/*
* Log a message to syslog, pre-pending the username and splitting the
* message into parts if it is longer than MAXSYSLOGLEN.
size_t len, maxlen;
char *p, *tmp, save;
const char *fmt;
-#ifdef HAVE_SETLOCALE
- const char *old_locale = estrdup(setlocale(LC_ALL, NULL));
-#endif
+ int oldlocale;
debug_decl(do_syslog, SUDO_DEBUG_LOGGING)
-#ifdef HAVE_SETLOCALE
- if (!setlocale(LC_ALL, def_sudoers_locale))
- setlocale(LC_ALL, "C");
-#endif /* HAVE_SETLOCALE */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
/*
* Log the full line, breaking into multiple syslog(3) calls if necessary
*/
- fmt = _(FMT_FIRST);
+ fmt = _("%8s : %s");
maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name));
for (p = msg; *p != '\0'; ) {
len = strlen(p);
mysyslog(pri, fmt, user_name, p);
p += len;
}
- fmt = _(FMT_CONTD);
+ fmt = _("%8s : (command continued) %s");
maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name));
}
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, old_locale);
- efree((void *)old_locale);
-#endif /* HAVE_SETLOCALE */
+ sudoers_setlocale(oldlocale, NULL);
debug_return;
}
size_t len;
mode_t oldmask;
time_t now;
+ int oldlocale;
FILE *fp;
debug_decl(do_logfile, SUDO_DEBUG_LOGGING)
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+
oldmask = umask(077);
fp = fopen(def_logfile, "a");
(void) umask(oldmask);
send_mail(_("unable to lock log file: %s: %s"),
def_logfile, strerror(errno));
} else {
-#ifdef HAVE_SETLOCALE
- const char *old_locale = estrdup(setlocale(LC_ALL, NULL));
- if (!setlocale(LC_ALL, def_sudoers_locale))
- setlocale(LC_ALL, "C");
-#endif /* HAVE_SETLOCALE */
-
- now = time(NULL);
+ time(&now);
if (def_loglinelen < sizeof(LOG_INDENT)) {
/* Don't pretty-print long log file lines (hard to grep) */
if (def_log_host)
(void) fflush(fp);
(void) lock_file(fileno(fp), SUDO_UNLOCK);
(void) fclose(fp);
-
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, old_locale);
- efree((void *)old_locale);
-#endif /* HAVE_SETLOCALE */
}
+ sudoers_setlocale(oldlocale, NULL);
+
debug_return;
}
void
log_denial(int status, bool inform_user)
{
- char *logline, *message;
+ const char *message;
+ char *logline;
+ int oldlocale;
debug_decl(log_denial, SUDO_DEBUG_LOGGING)
- /* Handle auditing first. */
+ /* Handle auditing first (audit_failure() handles the locale itself). */
if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST))
- audit_failure(NewArgv, _("No user or host"));
+ audit_failure(NewArgv, N_("No user or host"));
else
- audit_failure(NewArgv, _("validation failure"));
+ audit_failure(NewArgv, N_("validation failure"));
+
+ /* Log and mail messages should be in the sudoers locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
/* Set error message. */
if (ISSET(status, FLAG_NO_USER))
logline = new_logline(message, 0);
+ /* Become root if we are not already. */
+ set_perms(PERM_ROOT|PERM_NOEXIT);
+
if (should_mail(status))
send_mail("%s", logline); /* send mail based on status */
- /* Inform the user if they failed to authenticate. */
+ /*
+ * Log via syslog and/or a file.
+ */
+ if (def_syslog)
+ do_syslog(def_syslog_badpri, logline);
+ if (def_logfile)
+ do_logfile(logline);
+
+ restore_perms();
+
+ efree(logline);
+
+ /* Restore locale. */
+ sudoers_setlocale(oldlocale, NULL);
+
+ /* Inform the user if they failed to authenticate (in their locale). */
if (inform_user) {
+ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
+
if (ISSET(status, FLAG_NO_USER)) {
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not in the sudoers "
"file. This incident will be reported.\n"), user_name);
runas_pw->pw_name : user_name, runas_gr ? ":" : "",
runas_gr ? runas_gr->gr_name : "", user_host);
}
+ sudoers_setlocale(oldlocale, NULL);
}
-
- /*
- * Log via syslog and/or a file.
- */
- if (def_syslog)
- do_syslog(def_syslog_badpri, logline);
- if (def_logfile)
- do_logfile(logline);
-
- efree(logline);
debug_return;
}
void
log_failure(int status, int flags)
{
- debug_decl(log_failure, SUDO_DEBUG_LOGGING)
bool inform_user = true;
+ debug_decl(log_failure, SUDO_DEBUG_LOGGING)
/* The user doesn't always get to see the log message (path info). */
if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info &&
debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING)
/* Handle auditing first. */
- audit_failure(NewArgv, _("authentication failure"));
+ audit_failure(NewArgv, N_("authentication failure"));
/*
* Do we need to send mail?
/*
* If sudoers denied the command we'll log that separately.
*/
- if (ISSET(status, FLAG_BAD_PASSWORD)) {
- log_error(flags, ngettext("%d incorrect password attempt",
- "%d incorrect password attempts", tries), tries);
- } else if (ISSET(status, FLAG_NON_INTERACTIVE)) {
- log_error(flags, _("a password is required"));
- }
+ if (ISSET(status, FLAG_BAD_PASSWORD))
+ log_warning(flags, INCORRECT_PASSWORD_ATTEMPT, tries);
+ else if (ISSET(status, FLAG_NON_INTERACTIVE))
+ log_warning(flags, N_("a password is required"));
debug_return;
}
log_allowed(int status)
{
char *logline;
+ int oldlocale;
debug_decl(log_allowed, SUDO_DEBUG_LOGGING)
+ /* Log and mail messages should be in the sudoers locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+
logline = new_logline(NULL, 0);
+ /* Become root if we are not already. */
+ set_perms(PERM_ROOT|PERM_NOEXIT);
+
if (should_mail(status))
send_mail("%s", logline); /* send mail based on status */
if (def_logfile)
do_logfile(logline);
+ restore_perms();
+
efree(logline);
+
+ sudoers_setlocale(oldlocale, NULL);
+
debug_return;
}
/*
- * Perform logging for log_error()/log_fatal()
+ * Perform logging for log_warning()/log_fatal()
*/
static void
-vlog_error(int flags, const char *fmt, va_list ap)
+vlog_warning(int flags, const char *fmt, va_list ap)
{
- int serrno = errno;
+ int oldlocale, serrno = errno;
char *logline, *message;
+ va_list ap2;
debug_decl(vlog_error, SUDO_DEBUG_LOGGING)
- /* Expand printf-style format + args. */
- evasprintf(&message, fmt, ap);
+ /* Need extra copy of ap for warning() below. */
+ if (!ISSET(flags, NO_STDERR))
+ va_copy(ap2, ap);
- /* Become root if we are not already to avoid user interference */
- set_perms(PERM_ROOT|PERM_NOEXIT);
+ /* Log messages should be in the sudoers locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
+
+ /* Expand printf-style format + args (with a special case). */
+ if (fmt == INCORRECT_PASSWORD_ATTEMPT) {
+ int tries = va_arg(ap, int);
+ easprintf(&message, ngettext("%d incorrect password attempt",
+ "%d incorrect password attempts", tries), tries);
+ } else {
+ evasprintf(&message, _(fmt), ap);
+ }
- if (ISSET(flags, MSG_ONLY))
+ if (ISSET(flags, MSG_ONLY)) {
logline = message;
- else
+ } else {
logline = new_logline(message, ISSET(flags, USE_ERRNO) ? serrno : 0);
-
- /*
- * Tell the user.
- */
- if (!ISSET(flags, NO_STDERR)) {
- if (ISSET(flags, USE_ERRNO))
- warning("%s", message);
- else
- warningx("%s", message);
- }
- if (logline != message)
efree(message);
+ }
+
+ /* Become root if we are not already. */
+ set_perms(PERM_ROOT|PERM_NOEXIT);
/*
* Send a copy of the error via mail.
do_logfile(logline);
}
+ restore_perms();
+
efree(logline);
- restore_perms();
+ sudoers_setlocale(oldlocale, NULL);
+
+ /*
+ * Tell the user (in their locale).
+ */
+ if (!ISSET(flags, NO_STDERR)) {
+ if (fmt == INCORRECT_PASSWORD_ATTEMPT) {
+ int tries = va_arg(ap2, int);
+ warningx(ngettext("%d incorrect password attempt",
+ "%d incorrect password attempts", tries), tries);
+ } else {
+ if (ISSET(flags, USE_ERRNO))
+ vwarning(fmt, ap2);
+ else
+ vwarningx(fmt, ap2);
+ }
+ va_end(ap2);
+ }
debug_return;
}
void
-log_error(int flags, const char *fmt, ...)
+log_warning(int flags, const char *fmt, ...)
{
va_list ap;
debug_decl(log_error, SUDO_DEBUG_LOGGING)
/* Log the error. */
va_start(ap, fmt);
- vlog_error(flags, fmt, ap);
+ vlog_warning(flags, fmt, ap);
va_end(ap);
debug_return;
/* Log the error. */
va_start(ap, fmt);
- vlog_error(flags, fmt, ap);
+ vlog_warning(flags, fmt, ap);
va_end(ap);
/* Exit the plugin. */
- plugin_cleanup(0);
+ sudoers_cleanup();
sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys);
- siglongjmp(error_jmp, 1);
+ fatal_longjmp(1);
}
#define MAX_MAILFLAGS 63
switch (pid = sudo_debug_fork()) {
case -1:
/* Error. */
- error(1, _("unable to fork"));
+ fatal(_("unable to fork"));
break;
case 0:
/* Child. */
(void) dup2(fd, STDERR_FILENO);
}
-#ifdef HAVE_SETLOCALE
- if (!setlocale(LC_ALL, def_sudoers_locale)) {
- setlocale(LC_ALL, "C");
- efree(def_sudoers_locale);
- def_sudoers_locale = estrdup("C");
- }
-#endif /* HAVE_SETLOCALE */
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, NULL);
/* Close password, group and other fds so we don't leak. */
sudo_endpwent();
/* Pipes are all setup, send message. */
(void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ",
def_mailto, def_mailfrom ? def_mailfrom : user_name, "auto-generated");
- for (p = def_mailsub; *p; p++) {
+ for (p = _(def_mailsub); *p; p++) {
/* Expand escapes in the subject */
if (*p == '%' && *(p+1) != '%') {
switch (*(++p)) {
static char *
new_logline(const char *message, int serrno)
{
+ char *line, *errstr = NULL, *evstr = NULL;
+#ifndef SUDOERS_NO_SEQ
+ char sessid[7];
+#endif
+ const char *tsid = NULL;
size_t len = 0;
- char *errstr = NULL;
- char *evstr = NULL;
- char *line, sessid[7], *tsid = NULL;
debug_decl(new_logline, SUDO_DEBUG_LOGGING)
+#ifndef SUDOERS_NO_SEQ
/* A TSID may be a sudoers-style session ID or a free-form string. */
if (sudo_user.iolog_file != NULL) {
if (IS_SESSID(sudo_user.iolog_file)) {
tsid = sudo_user.iolog_file;
}
}
+#endif
/*
* Compute line length
debug_return_str(line);
toobig:
- errorx(1, _("internal error: insufficient space for log line"));
+ fatalx(_("internal error: insufficient space for log line"));
}
/*
- * Copyright (c) 1999-2005, 2009-2010
+ * Copyright (c) 1999-2005, 2009-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _LOGGING_H
-#define _LOGGING_H
+#ifndef _SUDOERS_LOGGING_H
+#define _SUDOERS_LOGGING_H
#include <syslog.h>
#ifdef __STDC__
#define SLOG_FILE 0x02
#define SLOG_BOTH 0x03
-/* Flags for log_error()/log_fatal() */
+/*
+ * Values for sudoers_setlocale()
+ */
+#define SUDOERS_LOCALE_USER 0
+#define SUDOERS_LOCALE_SUDOERS 1
+
+/* Flags for log_warning()/log_fatal() */
#define MSG_ONLY 0x01
#define USE_ERRNO 0x02
#define NO_MAIL 0x04
*/
#define LOG_INDENT " "
+bool sudoers_setlocale(int newlocale, int *prevlocale);
+int sudoers_getlocale(void);
void audit_success(char *exec_args[]);
void audit_failure(char *exec_args[], char const *const fmt, ...);
void log_allowed(int status);
void log_auth_failure(int status, int tries);
void log_denial(int status, bool inform_user);
void log_failure(int status, int flags);
-void log_error(int flags, const char *fmt, ...) __printflike(2, 3);
+void log_warning(int flags, const char *fmt, ...) __printflike(2, 3);
void log_fatal(int flags, const char *fmt, ...) __printflike(2, 3) __attribute__((__noreturn__));
+void sudoers_initlocale(const char *ulocale, const char *slocale);
void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);
-#endif /* _LOGGING_H */
+#endif /* _SUDOERS_LOGGING_H */
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#ifdef HAVE_FNMATCH
# include <fnmatch.h>
+#else
+# include "compat/fnmatch.h"
#endif /* HAVE_FNMATCH */
-#ifdef HAVE_GLOB
-# include <glob.h>
-#endif /* HAVE_GLOB */
+#ifndef SUDOERS_NAME_MATCH
+# ifdef HAVE_GLOB
+# include <glob.h>
+# else
+# include "compat/glob.h"
+# endif /* HAVE_GLOB */
+#endif /* SUDOERS_NAME_MATCH */
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
+#else
+# include <netdb.h>
#endif /* HAVE_NETGROUP_H */
-#include <ctype.h>
-#include <pwd.h>
-#include <grp.h>
-#include <netdb.h>
#ifdef HAVE_DIRENT_H
# include <dirent.h>
# define NAMLEN(dirent) strlen((dirent)->d_name)
# include <ndir.h>
# endif
#endif
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
#include "sudoers.h"
#include "parse.h"
+#include "sha2.h"
#include <gram.h>
-#ifndef HAVE_FNMATCH
-# include "compat/fnmatch.h"
-#endif /* HAVE_FNMATCH */
-#ifndef HAVE_GLOB
-# include "compat/glob.h"
-#endif /* HAVE_GLOB */
-
static struct member_list empty;
static bool command_matches_dir(char *, size_t);
+#ifndef SUDOERS_NAME_MATCH
static bool command_matches_glob(char *, char *);
+#endif
static bool command_matches_fnmatch(char *, char *);
-static bool command_matches_normal(char *, char *);
+static bool command_matches_normal(char *, char *, struct sudo_digest *);
/*
* Returns true if string 's' contains meta characters.
* Check for user described by pw in a list of members.
* Returns ALLOW, DENY or UNSPEC.
*/
-static int
-_userlist_matches(struct passwd *pw, struct member_list *list)
+int
+userlist_matches(struct passwd *pw, struct member_list *list)
{
struct member *m;
struct alias *a;
int rval, matched = UNSPEC;
- debug_decl(_userlist_matches, SUDO_DEBUG_MATCH)
+ debug_decl(userlist_matches, SUDO_DEBUG_MATCH)
tq_foreach_rev(list, m) {
switch (m->type) {
matched = !m->negated;
break;
case ALIAS:
- if ((a = alias_find(m->name, USERALIAS)) != NULL) {
- rval = _userlist_matches(pw, &a->members);
+ if ((a = alias_get(m->name, USERALIAS)) != NULL) {
+ rval = userlist_matches(pw, &a->members);
if (rval != UNSPEC)
matched = m->negated ? !rval : rval;
+ alias_put(a);
break;
}
/* FALLTHROUGH */
debug_return_bool(matched);
}
-int
-userlist_matches(struct passwd *pw, struct member_list *list)
-{
- alias_seqno++;
- return _userlist_matches(pw, list);
-}
-
/*
* Check for user described by pw in a list of members.
* If both lists are empty compare against def_runas_default.
* Returns ALLOW, DENY or UNSPEC.
*/
-static int
-_runaslist_matches(struct member_list *user_list,
+int
+runaslist_matches(struct member_list *user_list,
struct member_list *group_list, struct member **matching_user,
struct member **matching_group)
{
int rval;
int user_matched = UNSPEC;
int group_matched = UNSPEC;
- debug_decl(_runaslist_matches, SUDO_DEBUG_MATCH)
+ debug_decl(runaslist_matches, SUDO_DEBUG_MATCH)
if (runas_pw != NULL) {
/* If no runas user or runas group listed in sudoers, use default. */
user_matched = !m->negated;
break;
case ALIAS:
- if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
- rval = _runaslist_matches(&a->members, &empty,
+ if ((a = alias_get(m->name, RUNASALIAS)) != NULL) {
+ rval = runaslist_matches(&a->members, &empty,
matching_user, NULL);
if (rval != UNSPEC)
user_matched = m->negated ? !rval : rval;
+ alias_put(a);
break;
}
/* FALLTHROUGH */
group_matched = !m->negated;
break;
case ALIAS:
- if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
- rval = _runaslist_matches(&empty, &a->members,
+ if ((a = alias_get(m->name, RUNASALIAS)) != NULL) {
+ rval = runaslist_matches(&empty, &a->members,
NULL, matching_group);
if (rval != UNSPEC)
group_matched = m->negated ? !rval : rval;
+ alias_put(a);
break;
}
/* FALLTHROUGH */
debug_return_int(UNSPEC);
}
-int
-runaslist_matches(struct member_list *user_list,
- struct member_list *group_list, struct member **matching_user,
- struct member **matching_group)
-{
- alias_seqno++;
- return _runaslist_matches(user_list ? user_list : &empty,
- group_list ? group_list : &empty, matching_user, matching_group);
-}
-
/*
* Check for host and shost in a list of members.
* Returns ALLOW, DENY or UNSPEC.
*/
-static int
-_hostlist_matches(struct member_list *list)
+int
+hostlist_matches(struct member_list *list)
{
struct member *m;
struct alias *a;
int rval, matched = UNSPEC;
- debug_decl(_hostlist_matches, SUDO_DEBUG_MATCH)
+ debug_decl(hostlist_matches, SUDO_DEBUG_MATCH)
tq_foreach_rev(list, m) {
switch (m->type) {
matched = !m->negated;
break;
case ALIAS:
- if ((a = alias_find(m->name, HOSTALIAS)) != NULL) {
- rval = _hostlist_matches(&a->members);
+ if ((a = alias_get(m->name, HOSTALIAS)) != NULL) {
+ rval = hostlist_matches(&a->members);
if (rval != UNSPEC)
matched = m->negated ? !rval : rval;
+ alias_put(a);
break;
}
/* FALLTHROUGH */
debug_return_bool(matched);
}
-int
-hostlist_matches(struct member_list *list)
-{
- alias_seqno++;
- return _hostlist_matches(list);
-}
-
/*
* Check for cmnd and args in a list of members.
* Returns ALLOW, DENY or UNSPEC.
*/
-static int
-_cmndlist_matches(struct member_list *list)
+int
+cmndlist_matches(struct member_list *list)
{
struct member *m;
int matched = UNSPEC;
- debug_decl(_cmndlist_matches, SUDO_DEBUG_MATCH)
+ debug_decl(cmndlist_matches, SUDO_DEBUG_MATCH)
tq_foreach_rev(list, m) {
matched = cmnd_matches(m);
debug_return_bool(matched);
}
-int
-cmndlist_matches(struct member_list *list)
-{
- alias_seqno++;
- return _cmndlist_matches(list);
-}
-
/*
* Check cmnd and args.
* Returns ALLOW, DENY or UNSPEC.
matched = !m->negated;
break;
case ALIAS:
- alias_seqno++;
- if ((a = alias_find(m->name, CMNDALIAS)) != NULL) {
- rval = _cmndlist_matches(&a->members);
+ if ((a = alias_get(m->name, CMNDALIAS)) != NULL) {
+ rval = cmndlist_matches(&a->members);
if (rval != UNSPEC)
matched = m->negated ? !rval : rval;
+ alias_put(a);
}
break;
case COMMAND:
c = (struct sudo_command *)m->name;
- if (command_matches(c->cmnd, c->args))
+ if (command_matches(c->cmnd, c->args, c->digest))
matched = !m->negated;
break;
}
}
static bool
-command_args_match(sudoers_cmnd, sudoers_args)
- char *sudoers_cmnd;
- char *sudoers_args;
+command_args_match(char *sudoers_cmnd, char *sudoers_args)
{
int flags = 0;
debug_decl(command_args_match, SUDO_DEBUG_MATCH)
* otherwise, return true if user_cmnd names one of the inodes in path.
*/
bool
-command_matches(char *sudoers_cmnd, char *sudoers_args)
+command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest)
{
debug_decl(command_matches, SUDO_DEBUG_MATCH)
* If sudoers_cmnd has meta characters in it, we need to
* use glob(3) and/or fnmatch(3) to do the matching.
*/
+#ifdef SUDOERS_NAME_MATCH
+ debug_return_bool(command_matches_fnmatch(sudoers_cmnd, sudoers_args));
+#else
if (def_fast_glob)
debug_return_bool(command_matches_fnmatch(sudoers_cmnd, sudoers_args));
debug_return_bool(command_matches_glob(sudoers_cmnd, sudoers_args));
+#endif
}
- debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args));
+ debug_return_bool(command_matches_normal(sudoers_cmnd, sudoers_args, digest));
}
static bool
debug_return_bool(false);
}
+#ifndef SUDOERS_NAME_MATCH
static bool
command_matches_glob(char *sudoers_cmnd, char *sudoers_args)
{
}
debug_return_bool(false);
}
+#endif /* SUDOERS_NAME_MATCH */
+
+#ifdef SUDOERS_NAME_MATCH
+static bool
+command_matches_normal(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest)
+{
+ size_t dlen;
+ debug_decl(command_matches_normal, SUDO_DEBUG_MATCH)
+
+ dlen = strlen(sudoers_cmnd);
+
+ /* If it ends in '/' it is a directory spec. */
+ if (sudoers_cmnd[dlen - 1] == '/')
+ debug_return_bool(command_matches_dir(sudoers_cmnd, dlen));
+
+ if (strcmp(user_cmnd, sudoers_cmnd) == 0) {
+ if (command_args_match(sudoers_cmnd, sudoers_args)) {
+ efree(safe_cmnd);
+ safe_cmnd = estrdup(sudoers_cmnd);
+ debug_return_bool(true);
+ }
+ }
+ debug_return_bool(false);
+}
+#else /* !SUDOERS_NAME_MATCH */
+
+static struct digest_function {
+ const char *digest_name;
+ const unsigned int digest_len;
+ void (*init)(SHA2_CTX *);
+ void (*update)(SHA2_CTX *, const unsigned char *, size_t);
+ void (*final)(unsigned char *, SHA2_CTX *);
+} digest_functions[] = {
+ {
+ "SHA224",
+ SHA224_DIGEST_LENGTH,
+ SHA224Init,
+ SHA224Update,
+ SHA224Final
+ }, {
+ "SHA256",
+ SHA256_DIGEST_LENGTH,
+ SHA256Init,
+ SHA256Update,
+ SHA256Final
+ }, {
+ "SHA384",
+ SHA384_DIGEST_LENGTH,
+ SHA384Init,
+ SHA384Update,
+ SHA384Final
+ }, {
+ "SHA512",
+ SHA512_DIGEST_LENGTH,
+ SHA512Init,
+ SHA512Update,
+ SHA512Final
+ }, {
+ NULL
+ }
+};
static bool
-command_matches_normal(char *sudoers_cmnd, char *sudoers_args)
+digest_matches(char *file, struct sudo_digest *sd)
+{
+ unsigned char file_digest[SHA512_DIGEST_LENGTH];
+ unsigned char sudoers_digest[SHA512_DIGEST_LENGTH];
+ unsigned char buf[32 * 1024];
+ struct digest_function *func = NULL;
+ size_t nread;
+ SHA2_CTX ctx;
+ FILE *fp;
+ unsigned int i;
+ debug_decl(digest_matches, SUDO_DEBUG_MATCH)
+
+ for (i = 0; digest_functions[i].digest_name != NULL; i++) {
+ if (sd->digest_type == i) {
+ func = &digest_functions[i];
+ break;
+ }
+ }
+ if (func == NULL) {
+ warningx(_("unsupported digest type %d for %s"), sd->digest_type, file);
+ debug_return_bool(false);
+ }
+ if (strlen(sd->digest_str) == func->digest_len * 2) {
+ /* Convert the command digest from ascii hex to binary. */
+ for (i = 0; i < func->digest_len; i++) {
+ if (!isxdigit((unsigned char)sd->digest_str[i + i]) ||
+ !isxdigit((unsigned char)sd->digest_str[i + i + 1])) {
+ goto bad_format;
+ }
+ sudoers_digest[i] = hexchar(&sd->digest_str[i + i]);
+ }
+ } else {
+ size_t len = base64_decode(sd->digest_str, sudoers_digest,
+ sizeof(sudoers_digest));
+ if (len != func->digest_len)
+ goto bad_format;
+ }
+
+ if ((fp = fopen(file, "r")) == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_INFO, "unable to open %s: %s",
+ file, strerror(errno));
+ debug_return_bool(false);
+ }
+
+ func->init(&ctx);
+ while ((nread = fread(buf, 1, sizeof(buf), fp)) != 0) {
+ func->update(&ctx, buf, nread);
+ }
+ if (ferror(fp)) {
+ warningx(_("%s: read error"), file);
+ fclose(fp);
+ debug_return_bool(false);
+ }
+ fclose(fp);
+ func->final(file_digest, &ctx);
+
+ debug_return_bool(memcmp(file_digest, sudoers_digest, func->digest_len) == 0);
+bad_format:
+ warningx(_("digest for %s (%s) is not in %s form"), file,
+ sd->digest_str, func->digest_name);
+ debug_return_bool(false);
+}
+
+static bool
+command_matches_normal(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest)
{
struct stat sudoers_stat;
char *base;
* a) there are no args in sudoers OR
* b) there are no args on command line and none req by sudoers OR
* c) there are args in sudoers and on command line and they match
+ * d) there is a digest and it matches
*/
if (user_stat != NULL &&
(user_stat->st_dev != sudoers_stat.st_dev ||
user_stat->st_ino != sudoers_stat.st_ino))
debug_return_bool(false);
- if (command_args_match(sudoers_cmnd, sudoers_args)) {
- efree(safe_cmnd);
- safe_cmnd = estrdup(sudoers_cmnd);
- debug_return_bool(true);
+ if (!command_args_match(sudoers_cmnd, sudoers_args))
+ debug_return_bool(false);
+ if (digest != NULL && !digest_matches(sudoers_cmnd, digest)) {
+ /* XXX - log functions not available but we should log very loudly */
+ debug_return_bool(false);
}
- debug_return_bool(false);
+ efree(safe_cmnd);
+ safe_cmnd = estrdup(sudoers_cmnd);
+ debug_return_bool(true);
}
+#endif /* SUDOERS_NAME_MATCH */
+#ifdef SUDOERS_NAME_MATCH
+/*
+ * Return true if user_cmnd begins with sudoers_dir, else false.
+ * Note that sudoers_dir include the trailing '/'
+ */
+static bool
+command_matches_dir(char *sudoers_dir, size_t dlen)
+{
+ debug_decl(command_matches_dir, SUDO_DEBUG_MATCH)
+ debug_return_bool(strncmp(user_cmnd, sudoers_dir, dlen) == 0);
+}
+#else /* !SUDOERS_NAME_MATCH */
/*
* Return true if user_cmnd names one of the inodes in dir, else false.
*/
closedir(dirp);
debug_return_bool(dent != NULL);
}
+#endif /* SUDOERS_NAME_MATCH */
/*
* Returns true if the hostname matches the pattern, else false
debug_return_bool(matched);
}
+#ifdef HAVE_INNETGR
+/*
+ * Get NIS-style domain name and return a malloc()ed copy or NULL if none.
+ */
+static char *
+sudo_getdomainname(void)
+{
+ char *domain = NULL;
+#ifdef HAVE_GETDOMAINNAME
+ char *buf, *cp;
+
+ buf = emalloc(HOST_NAME_MAX + 1);
+ if (getdomainname(buf, HOST_NAME_MAX + 1) == 0 && *buf != '\0') {
+ domain = buf;
+ for (cp = buf; *cp != '\0'; cp++) {
+ /* Check for illegal characters, Linux may use "(none)". */
+ if (*cp == '(' || *cp == ')' || *cp == ',' || *cp == ' ') {
+ domain = NULL;
+ break;
+ }
+ }
+ }
+ if (domain == NULL)
+ efree(buf);
+#endif /* HAVE_GETDOMAINNAME */
+ return domain;
+}
+#endif /* HAVE_INNETGR */
+
/*
* Returns true if "host" and "user" belong to the netgroup "netgr",
* else return false. Either of "host", "shost" or "user" may be NULL
bool
netgr_matches(char *netgr, char *lhost, char *shost, char *user)
{
+#ifdef HAVE_INNETGR
static char *domain;
-#ifdef HAVE_GETDOMAINNAME
static int initialized;
#endif
debug_decl(netgr_matches, SUDO_DEBUG_MATCH)
+#ifdef HAVE_INNETGR
/* make sure we have a valid netgroup, sudo style */
if (*netgr++ != '+')
debug_return_bool(false);
-#ifdef HAVE_GETDOMAINNAME
/* get the domain name (if any) */
if (!initialized) {
- domain = (char *) emalloc(MAXHOSTNAMELEN + 1);
- if (getdomainname(domain, MAXHOSTNAMELEN + 1) == -1 || *domain == '\0') {
- efree(domain);
- domain = NULL;
- }
+ domain = sudo_getdomainname();
initialized = 1;
}
-#endif /* HAVE_GETDOMAINNAME */
-#ifdef HAVE_INNETGR
if (innetgr(netgr, lhost, user, domain))
debug_return_bool(true);
else if (lhost != shost && innetgr(netgr, shost, user, domain))
/*
- * Copyright (c) 1996, 1998-2005, 2007-2011
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#endif /* HAVE_UNISTD_H */
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <netdb.h>
#include "sudoers.h"
#include "interfaces.h"
addr.ip4.s_addr = inet_addr(n);
}
- for (ifp = interfaces; ifp != NULL; ifp = ifp->next) {
+ for (ifp = get_interfaces(); ifp != NULL; ifp = ifp->next) {
if (ifp->family != family)
continue;
switch (family) {
}
#endif /* HAVE_STRUCT_IN6_ADDR */
- for (ifp = interfaces; ifp != NULL; ifp = ifp->next) {
+ for (ifp = get_interfaces(); ifp != NULL; ifp = ifp->next) {
if (ifp->family != family)
continue;
switch (family) {
/*
- * Copyright (c) 2004-2005, 2007-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004-2005, 2007-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#include <gram.h>
/* Characters that must be quoted in sudoers */
-#define SUDOERS_QUOTED ":\\,=#\""
+#define SUDOERS_QUOTED ":\\,=#\""
/* sudoers nsswitch routines */
struct sudo_nss sudo_nss_file = {
/*
* Parser externs.
*/
-extern FILE *yyin;
+extern FILE *sudoersin;
extern char *errorfile;
extern int errorlineno;
extern bool parse_error;
/*
* Local prototypes.
*/
-static void print_member(struct lbuf *, char *, int, int, int);
-static int display_bound_defaults(int, struct lbuf *);
+static int display_bound_defaults(int dtype, struct lbuf *lbuf);
+static void print_member(struct lbuf *lbuf, struct member *m, int alias_type);
+static void print_member2(struct lbuf *lbuf, struct member *m,
+ const char *separator, int alias_type);
int
sudo_file_open(struct sudo_nss *nss)
if (nss->handle != NULL) {
fclose(nss->handle);
nss->handle = NULL;
- yyin = NULL;
+ sudoersin = NULL;
}
debug_return_int(0);
}
debug_return_int(-1);
init_parser(sudoers_file, false);
- yyin = nss->handle;
- if (yyparse() != 0 || parse_error) {
+ sudoersin = nss->handle;
+ if (sudoersparse() != 0 || parse_error) {
if (errorlineno != -1) {
- log_error(0, _("parse error in %s near line %d"),
+ log_warning(0, N_("parse error in %s near line %d"),
errorfile, errorlineno);
} else {
- log_error(0, _("parse error in %s"), errorfile);
+ log_warning(0, N_("parse error in %s"), errorfile);
}
debug_return_int(-1);
}
debug_return_int(validated);
}
+#define TAG_SET(tt) \
+ ((tt) != UNSPEC && (tt) != IMPLIED)
+
#define TAG_CHANGED(t) \
- (cs->tags.t != UNSPEC && cs->tags.t != IMPLIED && cs->tags.t != tags->t)
+ (TAG_SET(cs->tags.t) && cs->tags.t != tags->t)
static void
sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags,
struct lbuf *lbuf)
{
- struct member *m;
debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS)
#ifdef HAVE_PRIV_SET
lbuf_append(lbuf, cs->tags.log_output ? "LOG_OUTPUT: " : "NOLOG_OUTPUT: ");
tags->log_output = cs->tags.log_output;
}
- m = cs->cmnd;
- print_member(lbuf, m->name, m->type, m->negated,
- CMNDALIAS);
+ print_member(lbuf, cs->cmnd, CMNDALIAS);
debug_return;
}
+#define RUNAS_CHANGED(cs1, cs2) \
+ (cs1 == NULL || cs2 == NULL || \
+ cs1->runasuserlist.first != cs2->runasuserlist.first || \
+ cs1->runasuserlist.last != cs2->runasuserlist.last || \
+ cs1->runasgrouplist.first != cs2->runasgrouplist.first || \
+ cs1->runasgrouplist.last != cs2->runasgrouplist.last)
+
static int
sudo_file_display_priv_short(struct passwd *pw, struct userspec *us,
struct lbuf *lbuf)
{
- struct cmndspec *cs;
+ struct cmndspec *cs, *prev_cs;
struct member *m;
struct privilege *priv;
struct cmndtag tags;
int nfound = 0;
debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS)
+ /* gcc -Wuninitialized false positive */
+ tags.noexec = UNSPEC;
+ tags.setenv = UNSPEC;
+ tags.nopasswd = UNSPEC;
+ tags.log_input = UNSPEC;
+ tags.log_output = UNSPEC;
tq_foreach_fwd(&us->privileges, priv) {
if (hostlist_matches(&priv->hostlist) != ALLOW)
continue;
- tags.noexec = UNSPEC;
- tags.setenv = UNSPEC;
- tags.nopasswd = UNSPEC;
- tags.log_input = UNSPEC;
- tags.log_output = UNSPEC;
- lbuf_append(lbuf, " ");
+ prev_cs = NULL;
tq_foreach_fwd(&priv->cmndlist, cs) {
- if (cs != tq_first(&priv->cmndlist))
- lbuf_append(lbuf, ", ");
- lbuf_append(lbuf, "(");
- if (!tq_empty(&cs->runasuserlist)) {
- tq_foreach_fwd(&cs->runasuserlist, m) {
- if (m != tq_first(&cs->runasuserlist))
- lbuf_append(lbuf, ", ");
- print_member(lbuf, m->name, m->type, m->negated,
- RUNASALIAS);
+ if (RUNAS_CHANGED(cs, prev_cs)) {
+ if (cs != tq_first(&priv->cmndlist))
+ lbuf_append(lbuf, "\n");
+ lbuf_append(lbuf, " (");
+ if (!tq_empty(&cs->runasuserlist)) {
+ tq_foreach_fwd(&cs->runasuserlist, m) {
+ if (m != tq_first(&cs->runasuserlist))
+ lbuf_append(lbuf, ", ");
+ print_member(lbuf, m, RUNASALIAS);
+ }
+ } else if (tq_empty(&cs->runasgrouplist)) {
+ lbuf_append(lbuf, "%s", def_runas_default);
+ } else {
+ lbuf_append(lbuf, "%s", pw->pw_name);
}
- } else if (tq_empty(&cs->runasgrouplist)) {
- lbuf_append(lbuf, "%s", def_runas_default);
- } else {
- lbuf_append(lbuf, "%s", pw->pw_name);
- }
- if (!tq_empty(&cs->runasgrouplist)) {
- lbuf_append(lbuf, " : ");
- tq_foreach_fwd(&cs->runasgrouplist, m) {
- if (m != tq_first(&cs->runasgrouplist))
- lbuf_append(lbuf, ", ");
- print_member(lbuf, m->name, m->type, m->negated,
- RUNASALIAS);
+ if (!tq_empty(&cs->runasgrouplist)) {
+ lbuf_append(lbuf, " : ");
+ tq_foreach_fwd(&cs->runasgrouplist, m) {
+ if (m != tq_first(&cs->runasgrouplist))
+ lbuf_append(lbuf, ", ");
+ print_member(lbuf, m, RUNASALIAS);
+ }
}
+ lbuf_append(lbuf, ") ");
+ tags.noexec = UNSPEC;
+ tags.setenv = UNSPEC;
+ tags.nopasswd = UNSPEC;
+ tags.log_input = UNSPEC;
+ tags.log_output = UNSPEC;
+ } else if (cs != tq_first(&priv->cmndlist)) {
+ lbuf_append(lbuf, ", ");
}
- lbuf_append(lbuf, ") ");
sudo_file_append_cmnd(cs, &tags, lbuf);
+ prev_cs = cs;
nfound++;
}
lbuf_append(lbuf, "\n");
debug_return_int(nfound);
}
+#define TAGS_CHANGED(ot, nt) \
+ ((TAG_SET((nt).setenv) && (nt).setenv != (ot).setenv) || \
+ (TAG_SET((nt).noexec) && (nt).noexec != (ot).noexec) || \
+ (TAG_SET((nt).nopasswd) && (nt).nopasswd != (ot).nopasswd) || \
+ (TAG_SET((nt).log_input) && (nt).log_input != (ot).log_input) || \
+ (TAG_SET((nt).log_output) && (nt).log_output != (ot).log_output))
+
+/*
+ * Compare the current cmndspec with the previous one to determine
+ * whether we need to start a new long entry for "sudo -ll".
+ * Returns true if we should start a new long entry, else false.
+ */
+static bool
+new_long_entry(struct cmndspec *cs, struct cmndspec *prev_cs)
+{
+ if (prev_cs == NULL)
+ return true;
+ if (RUNAS_CHANGED(cs, prev_cs) || TAGS_CHANGED(cs->tags, prev_cs->tags))
+ return true;
+#ifdef HAVE_PRIV_SET
+ if (cs->privs && (!prev_cs->privs || strcmp(cs->privs, prev_cs->privs) != 0))
+ return true;
+ if (cs->limitprivs && (!prev_cs->limitprivs || strcmp(cs->limitprivs, prev_cs->limitprivs) != 0))
+ return true;
+#endif /* HAVE_PRIV_SET */
+#ifdef HAVE_SELINUX
+ if (cs->role && (!prev_cs->role || strcmp(cs->role, prev_cs->role) != 0))
+ return true;
+ if (cs->type && (!prev_cs->type || strcmp(cs->type, prev_cs->type) != 0))
+ return true;
+#endif /* HAVE_SELINUX */
+ return false;
+}
+
static int
sudo_file_display_priv_long(struct passwd *pw, struct userspec *us,
struct lbuf *lbuf)
{
- struct cmndspec *cs;
+ struct cmndspec *cs, *prev_cs;
struct member *m;
struct privilege *priv;
- struct cmndtag tags;
- int nfound = 0;
+ int nfound = 0, olen;
debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS)
tq_foreach_fwd(&us->privileges, priv) {
if (hostlist_matches(&priv->hostlist) != ALLOW)
continue;
- tags.noexec = UNSPEC;
- tags.setenv = UNSPEC;
- tags.nopasswd = UNSPEC;
- tags.log_input = UNSPEC;
- tags.log_output = UNSPEC;
- lbuf_append(lbuf, _("\nSudoers entry:\n"));
+ prev_cs = NULL;
tq_foreach_fwd(&priv->cmndlist, cs) {
- lbuf_append(lbuf, _(" RunAsUsers: "));
- if (!tq_empty(&cs->runasuserlist)) {
- tq_foreach_fwd(&cs->runasuserlist, m) {
- if (m != tq_first(&cs->runasuserlist))
- lbuf_append(lbuf, ", ");
- print_member(lbuf, m->name, m->type, m->negated,
- RUNASALIAS);
- }
- } else if (tq_empty(&cs->runasgrouplist)) {
- lbuf_append(lbuf, "%s", def_runas_default);
- } else {
- lbuf_append(lbuf, "%s", pw->pw_name);
- }
- lbuf_append(lbuf, "\n");
- if (!tq_empty(&cs->runasgrouplist)) {
- lbuf_append(lbuf, _(" RunAsGroups: "));
- tq_foreach_fwd(&cs->runasgrouplist, m) {
- if (m != tq_first(&cs->runasgrouplist))
- lbuf_append(lbuf, ", ");
- print_member(lbuf, m->name, m->type, m->negated,
- RUNASALIAS);
+ if (new_long_entry(cs, prev_cs)) {
+ lbuf_append(lbuf, _("\nSudoers entry:\n"));
+ lbuf_append(lbuf, _(" RunAsUsers: "));
+ if (!tq_empty(&cs->runasuserlist)) {
+ tq_foreach_fwd(&cs->runasuserlist, m) {
+ if (m != tq_first(&cs->runasuserlist))
+ lbuf_append(lbuf, ", ");
+ print_member(lbuf, m, RUNASALIAS);
+ }
+ } else if (tq_empty(&cs->runasgrouplist)) {
+ lbuf_append(lbuf, "%s", def_runas_default);
+ } else {
+ lbuf_append(lbuf, "%s", pw->pw_name);
}
lbuf_append(lbuf, "\n");
+ if (!tq_empty(&cs->runasgrouplist)) {
+ lbuf_append(lbuf, _(" RunAsGroups: "));
+ tq_foreach_fwd(&cs->runasgrouplist, m) {
+ if (m != tq_first(&cs->runasgrouplist))
+ lbuf_append(lbuf, ", ");
+ print_member(lbuf, m, RUNASALIAS);
+ }
+ lbuf_append(lbuf, "\n");
+ }
+ olen = lbuf->len;
+ lbuf_append(lbuf, _(" Options: "));
+ if (TAG_SET(cs->tags.setenv))
+ lbuf_append(lbuf, "%ssetenv, ", cs->tags.setenv ? "" : "!");
+ if (TAG_SET(cs->tags.noexec))
+ lbuf_append(lbuf, "%snoexec, ", cs->tags.noexec ? "" : "!");
+ if (TAG_SET(cs->tags.nopasswd))
+ lbuf_append(lbuf, "%sauthenticate, ", cs->tags.nopasswd ? "!" : "");
+ if (TAG_SET(cs->tags.log_input))
+ lbuf_append(lbuf, "%slog_input, ", cs->tags.log_input ? "" : "!");
+ if (TAG_SET(cs->tags.log_output))
+ lbuf_append(lbuf, "%slog_output, ", cs->tags.log_output ? "" : "!");
+ if (lbuf->buf[lbuf->len - 2] == ',') {
+ lbuf->len -= 2; /* remove trailing ", " */
+ lbuf_append(lbuf, "\n");
+ } else {
+ lbuf->len = olen; /* no options */
+ }
+#ifdef HAVE_PRIV_SET
+ if (cs->privs)
+ lbuf_append(lbuf, " Privs: %s\n", cs->privs);
+ if (cs->limitprivs)
+ lbuf_append(lbuf, " Limitprivs: %s\n", cs->limitprivs);
+#endif /* HAVE_PRIV_SET */
+#ifdef HAVE_SELINUX
+ if (cs->role)
+ lbuf_append(lbuf, " Role: %s\n", cs->role);
+ if (cs->type)
+ lbuf_append(lbuf, " Type: %s\n", cs->type);
+#endif /* HAVE_SELINUX */
+ lbuf_append(lbuf, _(" Commands:\n"));
}
- lbuf_append(lbuf, _(" Commands:\n\t"));
- sudo_file_append_cmnd(cs, &tags, lbuf);
+ lbuf_append(lbuf, "\t");
+ print_member2(lbuf, cs->cmnd, "\n\t", CMNDALIAS);
lbuf_append(lbuf, "\n");
+ prev_cs = cs;
nfound++;
}
}
for (m = binding; m != NULL; m = m->next) {
if (m != binding)
lbuf_append(lbuf, ",");
- print_member(lbuf, m->name, m->type, m->negated, atype);
+ print_member(lbuf, m, atype);
lbuf_append(lbuf, " ");
}
} else
*/
static void
_print_member(struct lbuf *lbuf, char *name, int type, int negated,
- int alias_type)
+ const char *separator, int alias_type)
{
struct alias *a;
struct member *m;
}
break;
case ALIAS:
- if ((a = alias_find(name, alias_type)) != NULL) {
+ if ((a = alias_get(name, alias_type)) != NULL) {
tq_foreach_fwd(&a->members, m) {
if (m != tq_first(&a->members))
- lbuf_append(lbuf, ", ");
+ lbuf_append(lbuf, "%s", separator);
_print_member(lbuf, m->name, m->type,
- negated ? !m->negated : m->negated, alias_type);
+ negated ? !m->negated : m->negated, separator,
+ alias_type);
}
+ alias_put(a);
break;
}
/* FALLTHROUGH */
}
static void
-print_member(struct lbuf *lbuf, char *name, int type, int negated,
+print_member(struct lbuf *lbuf, struct member *m, int alias_type)
+{
+ _print_member(lbuf, m->name, m->type, m->negated, ", ", alias_type);
+}
+
+static void
+print_member2(struct lbuf *lbuf, struct member *m, const char *separator,
int alias_type)
{
- alias_seqno++;
- _print_member(lbuf, name, type, negated, alias_type);
+ _print_member(lbuf, m->name, m->type, m->negated, separator, alias_type);
}
/*
- * Copyright (c) 1996, 1998-2000, 2004, 2007-2011
+ * Copyright (c) 1996, 1998-2000, 2004, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_PARSE_H
-#define _SUDO_PARSE_H
+#ifndef _SUDOERS_PARSE_H
+#define _SUDOERS_PARSE_H
#undef UNSPEC
#define UNSPEC -1
#undef IMPLIED
#define IMPLIED 2
+#define SUDO_DIGEST_SHA224 0
+#define SUDO_DIGEST_SHA256 1
+#define SUDO_DIGEST_SHA384 2
+#define SUDO_DIGEST_SHA512 3
+#define SUDO_DIGEST_INVALID 4
+
+struct sudo_digest {
+ int digest_type;
+ char *digest_str;
+};
+
/*
- * A command with args. XXX - merge into struct member.
+ * A command with option args and digest.
+ * XXX - merge into struct member
*/
struct sudo_command {
char *cmnd;
char *args;
+ struct sudo_digest *digest;
};
/*
* Tags associated with a command.
- * Possible values: true, false, UNSPEC.
+ * Possible values: true, false, IMPLIED, UNSPEC.
*/
struct cmndtag {
__signed int nopasswd: 3;
struct member_list runasuserlist; /* list of runas users */
struct member_list runasgrouplist; /* list of runas groups */
struct member *cmnd; /* command to allow/deny */
+ char *digest; /* optional command digest */
struct cmndtag tags; /* tag specificaion */
#ifdef HAVE_SELINUX
char *role, *type; /* SELinux role and type */
struct alias {
char *name; /* alias name */
unsigned short type; /* {USER,HOST,RUNAS,CMND}ALIAS */
- unsigned short seqno; /* sequence number */
+ bool used; /* "used" flag for cycle detection */
struct member_list members; /* list of alias members */
};
extern struct userspec_list userspecs;
extern struct defaults_list defaults;
-/*
- * Alias sequence number to avoid loops.
- */
-extern unsigned int alias_seqno;
-
-/*
- * Prototypes
- */
-char *alias_add(char *, int, struct member *);
-bool addr_matches(char *);
-int cmnd_matches(struct member *);
-int cmndlist_matches(struct member_list *);
-bool command_matches(char *, char *);
-int hostlist_matches(struct member_list *);
-bool hostname_matches(char *, char *, char *);
-bool netgr_matches(char *, char *, char *, char *);
+/* alias.c */
bool no_aliases(void);
-int runaslist_matches(struct member_list *, struct member_list *, struct member **, struct member **);
-int userlist_matches(struct passwd *, struct member_list *);
-bool usergr_matches(char *, char *, struct passwd *);
-bool userpw_matches(char *, char *, struct passwd *);
-bool group_matches(char *, struct group *);
-struct alias *alias_find(char *, int);
-struct alias *alias_remove(char *, int);
-void alias_free(void *);
-void alias_apply(int (*)(void *, void *), void *);
+char *alias_add(char *name, int type, struct member *members);
+int alias_compare(const void *a1, const void *a2);
+struct alias *alias_get(char *name, int type);
+struct alias *alias_remove(char *name, int type);
+void alias_apply(int (*func)(void *, void *), void *cookie);
+void alias_free(void *a);
+void alias_put(struct alias *a);
void init_aliases(void);
-void init_lexer(void);
+
+/* gram.c */
void init_parser(const char *, bool);
-int alias_compare(const void *, const void *);
-#endif /* _SUDO_PARSE_H */
+/* match_addr.c */
+bool addr_matches(char *n);
+
+/* match.c */
+bool command_matches(char *sudoers_cmnd, char *sudoers_args, struct sudo_digest *digest);
+bool group_matches(char *sudoers_group, struct group *gr);
+bool hostname_matches(char *shost, char *lhost, char *pattern);
+bool netgr_matches(char *netgr, char *lhost, char *shost, char *user);
+bool usergr_matches(char *group, char *user, struct passwd *pw);
+bool userpw_matches(char *sudoers_user, char *user, struct passwd *pw);
+int cmnd_matches(struct member *m);
+int cmndlist_matches(struct member_list *list);
+int hostlist_matches(struct member_list *list);
+int runaslist_matches(struct member_list *user_list, struct member_list *group_list, struct member **matching_user, struct member **matching_group);
+int userlist_matches(struct passwd *pw, struct member_list *list);
+
+/* toke.c */
+void init_lexer(void);
+
+/* hexchar.c */
+int hexchar(const char *s);
+
+/* base64.c */
+size_t base64_decode(const char *str, unsigned char *dst, size_t dsize);
+
+#endif /* _SUDOERS_PARSE_H */
+++ /dev/null
-/*
- * Copyright (c) 2004-2005, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-
-#include "missing.h"
-#include "alloc.h"
-#include "error.h"
-#include "sudo_plugin.h"
-
-#define DEFAULT_TEXT_DOMAIN "sudoers"
-#include "gettext.h"
-
-static void _warning(int, const char *, va_list);
- void plugin_cleanup(int);
-
-extern sigjmp_buf error_jmp;
-
-extern sudo_conv_t sudo_conv;
-
-void
-error2(int eval, const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- _warning(1, fmt, ap);
- va_end(ap);
- plugin_cleanup(0);
- siglongjmp(error_jmp, eval);
-}
-
-void
-errorx2(int eval, const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- _warning(0, fmt, ap);
- va_end(ap);
- plugin_cleanup(0);
- siglongjmp(error_jmp, eval);
-}
-
-void
-warning2(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- _warning(1, fmt, ap);
- va_end(ap);
-}
-
-void
-warningx2(const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- _warning(0, fmt, ap);
- va_end(ap);
-}
-
-static void
-_warning(int use_errno, const char *fmt, va_list ap)
-{
- struct sudo_conv_message msg[6];
- struct sudo_conv_reply repl[6];
- char *str;
- int nmsgs = 4;
-
- evasprintf(&str, fmt, ap);
-
- /* Call conversation function */
- memset(&msg, 0, sizeof(msg));
- msg[0].msg_type = SUDO_CONV_ERROR_MSG;
- msg[0].msg = getprogname();
- msg[1].msg_type = SUDO_CONV_ERROR_MSG;
- msg[1].msg = _(": ");
- msg[2].msg_type = SUDO_CONV_ERROR_MSG;
- msg[2].msg = str;
- if (use_errno) {
- msg[3].msg_type = SUDO_CONV_ERROR_MSG;
- msg[3].msg = _(": ");
- msg[4].msg_type = SUDO_CONV_ERROR_MSG;
- msg[4].msg = strerror(errno);
- nmsgs = 6;
- }
- msg[nmsgs - 1].msg_type = SUDO_CONV_ERROR_MSG;
- msg[nmsgs - 1].msg = "\n";
- memset(&repl, 0, sizeof(repl));
- sudo_conv(nmsgs, msg, repl);
- efree(str);
-}
# Danish translation of sudoers.
# This file is put in the public domain.
-# Joe Hansen <joedalton2@yahoo.dk>, 2011, 2012.
+# Joe Hansen <joedalton2@yahoo.dk>, 2011, 2012, 2013.
#
# audit -> overvågning
# dummy -> attrap
# epoch -> epoke
# execute -> udføre (run -> kør)
# overflow -> overløb
+# principal -> værtshovedstol
# runas -> runas ? (eller måske bedre med kør som. den er valgt indtil videre)
# stat -> stat
#
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b3\n"
+"Project-Id-Version: sudoers 1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-07-11 16:27-0400\n"
-"PO-Revision-Date: 2012-08-10 23:06+0100\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-23 23:06+0100\n"
"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
"Language: da\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: gram.y:110
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s nær linje %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Adgangskode:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** SIKKERHEDSINFORMATION for %h ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Beklager, prøv igen."
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Alias »%s« er allerede defineret"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "kan ikke hente logindklasse for bruger %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "kan ikke starte bsd-godkendelse"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "ugyldig godkendelsestype"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "kan ikke opsætte godkendelse"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "kan ikke læse fwtk-konfiguration"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "kan ikke forbinde til godkendelsesserver"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "mistede forbindelsen til godkendelseserveren"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"godkendelsesserverfejl:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s: Kan ikke fjerne fortolkning af princ (»%s«): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: Kan ikke konvertere værtshovedstol til streng (»%s«): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: Kan ikke fortolke »%s«: %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s: Kan ikke løse ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: Kan ikke slå akkreditivmellemlager op: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: Kan ikke allokere tilvalg: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: Kan ikke indhente akkreditiver: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: Kan ikke initialisere ccache: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: Kan ikke initialisere akkreditivmellemlager: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: Kan ikke gemme cred i ccache: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: Kan ikke gemme akkreditiver i mellemlager: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s: Kan ikke indhente værtshovedstol: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: Kan ikke verifiere TGT! Muligt angreb!: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr "kan ikke initialisere PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "valideringsfejl for konto, er din konto låst?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "Konto eller adgangskoder er udløbet, nulstil din adgangskode og forsøg igen"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "kan ikke ændre udløbet adgangskode: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Adgangskode udløbet, kontakt din systemadministrator"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Konto udløbet eller PAM-konfiguration mangler et »kontoafsnit« for sudo. Kontakt din systemadministrator"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
+msgid "PAM authentication error: %s"
+msgstr "PAM-godkendelsesserverfejl: %s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Adgangskode: "
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Adgangskode:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "kan ikke etablere akkreditiver: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "du findes ikke i %s-databasen"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "kunne ikke initialisere ACE API-biblioteket"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "kan ikke kontakte SecurID-serveren"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "Bruger-ID låst for SecurID-godkendelse"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "ugyldigt brugernavnslængde for SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "ugyldigt godkendelseshåndtag for SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "SecurID-kommunikation fejlede"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "ukendt SecurID-fejl"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "ugyldig adgangskodelængde for SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "kan ikke initialisere SIA-session"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "Ugyldige godkendelsesmetoder kompileret ind i sudo! Du kan blande alenestående og ikkealenestående godkendelse."
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "ugyldige godkendelsesmetoder"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Ugyldige godkendelsesmetoder kompileret ind i sudo! Du kan ikke blande uafhængig og ikkeuafhængig godkendelse."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "ingen godkendelsesmetoder"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "Der er ingen godkendelsesmetoder kompileret ind i sudo! Hvis du ønsker at fravælge godkendelse så brug konfigurationstilvalget --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Godkendelsesmetoder:"
msgid "Could not determine audit condition"
msgstr "Kunne ikke bestemme overvågningsbetingelse"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
-msgstr "getauid fejlede"
+msgid "getauid: failed"
+msgstr "getauid: fejlede"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
#, c-format
msgid "unable to commit audit record"
msgstr "kan ikke indsende overvågningspost"
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid: fejlede"
-
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text: fejlede"
-#: plugins/sudoers/check.c:244 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:978 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:815
-#, c-format
-msgid "unable to open %s"
-msgstr "kan ikke åbne %s"
-
-#: plugins/sudoers/check.c:248 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "kan ikke skrive til %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/check.c:501
-#: plugins/sudoers/check.c:551 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "kan ikke mkdir %s"
-
-#: plugins/sudoers/check.c:391
-#, c-format
-msgid "internal error, expand_prompt() overflow"
-msgstr "intern fejl, expand_prompt()-overløb"
-
-#: plugins/sudoers/check.c:451
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "tidsstempelsti er for lang: %s"
-
-#: plugins/sudoers/check.c:480 plugins/sudoers/check.c:524
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s findes men er ikke en mappe (0%o)"
-
-#: plugins/sudoers/check.c:483 plugins/sudoers/check.c:527
-#: plugins/sudoers/check.c:572
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s ejet af uid %u, bør være uid %u"
-
-#: plugins/sudoers/check.c:488 plugins/sudoers/check.c:532
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s er skrivbar for ikkeejer (0%o), bør være tilstand 0700"
-
-#: plugins/sudoers/check.c:496 plugins/sudoers/check.c:540
-#: plugins/sudoers/check.c:608 plugins/sudoers/sudoers.c:993
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:581
-#, c-format
-msgid "unable to stat %s"
-msgstr "kan ikke stat %s"
-
-#: plugins/sudoers/check.c:566
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s findes men er ikke en regulær fil (0%o)"
-
-#: plugins/sudoers/check.c:578
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s skrivbar af ikkeejer (0%o), bør være tilstand 0600"
-
-#: plugins/sudoers/check.c:632
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "tidsstempel for langt ude i fremtiden: %20.20s"
-
-#: plugins/sudoers/check.c:679
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "kan ikke fjerne %s (%s), vil nulstille til epoken"
-
-#: plugins/sudoers/check.c:687
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "kan ikke nulstille %s til epoken"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Vi stoler på, at du har modtaget den gængse advarsel fra den lokale\n"
+"systemadministrator. Det drejer sig normalt om følgende tre ting:\n"
+"\n"
+" #1) Respekter andres privatliv.\n"
+" #2) Tænk før du taster.\n"
+" #3) Med stor magt følger stort ansvar.\n"
+"\n"
-#: plugins/sudoers/check.c:747 plugins/sudoers/check.c:753
-#: plugins/sudoers/sudoers.c:841 plugins/sudoers/sudoers.c:845
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "ukendt uid: %u"
-#: plugins/sudoers/check.c:750 plugins/sudoers/sudoers.c:782
-#: plugins/sudoers/sudoers.c:1110 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "ukendt bruger: %s"
msgid "Set the user in utmp to the runas user, not the invoking user"
msgstr "Angiv brugeren i utmp til brugeren kør som, ikke den opstartende bruger"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:347
+msgid "Set of permitted privileges"
+msgstr "Sæt af tilladte privilegier"
+
+# engelsk fejl? Set of limited ...
+#: plugins/sudoers/def_data.c:351
+msgid "Set of limit privileges"
+msgstr "Sæt af begræns privilegier"
+
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Kør kommandoer på en pty i baggrunden"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Opret en ny PAM-session som kommandoen kan køre i"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Maksimalt I/O-logsekvenstal"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "ukendt standardpunkt »%s«"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "værdi »%s« er ugyldig for indstilling »%s«"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "ingen værdi angivet for »%s«"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "værdier for »%s« skal begynde med en »/«"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "indstilling »%s« kan ikke modtage en værdi"
-#: plugins/sudoers/env.c:339
-#, c-format
-msgid "sudo_putenv: corrupted envp, length mismatch"
-msgstr "sudo_putenv: ødelagt envp, forskellig længde"
-
-#: plugins/sudoers/env.c:341 plugins/sudoers/env.c:411
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:682 toke.l:812 toke.l:872 toke.l:968
-#, c-format
-msgid "unable to allocate memory"
-msgstr "kan ikke allokere hukommelse"
-
-#: plugins/sudoers/env.c:366
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
#, c-format
-msgid "internal error, sudo_setenv2() overflow"
-msgstr "intern fejl, sudo_setenv2()-overløb"
+msgid "internal error, %s overflow"
+msgstr "intern fejl, %s-overløb"
-#: plugins/sudoers/env.c:410
+#: plugins/sudoers/env.c:367
#, c-format
-msgid "internal error, sudo_setenv() overflow"
-msgstr "intern fejl, sudo_setenv()-overløb"
+msgid "sudo_putenv: corrupted envp, length mismatch"
+msgstr "sudo_putenv: ødelagt envp, forskellig længde"
-#: plugins/sudoers/env.c:955
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "beklager, du har ikke tilladelse til at angive de følgende miljøvariabler: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:935 toke.l:678 toke.l:868
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s skal være ejet af uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s skal være skrivbar af ejer"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "kan ikke dlopen %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "kan ikke finde symbol »group_plugin« i %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: inkompatibel gruppeudvidelsesmodul for hovedversion %d, forventede %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Lokal IP-adresse og netmaskepar:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:981
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s findes men er ikke en mappe (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "kan ikke mkdir %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "kan ikke åbne %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "kan ikke læse %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "ugyldig sekvenstal %s"
+msgid "unable to write to %s"
+msgstr "kan ikke skrive til %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "kan ikke oprette %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:378
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "kan ikke angive sprog til »%s«, bruger »C«"
-
-#: plugins/sudoers/ldap.c:389
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: port for stor"
-#: plugins/sudoers/ldap.c:412
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: stigende mellemlager for vært (hostbuf) har ikke nok plads"
-#: plugins/sudoers/ldap.c:442
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "ikkeunderstøttet LDAP uri-type: %s"
-#: plugins/sudoers/ldap.c:471
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "ugyldig uri: %s"
-#: plugins/sudoers/ldap.c:477
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "kan ikke blande ldap og ldaps URI'er"
-#: plugins/sudoers/ldap.c:481
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "kan ikke blande ldaps og starttls"
-#: plugins/sudoers/ldap.c:500
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: opbyggende mellemlager for vært (hostbuf) har ikke nok plads"
-#: plugins/sudoers/ldap.c:574
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "kan ikke initialisere SSL-cert og key db: %s"
-#: plugins/sudoers/ldap.c:577
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "du skal angive at TLS_CERT i %s skal bruge SSL"
-#: plugins/sudoers/ldap.c:994
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "kan ikke indhente GMT-tid"
-#: plugins/sudoers/ldap.c:1000
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "kan ikke formatere tidsstempel"
-#: plugins/sudoers/ldap.c:1008
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "kan ikke bygge tidsfilter"
-#: plugins/sudoers/ldap.c:1223
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1 forskellige allokeringer"
-#: plugins/sudoers/ldap.c:1759
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"LDAP-rolle: %s\n"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"LDAP-rolle: UKENDT\n"
-#: plugins/sudoers/ldap.c:1808
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Rækkefølge: %s\n"
-#: plugins/sudoers/ldap.c:1816
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Kommandoer:\n"
-#: plugins/sudoers/ldap.c:2238
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "kan ikke initialisere LDAP: %s"
-#: plugins/sudoers/ldap.c:2272
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls angivet men LDAP libs understøtter ikke ldap_start_tls_s() eller ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2508
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "ugyldig sudoOrder-attribut: %s"
msgid "unable to open audit system"
msgstr "kan ikke åbne overvågningssystem"
-#: plugins/sudoers/linux_audit.c:82
-#, c-format
-msgid "internal error, linux_audit_command() overflow"
-msgstr "intern fejl, linux_audit_command()-overløb"
-
-#: plugins/sudoers/linux_audit.c:91
+#: plugins/sudoers/linux_audit.c:93
#, c-format
msgid "unable to send audit message"
msgstr "kan ikke sende overvågningsbesked"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s: (kommando fortsat) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "kan ikke åbne logfil: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "kan ikke låse logfil: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Ingen bruger eller vært"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "valideringsfejl"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "bruger IKKE i sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "bruger IKKE autoriseret på vært"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "kommando ikke tilladt"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s er ikke sudoersfilen. Denne handling vil blive rapporteret.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s har ikke tilladelse til at køre sudo på %s. Denne handling vil blive rapporteret.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Beklager. Bruger %s må ikke køre sudo på %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Beklager. Bruger %s har ikke tilladelse til at køre »%s%s%s« som %s%s%s på %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Ingen bruger eller vært"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "valideringsfejl"
-
-#: plugins/sudoers/logging.c:334 plugins/sudoers/sudoers.c:498
-#: plugins/sudoers/sudoers.c:499 plugins/sudoers/sudoers.c:1517
-#: plugins/sudoers/sudoers.c:1518
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: Kommando ikke fundet"
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:495
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"ignorerer »%s« fundet i ».«\n"
"Brug »sudo ./%s« hvis dette er »%s«, du ønsker at køre."
-#: plugins/sudoers/logging.c:350
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "godkendelsesfejl"
-#: plugins/sudoers/logging.c:374
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "der kræves en adgangskode"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] "%d ukorrekt adgangskodeforsøg"
msgstr[1] "%d ukorrekte adgangskodeforsøg"
-#: plugins/sudoers/logging.c:377
-msgid "a password is required"
-msgstr "der kræves en adgangskode"
-
-#: plugins/sudoers/logging.c:528
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "kan ikke forgrene"
-#: plugins/sudoers/logging.c:535 plugins/sudoers/logging.c:597
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "kan ikke forgrene: %m"
-#: plugins/sudoers/logging.c:587
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "kan ikke åbne datakanal: %m"
-#: plugins/sudoers/logging.c:612
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "kan ikke dup stdin: %m"
-#: plugins/sudoers/logging.c:648
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "kan ikke køre %s: %m"
-#: plugins/sudoers/logging.c:863
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "intern fejl: utilstrækkelig plads for loglinje"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "ej understøttet sammendragstype %d for %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: læsefejl"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "sammendrag for %s (%s) er ikke i %s-form"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "fortolkningsfejl i %s nær linje %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "fortolkningsfejl i %s"
-#: plugins/sudoers/parse.c:389
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Sudoers-punkt:\n"
-#: plugins/sudoers/parse.c:391
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " KørSomBrugere: "
-#: plugins/sudoers/parse.c:406
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " KørSomGrupper: "
-#: plugins/sudoers/parse.c:415
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Tilvalg: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "kan ikke udføre %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Udvidelsesmodulversion %s for sudoerspolitik\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Grammatikversion %d for sudoersfil\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Kommandoer:\n"
-"\t"
+"\n"
+"Sudoers-sti: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "nsswitch-sti: %s\n"
+
+#: plugins/sudoers/policy.c:670
+#, c-format
+msgid "ldap.conf path: %s\n"
+msgstr "ldap.conf-sti: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:671
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "kan ikke cache uid %u (%s), findes allerede"
+msgid "ldap.secret path: %s\n"
+msgstr "ldap.secret-sti: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "kan ikke cache uid %u, findes allerede"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "kan ikke cache bruger %s, findes allerede"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "kan ikke cache gid %u (%s), findes allerede"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "kan ikke cache gid %u, findes allerede"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "kan ikke cache gruppe %s, findes allerede"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "kan ikke cache gruppeliste for %s, findes allerede"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "kan ikke fortolke grupper for %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "permanent stakoverløb"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "permanent stakunderløb"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "kan ikke ændre til root gid"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "kan ikke ændre til kør som gid"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "kan ikke ændre til kør som uid"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "kan ikke ændre til sudoers gid"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "for mange processer"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "kan ikke angive kør som gruppevektor"
-#: plugins/sudoers/sudo_nss.c:243
+#: plugins/sudoers/sssd.c:257
+#, c-format
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "kan ikke initialisere SSS-kilde. Er SSSD installeret på din maskine?"
+
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
+#, c-format
+msgid "unable to find symbol \"%s\" in %s"
+msgstr "kan ikke finde symbol »%s« i %s"
+
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Matchende standardpunkter for %s på denne vært:\n"
-#: plugins/sudoers/sudo_nss.c:256
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Kør som og kommandospecifikke standarder for %s:\n"
-#: plugins/sudoers/sudo_nss.c:269
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
-msgstr "Bruger %s må ikke køre de følgende kommandoer på denne vært:\n"
+msgstr "Bruger %s må køre de følgende kommandoer på denne vært:\n"
-#: plugins/sudoers/sudo_nss.c:278
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Bruger %s har ikke tilladelse til at køre sudo på %s.\n"
-#: plugins/sudoers/sudoers.c:208 plugins/sudoers/sudoers.c:239
-#: plugins/sudoers/sudoers.c:943
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "problem med standardpunkter"
-#: plugins/sudoers/sudoers.c:212
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "ingen gyldige sudoerskilder fundet, afslutter"
-#: plugins/sudoers/sudoers.c:264
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "kan ikke udføre %s: %s"
-
-#: plugins/sudoers/sudoers.c:331
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers angiver at administrator (root) ikke har tilladelse til sudo"
-#: plugins/sudoers/sudoers.c:338
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "du har ikke tilladelse til at bruge tilvalget -C"
-#: plugins/sudoers/sudoers.c:427
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "tidsstempelejer (%s): Ingen sådan bruger"
-#: plugins/sudoers/sudoers.c:443
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "ingen tty"
-#: plugins/sudoers/sudoers.c:444
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "beklager, du skal bruge en tty for at køre sudo"
-#: plugins/sudoers/sudoers.c:494
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "kommando i aktuel mappe"
-#: plugins/sudoers/sudoers.c:506
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "beklager men du har ikke tilladelse til at bevare miljøet"
-#: plugins/sudoers/sudoers.c:666 plugins/sudoers/sudoers.c:673
-#, c-format
-msgid "internal error, runas_groups overflow"
-msgstr "intern fejl, runas_groups-overløb"
-
-#: plugins/sudoers/sudoers.c:926
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
#, c-format
-msgid "internal error, set_cmnd() overflow"
-msgstr "intern fejl, set_cmnd()-overløb"
+msgid "unable to stat %s"
+msgstr "kan ikke stat %s"
-#: plugins/sudoers/sudoers.c:996
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s er ikke en regulær fil"
-#: plugins/sudoers/sudoers.c:999 toke.l:831
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s er ejet af uid %u, bør være %u"
-#: plugins/sudoers/sudoers.c:1003 toke.l:838
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s er skrivbar for alle"
-#: plugins/sudoers/sudoers.c:1006 toke.l:843
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s er eget af gid %u, bør være %u"
-#: plugins/sudoers/sudoers.c:1033
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "kun administrator (root) kan bruge »-c %s«"
-#: plugins/sudoers/sudoers.c:1050 plugins/sudoers/sudoers.c:1052
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "ukendt logindklasse: %s"
-#: plugins/sudoers/sudoers.c:1079
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "kan ikke slå vært %s op"
-#: plugins/sudoers/sudoers.c:1131 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "ukendt gruppe: %s"
-#: plugins/sudoers/sudoers.c:1180
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Udvidelsesmodulversion %s for sudoerspolitik\n"
-
-#: plugins/sudoers/sudoers.c:1182
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Grammatikversion %d for sudoersfil\n"
-
-#: plugins/sudoers/sudoers.c:1186
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Sudoers-sti: %s\n"
-
-#: plugins/sudoers/sudoers.c:1189
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "nsswitch-sti: %s\n"
-
-#: plugins/sudoers/sudoers.c:1191
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "ldap.conf-sti: %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "ldap.secret-sti: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "ugyldigt filtertilvalg: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "ugyldig maks ventetid: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "ugyldig hastighedsfaktor: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s version %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/timing: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/timing: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Genafspiller sudosession: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Advarsel: Din terminal er for lille til korrekt at afspille loggen.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Loggeometri er %d x %d, din terminals geometri er %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "kan ikke angive tty til rå (raw) tilstand"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "ugyldig timingfillinje: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "skriver til standarduddata"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "tvetydigt udtryk »%s«"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "for mange udtryk i parentes, maks %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "manglende »)« i udtryk"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "ukendt søgeterm »%s«"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s kræver et argument"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "ugyldigt regulært udtryk: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "kunne ikke fortolke dato »%s«"
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "mangler »(« i udtryk"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "ugyldig kæde »or« (eller)"
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "ugyldig kæde »!«"
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "ugyldigt regulært udtryk: %s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "brug: %s [-h] [-d mappe] [-m maks_ventetid] [-s hastighedsfaktor] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "brug: %s [-h] [-d mappe] -l [søgeudtryk]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - genafspil sudosessionslogge\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s hastighedsfaktor øg eller sænk uddata\n"
" -V vis versionsinformation og afslut"
-#: plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, init_vars() overflow"
-msgstr "intern fejl, init_vars()-overløb"
-
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\thost matchede ikke"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Kommando tilladt"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Kommando nægtet"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Kommando ikke matchet"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "tidsstempelsti er for lang: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s ejet af uid %u, bør være uid %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s er skrivbar for ikkeejer (0%o), bør være tilstand 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s findes men er ikke en regulær fil (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s skrivbar af ikkeejer (0%o), bør være tilstand 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "tidsstempel for langt ude i fremtiden: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "kan ikke fjerne %s, vil nulstille til epoken"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "kan ikke nulstille %s til epoken"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: overløb for mellemlager"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s grammatikversion %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:538
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "tryk retur for at redigere %s: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "skrivefejl"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "kan ikke stat midlertidig fil (%s), %s unchanged"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "midlertidig fil med nullængde (%s), %s uændret"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "redigeringsprogram (%s) fejlede, %s uændret"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s uændret"
-#: plugins/sudoers/visudo.c:483
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "kan ikke genåbne midlertidig fil (%s), %s uændrede."
-#: plugins/sudoers/visudo.c:493
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "kan ikke fortolke midlertidig fil (%s), ukendt fejl"
-#: plugins/sudoers/visudo.c:531
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "intern fejl, kan ikke finde %s på listen!"
-#: plugins/sudoers/visudo.c:583 plugins/sudoers/visudo.c:592
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "kan ikke angive (uid, gid) af %s til (%u, %u)"
-#: plugins/sudoers/visudo.c:587 plugins/sudoers/visudo.c:597
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "kan ikke ændre tilstand på %s til 0%o"
-#: plugins/sudoers/visudo.c:614
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s og %s er ikke på det samme filsystem, bruger mv til at omdøbe"
-#: plugins/sudoers/visudo.c:628
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "kommando fejlede: »%s %s %s«, %s uændret"
-#: plugins/sudoers/visudo.c:638
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "fejl under omdøbing af %s, %s uændret"
-#: plugins/sudoers/visudo.c:701
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Hvad nu? "
-#: plugins/sudoers/visudo.c:715
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" afslut(x) uden at gemme ændringer til sudoersfil\n"
" afslut(Q) og gem ændringer til sudoersfil (FARLIGT!)\n"
-#: plugins/sudoers/visudo.c:756
-#, c-format
-msgid "unable to execute %s"
-msgstr "kan ikke udføre %s"
-
-#: plugins/sudoers/visudo.c:763
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "kan ikke køre %s"
-#: plugins/sudoers/visudo.c:789
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: forkert ejer (uid, gid) bør være (%u, %u)\n"
-#: plugins/sudoers/visudo.c:796
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: ugyldige rettigheder, bør være tilstand 0%o\n"
-#: plugins/sudoers/visudo.c:821
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "kunne ikke fortolke %s-fil, ukendt fejl"
-#: plugins/sudoers/visudo.c:834
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "fortolkningsfejl i %s nær linje %d\n"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "fortolkningsfejl i %s\n"
-#: plugins/sudoers/visudo.c:844 plugins/sudoers/visudo.c:849
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: fortolket o.k.\n"
-#: plugins/sudoers/visudo.c:896
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s travl, forsøg igen senere"
-#: plugins/sudoers/visudo.c:940
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "angivet redigeringsprogram (%s) findes ikke"
-#: plugins/sudoers/visudo.c:963
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "kan ikke stat redigeringsprogram (%s)"
-#: plugins/sudoers/visudo.c:1011
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "intet redigeringsprogram fundet (sti for redigeringsprogram = %s)"
-#: plugins/sudoers/visudo.c:1105
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Fejl: Cyklus i %s_Alias »%s«"
-#: plugins/sudoers/visudo.c:1106
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Advarsel: Cyklus i %s_Alias »%s«"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Fejl: %s_Alias »%s« refereret men ikke defineret"
-#: plugins/sudoers/visudo.c:1110
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Advarsel: %s_Alias »%s« refereret men ikke defineret"
-#: plugins/sudoers/visudo.c:1245
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: ubrugt %s_Alias %s"
-#: plugins/sudoers/visudo.c:1301
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - rediger sikkert sudoersfilen\n"
"\n"
-#: plugins/sudoers/visudo.c:1303
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s streng syntakskontrol\n"
" -V vis information om version og afslut"
-#: toke.l:805
+#: toke.l:886
msgid "too many levels of includes"
msgstr "for mange niveauer af includes (inkluderinger)"
+
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok: %s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate: %s"
+
+#~ msgid "Password: "
+#~ msgstr "Adgangskode: "
+
+#~ msgid "getauid failed"
+#~ msgstr "getauid fejlede"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "Kan ikke dlopen %s: %s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "ugyldigt regulært udtryk: %s"
--- /dev/null
+# Portable object template file for the sudoers plugin
+# This file is put in the public domain.
+# Todd C. Miller <Todd.Miller@courtesan.com>, 2011-2013
+# Jochen Hein <jochen@jochen.org>, 2001-2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: sudoers 1.8.7b3\n"
+"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
+"POT-Creation-Date: 2013-04-24 11:10-0400\n"
+"PO-Revision-Date: 2013-05-20 16:11+0200\n"
+"Last-Translator: Jochen Hein <jochen@jochen.org>\n"
+"Language-Team: German <translation-team-de@lists.sourceforge.net>\n"
+"Language: German\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Passwort:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** Sicherheits-Information für %h ***"
+
+# XXX
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Das hat nicht funktioniert, bitte nochmal probieren."
+
+#: plugins/sudoers/alias.c:124
+#, c-format
+msgid "Alias `%s' already defined"
+msgstr "Alias »%s« ist bereits definiert"
+
+#: plugins/sudoers/auth/bsdauth.c:77
+#, c-format
+msgid "unable to get login class for user %s"
+msgstr "Kann die Login-Klasse des Benutzers »%s« nicht lesen"
+
+#: plugins/sudoers/auth/bsdauth.c:83
+msgid "unable to begin bsd authentication"
+msgstr "Kann die BSD-Authentisierung nicht beginnen"
+
+#: plugins/sudoers/auth/bsdauth.c:91
+msgid "invalid authentication type"
+msgstr "ungültiger Authentisierungstyp"
+
+#: plugins/sudoers/auth/bsdauth.c:100
+msgid "unable to setup authentication"
+msgstr "kann die Authentisierung nicht vorbereiten"
+
+#: plugins/sudoers/auth/fwtk.c:59
+#, c-format
+msgid "unable to read fwtk config"
+msgstr "Kann die fwtk-Konfiguration nicht lesen"
+
+#: plugins/sudoers/auth/fwtk.c:64
+#, c-format
+msgid "unable to connect to authentication server"
+msgstr "Kann nicht zum Authentisierungsserver verbinden"
+
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
+#, c-format
+msgid "lost connection to authentication server"
+msgstr "Verbindung zum Authentisierungsserver verloren"
+
+#: plugins/sudoers/auth/fwtk.c:74
+#, c-format
+msgid ""
+"authentication server error:\n"
+"%s"
+msgstr ""
+"Fehler des Authentisierungsservers:\n"
+"%s"
+
+#: plugins/sudoers/auth/kerb5.c:116
+#, c-format
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: kann den Principal nicht in eine Zeichenkette konvertieren (»%s«): %s"
+
+#: plugins/sudoers/auth/kerb5.c:159
+#, c-format
+msgid "%s: unable to parse '%s': %s"
+msgstr "%s: kann »%s« nicht parsen: %s"
+
+# XXX check source?
+#: plugins/sudoers/auth/kerb5.c:169
+#, c-format
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: kann den Credential-Cache nicht auflösen: %s"
+
+#: plugins/sudoers/auth/kerb5.c:217
+#, c-format
+msgid "%s: unable to allocate options: %s"
+msgstr "%s: kann die Optionen nicht allozieren: %s"
+
+#: plugins/sudoers/auth/kerb5.c:233
+#, c-format
+msgid "%s: unable to get credentials: %s"
+msgstr "%s: kann die Credentials nicht bekommen: %s"
+
+#: plugins/sudoers/auth/kerb5.c:246
+#, c-format
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: kann den Credential-Cache nicht initialisieren: %s"
+
+#: plugins/sudoers/auth/kerb5.c:250
+#, c-format
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: kann die Credentials nicht im Credential-Cache speichern: %s"
+
+#: plugins/sudoers/auth/kerb5.c:315
+#, c-format
+msgid "%s: unable to get host principal: %s"
+msgstr "%s: kann das Rechner-Principal nicht bekommen: %s"
+
+#: plugins/sudoers/auth/kerb5.c:330
+#, c-format
+msgid "%s: Cannot verify TGT! Possible attack!: %s"
+msgstr "%s: kann das TGT nicht verifizieren! Möglicher Angriff!: %s"
+
+#: plugins/sudoers/auth/pam.c:105
+msgid "unable to initialize PAM"
+msgstr "Kann PAM nicht initialisieren"
+
+# XXX wie account übersetzen?
+#: plugins/sudoers/auth/pam.c:150
+msgid "account validation failure, is your account locked?"
+msgstr "Fehler bei der Validierung des Zugangs, ist der Zugang gesperrt?"
+
+#: plugins/sudoers/auth/pam.c:154
+msgid "Account or password is expired, reset your password and try again"
+msgstr "Zugang oder Password ist abgelaufen, bitte Passwort zurücksetzen und nochmal probieren"
+
+#: plugins/sudoers/auth/pam.c:162
+#, c-format
+msgid "unable to change expired password: %s"
+msgstr "kann das abgelaufene Passwort nicht ändern: %s«"
+
+#: plugins/sudoers/auth/pam.c:167
+msgid "Password expired, contact your system administrator"
+msgstr "Dass Passwort ist abgelaufen, bitte wenden Sie sich an den Systemadministrator"
+
+#: plugins/sudoers/auth/pam.c:171
+msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
+msgstr "Der Zugang ist abgelaufen oder in der PAM-Konfiguration fehlt der »account«-Abschnitt für sudo. Bitte wenden Sie sich an den Systemadministrator"
+
+#: plugins/sudoers/auth/pam.c:188
+#, c-format
+msgid "PAM authentication error: %s"
+msgstr "Fehler bei der PAM-Authentisierung: %s"
+
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "kann die Credentials nicht bekommen: %s"
+
+# XXX Karl fragen
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
+#, c-format
+msgid "you do not exist in the %s database"
+msgstr "Der Benutzer existiert nicht in der %s Datenbank"
+
+#: plugins/sudoers/auth/securid5.c:80
+#, c-format
+msgid "failed to initialise the ACE API library"
+msgstr "Die ACE API Bibliothen konnte nicht initialisiert werden"
+
+#: plugins/sudoers/auth/securid5.c:106
+#, c-format
+msgid "unable to contact the SecurID server"
+msgstr "Kann den SecurID-Server nicht erreichen"
+
+#: plugins/sudoers/auth/securid5.c:115
+#, c-format
+msgid "User ID locked for SecurID Authentication"
+msgstr "Benutzer-ID ist für SecurID-Authentisierung gesperrt"
+
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
+#, c-format
+msgid "invalid username length for SecurID"
+msgstr "ungültige Länge des Benutzernamens für SecurID"
+
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
+#, c-format
+msgid "invalid Authentication Handle for SecurID"
+msgstr "ungültiges Authentication Handle für SecurID"
+
+#: plugins/sudoers/auth/securid5.c:127
+#, c-format
+msgid "SecurID communication failed"
+msgstr "SecurID Kommunikation fehlgeschlagen"
+
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
+#, c-format
+msgid "unknown SecurID error"
+msgstr "unbekannter SecurID Fehler"
+
+#: plugins/sudoers/auth/securid5.c:165
+#, c-format
+msgid "invalid passcode length for SecurID"
+msgstr "ungültige Passcode Länge für SecurID"
+
+#: plugins/sudoers/auth/sia.c:108
+msgid "unable to initialize SIA session"
+msgstr "kann die SIA Sitzung nicht initialisieren"
+
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "ungültige Authentisierungsmethoden"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Ungültige Authentifizierungsmethoden sind in sudo einkompiliert! Standalone und nicht-standalone Authentifizierung können nicht zusammen verwendet werden."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "keine Authentisierungsmethoden"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
+msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
+msgstr "Es sind keine Authentifizierungsmethoden in sudo einkompiliert! Wenn Sie Authentifizierung wirklich abschalten wollen, verwenden Sie bitte die configure-Option »--disable-athentication«."
+
+#: plugins/sudoers/auth/sudo_auth.c:389
+msgid "Authentication methods:"
+msgstr "Authentisierungsmethoden:"
+
+# XXX unklar
+#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153
+msgid "Could not determine audit condition"
+msgstr "Kann den Audit-Zustand nicht bestimmen"
+
+# XXX error at close
+#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
+msgid "unable to commit audit record"
+msgstr "Audit-Satz kann nicht auf Platte geschrieben werden"
+
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Wir gehen davon aus, dass der lokale Systemadministrator Ihnen die\n"
+"Regeln erklärt hat. Normalerweise läuft es auf drei Regeln hinaus:\n"
+"\n"
+" #1) Resprektieren Sie die Privatsphäre anderer.\n"
+" #2) Denken Sie nach bevor Sie tippen.\n"
+" #3) Mit großer Macht kommt große Verantwortung.\n"
+"\n"
+
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
+#, c-format
+msgid "unknown uid: %u"
+msgstr "unbekannte uid: %u"
+
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
+#, c-format
+msgid "unknown user: %s"
+msgstr "unbekannter Benutzer: %s"
+
+#: plugins/sudoers/def_data.c:27
+#, c-format
+msgid "Syslog facility if syslog is being used for logging: %s"
+msgstr "Syslog Facility wenn syslog für Protokollierung verwendet wird: %s"
+
+#: plugins/sudoers/def_data.c:31
+#, c-format
+msgid "Syslog priority to use when user authenticates successfully: %s"
+msgstr "Syslog Priorität wenn der Benutzer sich erfolgreich authentifiziert: %s"
+
+#: plugins/sudoers/def_data.c:35
+#, c-format
+msgid "Syslog priority to use when user authenticates unsuccessfully: %s"
+msgstr "Syslog Priorität wenn der Benutzer sich nicht erfolgreich authentifiziert: %s"
+
+#: plugins/sudoers/def_data.c:39
+msgid "Put OTP prompt on its own line"
+msgstr "Schreibe den OTP (One-Time-Passwords) Prompt in eine eigene Zeile"
+
+#: plugins/sudoers/def_data.c:43
+msgid "Ignore '.' in $PATH"
+msgstr "Ignoriere ».« in $PATH"
+
+#: plugins/sudoers/def_data.c:47
+msgid "Always send mail when sudo is run"
+msgstr "Sende immer eine Mail wenn sudo gestartet wird"
+
+#: plugins/sudoers/def_data.c:51
+msgid "Send mail if user authentication fails"
+msgstr "Sende eine Mail wenn die Authentifizierung des Benutzers fehlschlägt"
+
+#: plugins/sudoers/def_data.c:55
+msgid "Send mail if the user is not in sudoers"
+msgstr "Sende eine Mail wenn der Benutzer nicht in der sudoers Datei steht"
+
+#: plugins/sudoers/def_data.c:59
+msgid "Send mail if the user is not in sudoers for this host"
+msgstr "Sende eine Mail wenn der Benutzer nicht in der sudoers Datei für diesen Rechner steht"
+
+#: plugins/sudoers/def_data.c:63
+msgid "Send mail if the user is not allowed to run a command"
+msgstr "Sende eine Mail wenn der Benutzer nicht berechtigt ist ein Kommando auszuführen"
+
+#: plugins/sudoers/def_data.c:67
+msgid "Use a separate timestamp for each user/tty combo"
+msgstr "Verwende getrennte Zeitstempel für jede Benutzer/tty Kombination"
+
+#: plugins/sudoers/def_data.c:71
+msgid "Lecture user the first time they run sudo"
+msgstr "Belehre den Benutzer beim ersten Aufruf von sudo"
+
+#: plugins/sudoers/def_data.c:75
+#, c-format
+msgid "File containing the sudo lecture: %s"
+msgstr "Datei mit der sudo-Belehrung: %s"
+
+#: plugins/sudoers/def_data.c:79
+msgid "Require users to authenticate by default"
+msgstr "Standardmäßig muss der Benutzer sich authentifizieren"
+
+#: plugins/sudoers/def_data.c:83
+msgid "Root may run sudo"
+msgstr "Root darf sudo verwenden"
+
+#: plugins/sudoers/def_data.c:87
+msgid "Log the hostname in the (non-syslog) log file"
+msgstr "Protokolliere den Hostname in der (nicht-syslog) Log-Datei"
+
+#: plugins/sudoers/def_data.c:91
+msgid "Log the year in the (non-syslog) log file"
+msgstr "Protokolliere das Jahr in der (nicht-syslog) Log-Datei"
+
+#: plugins/sudoers/def_data.c:95
+msgid "If sudo is invoked with no arguments, start a shell"
+msgstr "Starte eine Shell, wenn sudo ohne Parameter aufgerufen wird"
+
+#: plugins/sudoers/def_data.c:99
+msgid "Set $HOME to the target user when starting a shell with -s"
+msgstr "Setze die Umgebungsvariable $HOME beim Starten einer Shell mit »-s«"
+
+#: plugins/sudoers/def_data.c:103
+msgid "Always set $HOME to the target user's home directory"
+msgstr "Immer die Variable $HOME auf das Home-Verzeichnis des Ziel-Benutzers setzen"
+
+#: plugins/sudoers/def_data.c:107
+msgid "Allow some information gathering to give useful error messages"
+msgstr "Erlaube Informationssammlung für nützliche Fehlermeldungen"
+
+#: plugins/sudoers/def_data.c:111
+msgid "Require fully-qualified hostnames in the sudoers file"
+msgstr "Sind voll qualifizierte Hostnamen in der sudoers-Datei notwendig"
+
+#: plugins/sudoers/def_data.c:115
+msgid "Insult the user when they enter an incorrect password"
+msgstr "»Beschimpfung« bei Eingabe eines falschen Passwortes"
+
+#: plugins/sudoers/def_data.c:119
+msgid "Only allow the user to run sudo if they have a tty"
+msgstr "Der Benutzer darf sudo nur aufrufen wenn ein tty vorhanden ist"
+
+#: plugins/sudoers/def_data.c:123
+msgid "Visudo will honor the EDITOR environment variable"
+msgstr "Visudo beachtet die Umgebungsvariable »EDITOR«"
+
+#: plugins/sudoers/def_data.c:127
+msgid "Prompt for root's password, not the users's"
+msgstr "Frage nach dem root-Passwort, nicht dem Passwort des Benutzers"
+
+#: plugins/sudoers/def_data.c:131
+msgid "Prompt for the runas_default user's password, not the users's"
+msgstr "Frage nach dem Passwort des Benutzers »runas_default«, nicht dem Passwort des aufrufenden Benutzers"
+
+#: plugins/sudoers/def_data.c:135
+msgid "Prompt for the target user's password, not the users's"
+msgstr "Frage nach dem Passwort des Ziel-Benutzers, nicht dem Passwort des aufrufenden Benutzers"
+
+#: plugins/sudoers/def_data.c:139
+msgid "Apply defaults in the target user's login class if there is one"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:143
+msgid "Set the LOGNAME and USER environment variables"
+msgstr "Setze die Umgebungsvariablen »LOGNAME« und »USER«"
+
+#: plugins/sudoers/def_data.c:147
+msgid "Only set the effective uid to the target user, not the real uid"
+msgstr "Setze nur die effektive UID auf den Ziel-Benutzer, nicht die reale UID"
+
+# XXX Keep the group list of the logged in user?
+#: plugins/sudoers/def_data.c:151
+msgid "Don't initialize the group vector to that of the target user"
+msgstr "Die sekundären Gruppen nicht auf die Gruppen des Ziel-Benutzers setzen"
+
+#: plugins/sudoers/def_data.c:155
+#, c-format
+msgid "Length at which to wrap log file lines (0 for no wrap): %d"
+msgstr "Zeilenlänge für Zeilenumbruch (0 für keinen Zeilenumbruch): %d"
+
+#: plugins/sudoers/def_data.c:159
+#, c-format
+msgid "Authentication timestamp timeout: %.1f minutes"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:163
+#, c-format
+msgid "Password prompt timeout: %.1f minutes"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:167
+#, c-format
+msgid "Number of tries to enter a password: %d"
+msgstr "Anzahl Versuche zur Eingabe des Passwortes: %d"
+
+#: plugins/sudoers/def_data.c:171
+#, c-format
+msgid "Umask to use or 0777 to use user's: 0%o"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:175
+#, c-format
+msgid "Path to log file: %s"
+msgstr "Pfad zur Log-Datei: %s"
+
+#: plugins/sudoers/def_data.c:179
+#, c-format
+msgid "Path to mail program: %s"
+msgstr "Pfad zum Mail-Programm: %s"
+
+#: plugins/sudoers/def_data.c:183
+#, c-format
+msgid "Flags for mail program: %s"
+msgstr "Parameter für das Mail-Programm: %s"
+
+#: plugins/sudoers/def_data.c:187
+#, c-format
+msgid "Address to send mail to: %s"
+msgstr "Mail-Adresse des Empfängers: %s"
+
+#: plugins/sudoers/def_data.c:191
+#, c-format
+msgid "Address to send mail from: %s"
+msgstr "Mail-Adresse des Absenders: %s"
+
+#: plugins/sudoers/def_data.c:195
+#, c-format
+msgid "Subject line for mail messages: %s"
+msgstr "Subject:-Zeile für Mails: %s"
+
+#: plugins/sudoers/def_data.c:199
+#, c-format
+msgid "Incorrect password message: %s"
+msgstr "Meldung bei Eingabe eines falschen Passwortes: %s"
+
+#: plugins/sudoers/def_data.c:203
+#, c-format
+msgid "Path to authentication timestamp dir: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:207
+#, c-format
+msgid "Owner of the authentication timestamp dir: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:211
+#, c-format
+msgid "Users in this group are exempt from password and PATH requirements: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:215
+#, c-format
+msgid "Default password prompt: %s"
+msgstr "Standard Passwort-Prompt: %s"
+
+#: plugins/sudoers/def_data.c:219
+msgid "If set, passprompt will override system prompt in all cases."
+msgstr ""
+
+#: plugins/sudoers/def_data.c:223
+#, c-format
+msgid "Default user to run commands as: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:227
+#, c-format
+msgid "Value to override user's $PATH with: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:231
+#, c-format
+msgid "Path to the editor for use by visudo: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:235
+#, c-format
+msgid "When to require a password for 'list' pseudocommand: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:239
+#, c-format
+msgid "When to require a password for 'verify' pseudocommand: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:243
+msgid "Preload the dummy exec functions contained in the sudo_noexec library"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:247
+msgid "If LDAP directory is up, do we ignore local sudoers file"
+msgstr "Wenn das LDAP-Verzeichnis erreichbar ist, wird die lokale sudoers-Datei ignoriert?"
+
+#: plugins/sudoers/def_data.c:251
+#, c-format
+msgid "File descriptors >= %d will be closed before executing a command"
+msgstr "Datei-Deskriptoren >= %d werden geschlossen, bevor ein Kommando ausgeführt wird"
+
+#: plugins/sudoers/def_data.c:255
+msgid "If set, users may override the value of `closefrom' with the -C option"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:259
+msgid "Allow users to set arbitrary environment variables"
+msgstr "Erlaube Benutzern beliebige Umgebungsvariablen zu setzen"
+
+#: plugins/sudoers/def_data.c:263
+msgid "Reset the environment to a default set of variables"
+msgstr "Setze die Umgebung auf eine Standard-Menge an Variablen zurück"
+
+#: plugins/sudoers/def_data.c:267
+msgid "Environment variables to check for sanity:"
+msgstr "Prüfe folgende Umgebungsvariablen:"
+
+#: plugins/sudoers/def_data.c:271
+msgid "Environment variables to remove:"
+msgstr "Lösche folgende Umgebungsvariablen:"
+
+#: plugins/sudoers/def_data.c:275
+msgid "Environment variables to preserve:"
+msgstr "Erhalte folgende Umgebungsvariablen:"
+
+#: plugins/sudoers/def_data.c:279
+#, c-format
+msgid "SELinux role to use in the new security context: %s"
+msgstr "Im neuen Security-Kontext von SELinux wird diese Rolle verwendet: %s"
+
+#: plugins/sudoers/def_data.c:283
+#, c-format
+msgid "SELinux type to use in the new security context: %s"
+msgstr "Im neuen Security-Kontext von SELinux wird dieser Typ verwendet: %s"
+
+#: plugins/sudoers/def_data.c:287
+#, c-format
+msgid "Path to the sudo-specific environment file: %s"
+msgstr "Pfad zur sudo-spezifischen »environment«-Datei: %s"
+
+#: plugins/sudoers/def_data.c:291
+#, c-format
+msgid "Locale to use while parsing sudoers: %s"
+msgstr "Beim Parsen der sudoers-Datei wird diese Locale verwendet: %s"
+
+#: plugins/sudoers/def_data.c:295
+msgid "Allow sudo to prompt for a password even if it would be visible"
+msgstr "Erlaube sudo nach einem Passwort zu fragen, auch wenn das Passwort sichtbar wird"
+
+#: plugins/sudoers/def_data.c:299
+msgid "Provide visual feedback at the password prompt when there is user input"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:303
+msgid "Use faster globbing that is less accurate but does not access the filesystem"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:307
+msgid "The umask specified in sudoers will override the user's, even if it is more permissive"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:311
+msgid "Log user's input for the command being run"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:315
+msgid "Log the output of the command being run"
+msgstr ""
+
+# XXX use input/output logs
+#: plugins/sudoers/def_data.c:319
+msgid "Compress I/O logs using zlib"
+msgstr "Komprimiere Ein-/Ausgabe-Logs mittels lib"
+
+#: plugins/sudoers/def_data.c:323
+msgid "Always run commands in a pseudo-tty"
+msgstr "Starte Kommandos immer in einem Pseudo-TTY"
+
+#: plugins/sudoers/def_data.c:327
+#, c-format
+msgid "Plugin for non-Unix group support: %s"
+msgstr "Pluginh für nicht-Unix Gruppen-Unterstützung: %s"
+
+#: plugins/sudoers/def_data.c:331
+#, c-format
+msgid "Directory in which to store input/output logs: %s"
+msgstr "Verzeichnis zur Speicherung der Ein-/Ausgabe-Logs: %s"
+
+#: plugins/sudoers/def_data.c:335
+#, c-format
+msgid "File in which to store the input/output log: %s"
+msgstr "Datei zur Speicherung der Ein-/Ausgabe-Logs: %s"
+
+# XXX pty -> pseudo TTY?
+#: plugins/sudoers/def_data.c:339
+msgid "Add an entry to the utmp/utmpx file when allocating a pty"
+msgstr "Füge einen Eintrag in die utmp/utmpx-Datei ein, wenn ein Pseudo-TTY erzeugt wird"
+
+#: plugins/sudoers/def_data.c:343
+msgid "Set the user in utmp to the runas user, not the invoking user"
+msgstr "Verwende für den Eintrag in der utmp-Datei den runas-Benutzer, nicht den aufrufenden Benutzer"
+
+#: plugins/sudoers/def_data.c:347
+msgid "Set of permitted privileges"
+msgstr "Menge der erlaubten Priviliegien"
+
+# XXX ?
+#: plugins/sudoers/def_data.c:351
+msgid "Set of limit privileges"
+msgstr "Menge der eingeschränkten Privilegien"
+
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Starte Kommandos mit einem Pseudo-TTY im Hintergrund"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Erzeuge eine neue PAM-Sitzung, um das Kommando auszuführen"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Maximale Ein-/Ausgabe-Log Sequenznummer"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
+#, c-format
+msgid "unknown defaults entry `%s'"
+msgstr "unbekannter defaults-Eintrag »%s«"
+
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
+#, c-format
+msgid "value `%s' is invalid for option `%s'"
+msgstr "Der Wert »%s« ist für die Option »%s« ungültig"
+
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
+#, c-format
+msgid "no value specified for `%s'"
+msgstr "Kein Wert für »%s« angegeben"
+
+#: plugins/sudoers/defaults.c:241
+#, c-format
+msgid "values for `%s' must start with a '/'"
+msgstr "Werte für »%s« müssen mit einem »/« beginnen"
+
+#: plugins/sudoers/defaults.c:303
+#, c-format
+msgid "option `%s' does not take a value"
+msgstr "Die Option »%s« wird ohne Wert verwendet"
+
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "interner Fehler, %s Überlauf"
+
+#: plugins/sudoers/env.c:367
+msgid "sudo_putenv: corrupted envp, length mismatch"
+msgstr "sudo_putenv: envp ist korrupt, die Längen passen nicht"
+
+#: plugins/sudoers/env.c:1012
+#, c-format
+msgid "sorry, you are not allowed to set the following environment variables: %s"
+msgstr "Tut mir leid, die folgenden Umgebungsvariablen dürfen nicht gesetzt werden: %s"
+
+#: plugins/sudoers/group_plugin.c:102
+#, c-format
+msgid "%s must be owned by uid %d"
+msgstr "%s muss der uid %d gehören"
+
+#: plugins/sudoers/group_plugin.c:106
+#, c-format
+msgid "%s must only be writable by owner"
+msgstr "%s darf nur für den Eigentümer der Datei schreibbar sein"
+
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
+#, c-format
+msgid "unable to dlopen %s: %s"
+msgstr "dlopen für %s fehlgeschlagen: %s"
+
+#: plugins/sudoers/group_plugin.c:118
+#, c-format
+msgid "unable to find symbol \"group_plugin\" in %s"
+msgstr "kann das Symbol \"group_plugin\" in %s nicht finden"
+
+#: plugins/sudoers/group_plugin.c:123
+#, c-format
+msgid "%s: incompatible group plugin major version %d, expected %d"
+msgstr "%s: Die Major-Version %d des Group-Plugins ist inkompatibel, erwartet wird %d"
+
+#: plugins/sudoers/interfaces.c:119
+msgid "Local IP address and netmask pairs:\n"
+msgstr "Lokale IP-Adresse und Netzmaske:\n"
+
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s existiert, aber ist kein Verzeichnis (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "kann das Verzeichnis »%s« nicht erstellen"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "kann die Datei »%s« nicht öffnen"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
+#, c-format
+msgid "unable to read %s"
+msgstr "kann die Datei »%s« nicht lesen"
+
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
+#, c-format
+msgid "unable to write to %s"
+msgstr "kann die Datei »%s« nicht schreiben"
+
+#: plugins/sudoers/iolog.c:334
+#, c-format
+msgid "unable to create %s"
+msgstr "kann die Datei »%s« nicht erstellen"
+
+#: plugins/sudoers/ldap.c:385
+msgid "sudo_ldap_conf_add_ports: port too large"
+msgstr "sudo_ldap_conf_add_ports: Port ist zu groß"
+
+# XXX ?
+#: plugins/sudoers/ldap.c:408
+msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
+msgstr "sudo_ldap_conf_add_ports: kein Platz zum Erweitern von hostbuf"
+
+#: plugins/sudoers/ldap.c:438
+#, c-format
+msgid "unsupported LDAP uri type: %s"
+msgstr "LDAP uri Typ ist nicht unterstützt: %s"
+
+#: plugins/sudoers/ldap.c:467
+#, c-format
+msgid "invalid uri: %s"
+msgstr "ungültige URI: %s"
+
+#: plugins/sudoers/ldap.c:473
+#, c-format
+msgid "unable to mix ldap and ldaps URIs"
+msgstr "ldap und ldaps URIs können nicht zusammen verwendet werden"
+
+#: plugins/sudoers/ldap.c:477
+#, c-format
+msgid "unable to mix ldaps and starttls"
+msgstr "ldaps und starttls können nicht zusammen verwendet werden"
+
+#: plugins/sudoers/ldap.c:496
+msgid "sudo_ldap_parse_uri: out of space building hostbuf"
+msgstr "sudo_ldap_parse_uri: kein Platz zum Erzeugen von hostbuf"
+
+#: plugins/sudoers/ldap.c:570
+#, c-format
+msgid "unable to initialize SSL cert and key db: %s"
+msgstr "kann die Zertifikat- und Schlüsseldatenbank für SSL nicht initialisieren: %s"
+
+#: plugins/sudoers/ldap.c:573
+#, c-format
+msgid "you must set TLS_CERT in %s to use SSL"
+msgstr "In der Datei »%s« muss »TLS_CERT« angegeben sein um SSL zu nutzen"
+
+#: plugins/sudoers/ldap.c:1062
+#, c-format
+msgid "unable to get GMT time"
+msgstr "kann die GMT-Zeit nicht bekommen"
+
+#: plugins/sudoers/ldap.c:1068
+#, c-format
+msgid "unable to format timestamp"
+msgstr "kann den Zeitstempel nicht formatieren"
+
+# XXX ?
+#: plugins/sudoers/ldap.c:1076
+#, c-format
+msgid "unable to build time filter"
+msgstr "Kann den Filter beim Kompilieren nicht erstellen"
+
+#: plugins/sudoers/ldap.c:1295
+msgid "sudo_ldap_build_pass1 allocation mismatch"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1842
+#, c-format
+msgid ""
+"\n"
+"LDAP Role: %s\n"
+msgstr ""
+"\n"
+"LDAP-Rolle: %s\n"
+
+#: plugins/sudoers/ldap.c:1844
+#, c-format
+msgid ""
+"\n"
+"LDAP Role: UNKNOWN\n"
+msgstr ""
+"\n"
+"LDAP-Rolle: UNBEKANNT\n"
+
+#: plugins/sudoers/ldap.c:1891
+#, c-format
+msgid " Order: %s\n"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
+#, c-format
+msgid " Commands:\n"
+msgstr " Kommandos:\n"
+
+#: plugins/sudoers/ldap.c:2321
+#, c-format
+msgid "unable to initialize LDAP: %s"
+msgstr "Kann LDAP nicht initialisieren: %s"
+
+#: plugins/sudoers/ldap.c:2355
+#, c-format
+msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
+msgstr "start_tls ist angegeben, aber die LDAP-Bibliotheken unterstützen ldap_start_tls_s() und ldap_start_tls_s_np() nicht"
+
+#: plugins/sudoers/ldap.c:2591
+#, c-format
+msgid "invalid sudoOrder attribute: %s"
+msgstr "ungültiges »sudoOrder« Attribut: %s"
+
+#: plugins/sudoers/linux_audit.c:57
+msgid "unable to open audit system"
+msgstr "Kann das Audit-System nicht öffnen"
+
+#: plugins/sudoers/linux_audit.c:93
+#, c-format
+msgid "unable to send audit message"
+msgstr "Kann die Audit-Nachricht nicht senden"
+
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (Kommando fortgesetzt) %s"
+
+#: plugins/sudoers/logging.c:194
+#, c-format
+msgid "unable to open log file: %s: %s"
+msgstr "Kann die Log-Datei nicht öffnen: %s: %s"
+
+#: plugins/sudoers/logging.c:197
+#, c-format
+msgid "unable to lock log file: %s: %s"
+msgstr "Kann die Log-Datei nicht sperren: %s: %s"
+
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Kein Benutzer oder Rechner angegeben"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "Fehler bei der Validierung"
+
+#: plugins/sudoers/logging.c:254
+msgid "user NOT in sudoers"
+msgstr "Der Benutzer ist NICHT in der sudoers"
+
+#: plugins/sudoers/logging.c:256
+msgid "user NOT authorized on host"
+msgstr "Der Benutzer ist NICHT auf dem Rechner authorisiert"
+
+#: plugins/sudoers/logging.c:258
+msgid "command not allowed"
+msgstr "Das Kommando ist nicht erlaubt"
+
+#: plugins/sudoers/logging.c:288
+#, c-format
+msgid "%s is not in the sudoers file. This incident will be reported.\n"
+msgstr "%s ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.\n"
+
+#: plugins/sudoers/logging.c:291
+#, c-format
+msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
+msgstr "%s darf sudo für %s nicht verwenden. Dieser Vorfall wird gemeldet.\n"
+
+#: plugins/sudoers/logging.c:295
+#, c-format
+msgid "Sorry, user %s may not run sudo on %s.\n"
+msgstr "Tut mir leid, der Benutzer %s darf sudo für %s nicht verwenden.\n"
+
+#: plugins/sudoers/logging.c:298
+#, c-format
+msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
+msgstr "Tut mir leid, der Benutzer %s darf '%s%s%s' als %s%s%s auf %s nicht ausführen.\n"
+
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
+#, c-format
+msgid "%s: command not found"
+msgstr "%s: Kommando nicht gefunden"
+
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
+#, c-format
+msgid ""
+"ignoring `%s' found in '.'\n"
+"Use `sudo ./%s' if this is the `%s' you wish to run."
+msgstr ""
+"ignoriere `%s' im aktuellen Verzeichnis ».«\n"
+"Verwende »sudo ./%s«, wenn dies das gewünschte Kommando »%s« ist."
+
+#: plugins/sudoers/logging.c:353
+msgid "authentication failure"
+msgstr "Fehler bei der Authentisierung"
+
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "Ein Passwort ist notwendig"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
+#, c-format
+msgid "%d incorrect password attempt"
+msgid_plural "%d incorrect password attempts"
+msgstr[0] "%d Fehlversuch bei der Passwort-Eingabe"
+msgstr[1] "%d Fehlversuche bei der Passwort-Eingabe"
+
+#: plugins/sudoers/logging.c:566
+msgid "unable to fork"
+msgstr "Fehler bei fork()"
+
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
+#, c-format
+msgid "unable to fork: %m"
+msgstr "Fehler bei fork(): %m"
+
+#: plugins/sudoers/logging.c:619
+#, c-format
+msgid "unable to open pipe: %m"
+msgstr "Kann die Pipe nicht öffnen: %m"
+
+# XXX ?
+#: plugins/sudoers/logging.c:644
+#, c-format
+msgid "unable to dup stdin: %m"
+msgstr "Kann stdin nicht duplizieren"
+
+#: plugins/sudoers/logging.c:680
+#, c-format
+msgid "unable to execute %s: %m"
+msgstr "Kann %s nicht ausführen: %m"
+
+#: plugins/sudoers/logging.c:899
+msgid "internal error: insufficient space for log line"
+msgstr "interner Fehler: unzureichender Platz für die Protokoll-Zeile"
+
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "LDAP uri Typ %d ist nicht unterstützt für %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: Fehler beim Lesen"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "Digest für %s (%s) ist nicht in der %s Form"
+
+#: plugins/sudoers/parse.c:124
+#, c-format
+msgid "parse error in %s near line %d"
+msgstr "Syntax-Fehler in %s bei der Zeile %d"
+
+#: plugins/sudoers/parse.c:127
+#, c-format
+msgid "parse error in %s"
+msgstr "Syntax-Fehler in %s"
+
+#: plugins/sudoers/parse.c:462
+#, c-format
+msgid ""
+"\n"
+"Sudoers entry:\n"
+msgstr ""
+"\n"
+"Sudoers Eintrag:\n"
+
+#: plugins/sudoers/parse.c:463
+#, c-format
+msgid " RunAsUsers: "
+msgstr " RunAsUsers: "
+
+#: plugins/sudoers/parse.c:477
+#, c-format
+msgid " RunAsGroups: "
+msgstr " RunAsGroups: "
+
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Optionen: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "kann %s nicht ausführen"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Sudoers Policy-Plugin Version %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Sudoers-Datei Grammatik-Version %d\n"
+
+#: plugins/sudoers/policy.c:665
+#, c-format
+msgid ""
+"\n"
+"Sudoers path: %s\n"
+msgstr ""
+"\n"
+"Sudoers Pfad: %s\n"
+
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "nsswitch Pfad: %s\n"
+
+#: plugins/sudoers/policy.c:670
+#, c-format
+msgid "ldap.conf path: %s\n"
+msgstr "ldap.conf Pfad: %s\n"
+
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "ldap.secret Pfad: %s\n"
+
+#: plugins/sudoers/pwutil.c:148
+#, c-format
+msgid "unable to cache uid %u, already exists"
+msgstr "kann die uid %u nicht cachen, sie existiert bereits"
+
+#: plugins/sudoers/pwutil.c:190
+#, c-format
+msgid "unable to cache user %s, already exists"
+msgstr "Kann den Benutzer %s nicht in den Cache aufnehmen, er existiert bereits"
+
+#: plugins/sudoers/pwutil.c:386
+#, c-format
+msgid "unable to cache gid %u, already exists"
+msgstr "Kann die gid %u nicht in den Cache aufnehmen, sie existiert bereits"
+
+#: plugins/sudoers/pwutil.c:422
+#, c-format
+msgid "unable to cache group %s, already exists"
+msgstr "Kann die Gruppe %s nicht in den Cache aufnehmen, sie existiert bereits"
+
+#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "Kann die Gruppen-Liste für %s nicht in den Cache aufnehmen, sie existiert bereits"
+
+#: plugins/sudoers/pwutil.c:598
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "Kann die Gruppen für %s nicht parsen"
+
+# XXX ?
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
+msgid "perm stack overflow"
+msgstr "Stack-Überlauf der Permissions"
+
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
+msgid "perm stack underflow"
+msgstr "Stack-Bereichsunterschreitung der Permissions"
+
+# XXX ?
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "Kann nicht zur root GID wechseln"
+
+# XXX ?
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
+msgid "unable to change to runas gid"
+msgstr "Kann nicht zur runas UID wechseln"
+
+# XXX ?
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
+msgid "unable to change to runas uid"
+msgstr "Kann nicht zur runas GID wechseln"
+
+# XXX ?
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
+msgid "unable to change to sudoers gid"
+msgstr "Kann nicht zur sudoers GID wechseln"
+
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
+msgid "too many processes"
+msgstr "Zu viele Prozesse"
+
+# XXX vector?
+#: plugins/sudoers/set_perms.c:1583
+msgid "unable to set runas group vector"
+msgstr "Kann die runas Gruppen nicht setzen"
+
+#: plugins/sudoers/sssd.c:257
+#, c-format
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "Kann die SSS_Quelle nicht initialisieren. Ist SSSD auf dem Rechner installiert?"
+
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
+#, c-format
+msgid "unable to find symbol \"%s\" in %s"
+msgstr "Kann das Symbol »%s« nicht in %s finden"
+
+#: plugins/sudoers/sudo_nss.c:283
+#, c-format
+msgid "Matching Defaults entries for %s on this host:\n"
+msgstr "Passende Defaults-Einträge für %s auf diesem Rechner:\n"
+
+#: plugins/sudoers/sudo_nss.c:296
+#, c-format
+msgid "Runas and Command-specific defaults for %s:\n"
+msgstr ""
+
+#: plugins/sudoers/sudo_nss.c:309
+#, c-format
+msgid "User %s may run the following commands on this host:\n"
+msgstr ""
+"Der Benutzer %s darf die folgenden Kommandos auf diesem Rechner\n"
+"ausführen:\n"
+
+#: plugins/sudoers/sudo_nss.c:318
+#, c-format
+msgid "User %s is not allowed to run sudo on %s.\n"
+msgstr "Der Benutzer %s darf sudo auf dem Rechner %s nicht ausführen.\n"
+
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
+msgid "problem with defaults entries"
+msgstr "Problem mit den Standard-Einträgen"
+
+#: plugins/sudoers/sudoers.c:165
+#, c-format
+msgid "no valid sudoers sources found, quitting"
+msgstr "Keine gültige sudoers-Quelle gefunden, Programmende"
+
+#: plugins/sudoers/sudoers.c:227
+#, c-format
+msgid "sudoers specifies that root is not allowed to sudo"
+msgstr "sudoers gibt an, dass root sudo nicht verwenden darf"
+
+#: plugins/sudoers/sudoers.c:234
+#, c-format
+msgid "you are not permitted to use the -C option"
+msgstr "Sie dürfen die -C Option nicht verwenden"
+
+#: plugins/sudoers/sudoers.c:315
+#, c-format
+msgid "timestamp owner (%s): No such user"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:329
+msgid "no tty"
+msgstr "Kein tty"
+
+#: plugins/sudoers/sudoers.c:330
+#, c-format
+msgid "sorry, you must have a tty to run sudo"
+msgstr "Uh, Sie müssen ein TTY haben, um sudo zu verwenden"
+
+# XXX ?
+#: plugins/sudoers/sudoers.c:378
+msgid "command in current directory"
+msgstr "Kommando ist im aktuellen Verzeichnis"
+
+#: plugins/sudoers/sudoers.c:395
+#, c-format
+msgid "sorry, you are not allowed to preserve the environment"
+msgstr "Uh, Sie dürfen das Environment nicht erhalten"
+
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:726
+#, c-format
+msgid "%s is not a regular file"
+msgstr "%s ist keine reguläre Datei"
+
+#: plugins/sudoers/sudoers.c:729 toke.l:913
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:733 toke.l:920
+#, c-format
+msgid "%s is world writable"
+msgstr "%s ist für alle beschreibbar (world writable)"
+
+#: plugins/sudoers/sudoers.c:736 toke.l:925
+#, c-format
+msgid "%s is owned by gid %u, should be %u"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:763
+#, c-format
+msgid "only root can use `-c %s'"
+msgstr "Nur root kann »-c %s« verwenden"
+
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
+#, c-format
+msgid "unknown login class: %s"
+msgstr "unbekannte Login-Klasse: %s"
+
+#: plugins/sudoers/sudoers.c:814
+#, c-format
+msgid "unable to resolve host %s"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
+#, c-format
+msgid "unknown group: %s"
+msgstr "unbekannte Gruppe: %s"
+
+#: plugins/sudoers/sudoreplay.c:292
+#, c-format
+msgid "invalid filter option: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:305
+#, c-format
+msgid "invalid max wait: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:311
+#, c-format
+msgid "invalid speed factor: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
+#, c-format
+msgid "%s version %s\n"
+msgstr "%s Version %s\n"
+
+#: plugins/sudoers/sudoreplay.c:339
+#, c-format
+msgid "%s/%.2s/%.2s/%.2s/timing: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:345
+#, c-format
+msgid "%s/%s/timing: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:363
+#, c-format
+msgid "Replaying sudo session: %s\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:369
+#, c-format
+msgid "Warning: your terminal is too small to properly replay the log.\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:370
+#, c-format
+msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:400
+msgid "unable to set tty to raw mode"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:416
+#, c-format
+msgid "invalid timing file line: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:499
+msgid "writing to standard output"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
+#, c-format
+msgid "ambiguous expression \"%s\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:683
+#, c-format
+msgid "too many parenthesized expressions, max %d"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:694
+msgid "unmatched ')' in expression"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:700
+#, c-format
+msgid "unknown search term \"%s\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:714
+#, c-format
+msgid "%s requires an argument"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
+#, c-format
+msgid "invalid regular expression: %s"
+msgstr "ungültiger regulärer Ausdruck: %s"
+
+#: plugins/sudoers/sudoreplay.c:724
+#, c-format
+msgid "could not parse date \"%s\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:737
+msgid "unmatched '(' in expression"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:739
+msgid "illegal trailing \"or\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:741
+msgid "illegal trailing \"!\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1182
+#, c-format
+msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1185
+#, c-format
+msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1194
+#, c-format
+msgid ""
+"%s - replay sudo session logs\n"
+"\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1196
+msgid ""
+"\n"
+"Options:\n"
+" -d directory specify directory for session logs\n"
+" -f filter specify which I/O type to display\n"
+" -h display help message and exit\n"
+" -l [expression] list available session IDs that match expression\n"
+" -m max_wait max number of seconds to wait between events\n"
+" -s speed_factor speed up or slow down output\n"
+" -V display version information and exit"
+msgstr ""
+
+#: plugins/sudoers/testsudoers.c:328
+msgid "\thost unmatched"
+msgstr ""
+
+#: plugins/sudoers/testsudoers.c:331
+msgid ""
+"\n"
+"Command allowed"
+msgstr ""
+"\n"
+"Kommando erlaubt"
+
+#: plugins/sudoers/testsudoers.c:332
+msgid ""
+"\n"
+"Command denied"
+msgstr ""
+"\n"
+"Kommando verweigert"
+
+#: plugins/sudoers/testsudoers.c:332
+msgid ""
+"\n"
+"Command unmatched"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr ""
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
+msgid "fill_args: buffer overflow"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:180
+#, c-format
+msgid "%s grammar version %d\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
+#, c-format
+msgid "press return to edit %s: "
+msgstr ""
+
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
+msgid "write error"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:414
+#, c-format
+msgid "unable to stat temporary file (%s), %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:419
+#, c-format
+msgid "zero length temporary file (%s), %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:425
+#, c-format
+msgid "editor (%s) failed, %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:448
+#, c-format
+msgid "%s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:477
+#, c-format
+msgid "unable to re-open temporary file (%s), %s unchanged."
+msgstr ""
+
+#: plugins/sudoers/visudo.c:487
+#, c-format
+msgid "unabled to parse temporary file (%s), unknown error"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:526
+#, c-format
+msgid "internal error, unable to find %s in list!"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
+#, c-format
+msgid "unable to set (uid, gid) of %s to (%u, %u)"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
+#, c-format
+msgid "unable to change mode of %s to 0%o"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:609
+#, c-format
+msgid "%s and %s not on the same file system, using mv to rename"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:623
+#, c-format
+msgid "command failed: '%s %s %s', %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:633
+#, c-format
+msgid "error renaming %s, %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:695
+msgid "What now? "
+msgstr ""
+
+#: plugins/sudoers/visudo.c:709
+msgid ""
+"Options are:\n"
+" (e)dit sudoers file again\n"
+" e(x)it without saving changes to sudoers file\n"
+" (Q)uit and save changes to sudoers file (DANGER!)\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:757
+#, c-format
+msgid "unable to run %s"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:783
+#, c-format
+msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:790
+#, c-format
+msgid "%s: bad permissions, should be mode 0%o\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:815
+#, c-format
+msgid "failed to parse %s file, unknown error"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:831
+#, c-format
+msgid "parse error in %s near line %d\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:834
+#, c-format
+msgid "parse error in %s\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
+#, c-format
+msgid "%s: parsed OK\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:893
+#, c-format
+msgid "%s busy, try again later"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:937
+#, c-format
+msgid "specified editor (%s) doesn't exist"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:960
+#, c-format
+msgid "unable to stat editor (%s)"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1008
+#, c-format
+msgid "no editor found (editor path = %s)"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1100
+#, c-format
+msgid "Error: cycle in %s_Alias `%s'"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1101
+#, c-format
+msgid "Warning: cycle in %s_Alias `%s'"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1104
+#, c-format
+msgid "Error: %s_Alias `%s' referenced but not defined"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1105
+#, c-format
+msgid "Warning: %s_Alias `%s' referenced but not defined"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1240
+#, c-format
+msgid "%s: unused %s_Alias %s"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1302
+#, c-format
+msgid ""
+"%s - safely edit the sudoers file\n"
+"\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1304
+msgid ""
+"\n"
+"Options:\n"
+" -c check-only mode\n"
+" -f sudoers specify sudoers file location\n"
+" -h display help message and exit\n"
+" -q less verbose (quiet) syntax error messages\n"
+" -s strict syntax checking\n"
+" -V display version information and exit"
+msgstr ""
+"\n"
+"Optionen:\n"
+" -c nur den Prüf-Modus verwenden\n"
+" -f sudoers gibt den Namen der sudoers Datei an\n"
+" -h diese Hilfe anzeigen und beenden\n"
+" -q weniger ausführliche Syntaxfehler-Meldungen\n"
+" -s strikte Syntax-Prüfung\n"
+" -V Versionsinformation anzeigen und beenden"
+
+#: toke.l:886
+msgid "too many levels of includes"
+msgstr "Zu viele geschachtelte include Einträge"
+
+#~ msgid "getaudit: failed"
+#~ msgstr "getaudit: fehlgeschlagen"
+
+#~ msgid "getauid: failed"
+#~ msgstr "getauid: fehlgeschlagen"
+
+#~ msgid "au_open: failed"
+#~ msgstr "au_open: fehlgeschlagen"
+
+#~ msgid "au_to_subject: failed"
+#~ msgstr "au_to_subject: fehlgeschlagen"
+
+#~ msgid "au_to_exec_args: failed"
+#~ msgstr "au_to_exec_args: fehlgeschlagen"
+
+#~ msgid "au_to_return32: failed"
+#~ msgstr "au_to_return32: fehlgeschlagen"
+
+#~ msgid "au_to_text: failed"
+#~ msgstr "au_to_text: fehlgeschlagen"
# Esperanto translations for sudo package.
# This file is put in the public domain.
-# Keith Bowes <zooplah@gmail.com>, 2012.
+# Felipe Castro <fefcas@gmail.com>, 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b3\n"
+"Project-Id-Version: sudoers 1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-07-11 16:27-0400\n"
-"PO-Revision-Date: 2012-07-31 01:59-0400\n"
-"Last-Translator: Keith Bowes <zooplah@gmail.com>\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-20 19:48-0300\n"
+"Last-Translator: Felipe Castro <fefcas@gmail.com>\n"
"Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
"Language: eo\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: gram.y:110
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s apud linio %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Pasvorto:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** SEKURECO: informoj por %h ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Malĝuste. Reprovu."
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Kromnomo '%s' jam ekzistas"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "ne eblas akiri ensalutan klason por uzanto %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
-msgstr "ne eblas komenci bsd-konstatadn"
+msgstr "ne eblas komenci bsd-aŭtentikigon"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
-msgstr "nevalida konstata tipo"
+msgstr "nevalida aŭtentikiga tipo"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
-msgstr "ne eblas starigi konstatadon"
+msgstr "ne eblas starigi aŭtentikigon"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "ne eblas legi fwtk-agordon"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
-msgstr "ne eblas konektiĝi al konstatanta servilo"
+msgstr "ne eblas konektiĝi al aŭtentikiga servilo"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
-msgstr "konekto al konstatanta servilo perdita"
+msgstr "konekto al aŭtentikiga servilo perdita"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"%s"
msgstr ""
-"eraro de konstatanta servilo:\n"
+"eraro de aŭtentikiga servilo:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s ne eblas analizi princ-on ('%s'): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s ne eblas konverti ĉefon al ĉeno ('%s'): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: ne eblas analizi: '%s': %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
msgstr "%s: ne eblas trovi ccache-on: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: ne eblas generi elektojn: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: ne eblas akiri atestilojn: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: ne eblas iniciati ccache-on: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: ne eblas ekigi atestilan kaŝmemoron: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: ne eblas konservi atestilon en ccache: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: ne eblas konservi atestilon en kaŝmemoro: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
-msgstr "%s: ne eblas atingi ĉefgastiganto: %s"
+msgstr "%s: ne eblas atingi gastiganton ĉefan: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
-msgstr "%s: Ne eblas konstati TGT-on! Ebla atako!: %s"
+msgstr "%s: Ne eblas kontroli TGT! Ebla atako!: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
-msgstr "ne eblas iniciati PAM-on"
+msgstr "ne eblas ekigi PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "malsukceso ĉe konta validigo, ĉu via konto estas ŝlosita?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "Konto aŭ pasvorto eksvalidiĝis, restarigu vian pasvorton kaj reprovu"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "ne eblas ŝanĝi eksvalidan pasvorton: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Pasvorto eksvalidiĝis, kontaktu vian sistemestron"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Konto eksvalidiĝis aŭ PAM-agordon malhavas sekcion \"account\" por sudo, kontaktu vian sistemestron"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
+msgid "PAM authentication error: %s"
+msgstr "eraro de aŭtentikiga servilo: %s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Pasvorto: "
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Pasvorto:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "ne eblas establi atestilojn: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "vi ne ekzistas en la datumbazo %s"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
-msgstr "malsukcesis iniciati la bibliotekon de la API ACE"
+msgstr "malsukcesis ekigi la bibliotekon de la API ACE"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "ne eblas kontakti la servilon de SecurID"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
-msgstr "Uzanto identigilo ŝlosita pro konstatado en SecurID"
+msgstr "Uzanto-identigilo ŝlosita pro Aŭtentikigo SecurID"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "nevalida salutnoma longo por SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
-msgstr "nevalida konstatilo por SecurID"
+msgstr "nevalida Aŭtentikiga Traktilo por SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "Komunikiĝo kun SecurID malsukcesis"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "nekonata SecurID-eraro"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "nevalida paskoda longo por SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
-msgstr "ne eblas iniciati SIA-seascon"
+msgstr "ne eblas ekigi SIA-seascon"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "Nevalidaj konstatantaj metodoj muntitaj en sudo! Vi rajtas miksi dependan kaj sendependan konstatadon."
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "nevalidaj aŭtentikigaj metodoj"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Nevalidaj aŭtentikigaj metodoj kompilitaj en sudo! Vi ne rajtas miksi dependan kaj sendependan aŭtentikigon."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "neniu aŭtentikiga metodo"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
-msgstr "Ekzistas neniaj konstatantaj metodoj muntitaj en sudo! Se vi volas malŝalti konstatadon, uzu la munta parametro --disable-authentication."
+msgstr "Ekzistas neniaj aŭtentikigaj metodoj kompilitaj en sudo! Se vi volas malŝalti aŭtentikigon, uzu la agordan parametron --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
-msgstr "Konstatantaj metodoj:"
+msgstr "Aŭtentikigaj metodoj:"
#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63
#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116
msgid "Could not determine audit condition"
msgstr "Ne eblis determini revizian kondiĉon"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
+msgid "getauid: failed"
msgstr "getauid: malsukcesis"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187
#, c-format
msgid "au_to_return32: failed"
-msgstr "getaudit: malsukcesis"
+msgstr "au_to_return32: malsukcesis"
#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
#, c-format
msgid "unable to commit audit record"
-msgstr "ne eblis konservi revizian rekordon"
-
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid: malsukcesis"
+msgstr "ne eblis konservi revizian rikordon"
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text: malsukcesis"
-#: plugins/sudoers/check.c:244 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:978 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:815
-#, c-format
-msgid "unable to open %s"
-msgstr "ne eblas malfermi: %s"
-
-#: plugins/sudoers/check.c:248 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "ne eblas skribi al %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/check.c:501
-#: plugins/sudoers/check.c:551 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "ne eblas mkdir-i: %s"
-
-#: plugins/sudoers/check.c:391
-#, c-format
-msgid "internal error, expand_prompt() overflow"
-msgstr "ena eraro, superfluo en expand_prompt()"
-
-#: plugins/sudoers/check.c:451
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "tempo-indikila pado tro longa: %s"
-
-#: plugins/sudoers/check.c:480 plugins/sudoers/check.c:524
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s ekzistas sed ne dosierujo (0%o)"
-
-#: plugins/sudoers/check.c:483 plugins/sudoers/check.c:527
-#: plugins/sudoers/check.c:572
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s estas estrita de uid %u, devas esti uid %u"
-
-#: plugins/sudoers/check.c:488 plugins/sudoers/check.c:532
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0700"
-
-#: plugins/sudoers/check.c:496 plugins/sudoers/check.c:540
-#: plugins/sudoers/check.c:608 plugins/sudoers/sudoers.c:993
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:581
-#, c-format
-msgid "unable to stat %s"
-msgstr "ne eblas stat-i: %s"
-
-#: plugins/sudoers/check.c:566
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s ekzistas sed ne estas normala dosiero (0%o)"
-
-#: plugins/sudoers/check.c:578
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0600"
-
-#: plugins/sudoers/check.c:632
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "tempo-indikilo tro estonte: %20.20s"
-
-#: plugins/sudoers/check.c:679
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "ne eblas forigi: %s (%s); restarigos al la epoko"
-
-#: plugins/sudoers/check.c:687
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "ne eblas restarigi al la epoko: %s"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Ni fidas, ke vi ricevis la kutiman prelegon fare de la sistemestro.\n"
+"Resume memoru la jenajn:\n"
+"\n"
+" #1) Estimu la privatecon de aliaj.\n"
+" #2) Pensu antaŭ ol tajpi.\n"
+" #3) Granda povo devigas grandan responson.\n"
+"\n"
-#: plugins/sudoers/check.c:747 plugins/sudoers/check.c:753
-#: plugins/sudoers/sudoers.c:841 plugins/sudoers/sudoers.c:845
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "nekonata uid: %u"
-#: plugins/sudoers/check.c:750 plugins/sudoers/sudoers.c:782
-#: plugins/sudoers/sudoers.c:1110 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "nekonata uzanto: %s"
#: plugins/sudoers/def_data.c:31
#, c-format
msgid "Syslog priority to use when user authenticates successfully: %s"
-msgstr "Syslog-prioritato por uzi, kiam uzanta sukcese konstatas: %s"
+msgstr "Syslog-prioritato por uzi, kiam uzanto sukcese aŭtentikiĝas: %s"
#: plugins/sudoers/def_data.c:35
#, c-format
msgid "Syslog priority to use when user authenticates unsuccessfully: %s"
-msgstr "Syslog-prioritato por uzi kiam uzanto malsukcese konstatas: %s"
+msgstr "Syslog-prioritato por uzi kiam uzanto malsukcese aŭtentikigas: %s"
#: plugins/sudoers/def_data.c:39
msgid "Put OTP prompt on its own line"
#: plugins/sudoers/def_data.c:51
msgid "Send mail if user authentication fails"
-msgstr "Sendi retmesaĝon se uzanto-konstato malsukcesas"
+msgstr "Sendi retmesaĝon se uzanto-aŭtentikiĝo malsukcesas"
#: plugins/sudoers/def_data.c:55
msgid "Send mail if the user is not in sudoers"
#: plugins/sudoers/def_data.c:79
msgid "Require users to authenticate by default"
-msgstr "Postulas, ke uzantoj konstatas aŭtomate"
+msgstr "Postulas, ke uzantoj aŭtentikiĝu aŭtomate"
#: plugins/sudoers/def_data.c:83
msgid "Root may run sudo"
#: plugins/sudoers/def_data.c:151
msgid "Don't initialize the group vector to that of the target user"
-msgstr "Ne iniciati la grupon vektoron al tio de la cela uzanto"
+msgstr "Ne ekigi la grupon vektoron al tio de la cela uzanto"
#: plugins/sudoers/def_data.c:155
#, c-format
#: plugins/sudoers/def_data.c:159
#, c-format
msgid "Authentication timestamp timeout: %.1f minutes"
-msgstr "Eksvalidiĝo de la konstata tempo-indikilo: %.1f minutoj"
+msgstr "Eksvalidiĝo de la aŭtentikiga tempo-indikilo: %.1f minutoj"
#: plugins/sudoers/def_data.c:163
#, c-format
#: plugins/sudoers/def_data.c:203
#, c-format
msgid "Path to authentication timestamp dir: %s"
-msgstr "Pado al dosierujo de konstata tempostampo: %s"
+msgstr "Pado al dosierujo de aŭtentikiga tempostampo: %s"
#: plugins/sudoers/def_data.c:207
#, c-format
msgid "Owner of the authentication timestamp dir: %s"
-msgstr "Estro de la dosierujo de konstata tempostampo: %s"
+msgstr "Estro de la dosierujo de aŭtentikiga tempostampo: %s"
#: plugins/sudoers/def_data.c:211
#, c-format
#: plugins/sudoers/def_data.c:307
msgid "The umask specified in sudoers will override the user's, even if it is more permissive"
-msgstr "La umask specifa en sudors superregos tio de la uzanto, eĉ se ĝi estas pli permesema."
+msgstr "La umask specifa en sudors superregos tio de la uzanto, eĉ se ĝi estas pli permesema"
#: plugins/sudoers/def_data.c:311
msgid "Log user's input for the command being run"
#: plugins/sudoers/def_data.c:319
msgid "Compress I/O logs using zlib"
-msgstr "Kunpremi eneligaj protokoloj per zlib"
+msgstr "Kunpremi eneligaj protokoloj per zlib"
#: plugins/sudoers/def_data.c:323
msgid "Always run commands in a pseudo-tty"
msgid "Set the user in utmp to the runas user, not the invoking user"
msgstr "Valorizi uzanton en utmp al la plenumigkiela uzanto, ne la vokanta uzanto"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:347
+msgid "Set of permitted privileges"
+msgstr "Aro da permesitaj privilegioj"
+
+#: plugins/sudoers/def_data.c:351
+msgid "Set of limit privileges"
+msgstr "Aro da limigaj privilegioj"
+
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Plenumigi komandojn en pty en la fono"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Krei novan PAM-seancon en kiu la komando plenumiĝos"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "maksimuma sinsekva numero de la eneliga protokolo"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "nekonata ero '%s' en defaults"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "valoro '%s' estas nevalida por parametro '%s'"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "neniu valoro specifita por '%s'"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "Valoroj por '%s' devas komenciĝi per '/'"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "parametro '%s' ne povas havi valoron"
-#: plugins/sudoers/env.c:339
-#, c-format
-msgid "sudo_putenv: corrupted envp, length mismatch"
-msgstr "sudo_putenv: medio tro granda"
-
-#: plugins/sudoers/env.c:341 plugins/sudoers/env.c:411
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:682 toke.l:812 toke.l:872 toke.l:968
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
#, c-format
-msgid "unable to allocate memory"
-msgstr "ne eblas generi memoron"
+msgid "internal error, %s overflow"
+msgstr "interna eraro, superfluo en %s"
-#: plugins/sudoers/env.c:366
+#: plugins/sudoers/env.c:367
#, c-format
-msgid "internal error, sudo_setenv2() overflow"
-msgstr "ena eraro, superfluo en sudo_setenv2()"
-
-#: plugins/sudoers/env.c:410
-#, c-format
-msgid "internal error, sudo_setenv() overflow"
-msgstr "ena eraro, superfluo en sudo_setenv()"
+msgid "sudo_putenv: corrupted envp, length mismatch"
+msgstr "sudo_putenv: medio tro granda"
-#: plugins/sudoers/env.c:955
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "bedaŭre vi ne estas permesata valorizi la jenajn medivariablojn: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:935 toke.l:678 toke.l:868
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s devas esti estrata de uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s devas esti skribebla nur de estro"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "ne eblas dlopen: %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "ne eblas trovi simbolon \"group_plugin\" en %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: nekongrua grupa kromprogramo: ĉefa eldono %d, atendita %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Loka IP-adresa kaj retmaska paroj:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:981
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s ekzistas sed ne dosierujo (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "ne eblas mkdir-i: %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "ne eblas malfermi: %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "ne eblas legi %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "nevalida sinsekva numero %s"
+msgid "unable to write to %s"
+msgstr "ne eblas skribi al %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "ne eblas krei: %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:378
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "ne eblas elekti lokaĵaron \"%s\", uzanta lokaĵaron \"C\""
-
-#: plugins/sudoers/ldap.c:389
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: pordo tro granda"
-#: plugins/sudoers/ldap.c:412
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: eluzis spacon etendanta la bufron"
-#: plugins/sudoers/ldap.c:442
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "nekonata retadresa tipo de LDAP: %s"
-#: plugins/sudoers/ldap.c:471
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "nevalida retadreso: %s"
-#: plugins/sudoers/ldap.c:477
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "ne eblas miksi sekurajn kaj nesekurajn retadresojn de LDAP"
-#: plugins/sudoers/ldap.c:481
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "ne eblas miksi protokolojn ldaps kaj starttls"
-#: plugins/sudoers/ldap.c:500
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: eluzis spacon muntanta la bufron"
-#: plugins/sudoers/ldap.c:574
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
-msgstr "ne eblas iniciati SSL-asertilon kaj ŝlosilan datumbazon: %s"
+msgstr "ne eblas ekigi SSL-asertilon kaj ŝlosilan datumbazon: %s"
-#: plugins/sudoers/ldap.c:577
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "TLS_CERT devas havi valoron en %s antaŭ ol SSL uzeblos"
-#: plugins/sudoers/ldap.c:994
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "ne eblas atingi GMT-tempon"
-#: plugins/sudoers/ldap.c:1000
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "ne eblas aranĝi tempostampon"
-#: plugins/sudoers/ldap.c:1008
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "ne eblas munti tempan filtrilon"
-#: plugins/sudoers/ldap.c:1223
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1: genra malkongruaĵo"
-#: plugins/sudoers/ldap.c:1759
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"LDAP-rolo: %s\n"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"LDAP-rolo: NEKONATA\n"
-#: plugins/sudoers/ldap.c:1808
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Ordo: %s\n"
-#: plugins/sudoers/ldap.c:1816
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Komandoj:\n"
-#: plugins/sudoers/ldap.c:2238
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
-msgstr "ne eblas iniciati LDAP-on: %s"
+msgstr "ne eblas ekigi LDAP-on: %s"
-#: plugins/sudoers/ldap.c:2272
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls specifita sed LDAP-bibliotekoj ne havas la funkciojn ldap_start_tls_s() kaj ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2508
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "nevalida atributo de sudoOrdo: %s"
msgid "unable to open audit system"
msgstr "ne eblas malfermi revizian sistemon"
-#: plugins/sudoers/linux_audit.c:82
-#, c-format
-msgid "internal error, linux_audit_command() overflow"
-msgstr "ena eraro, superfluo en linux_audit_command()"
-
-#: plugins/sudoers/linux_audit.c:91
+#: plugins/sudoers/linux_audit.c:93
#, c-format
msgid "unable to send audit message"
msgstr "ne eblas sendi revizian mesaĝon"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s: %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s: (komando ne trovita) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "ne eblas malfermi protokolon: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "ne eblas ŝlosi protokolon: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Neniu uzanto aŭ gastiganto"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "validiga malsukceso"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "uzanto NE estas en sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "uzanto NE permesata en gastiganto"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "komando ne permesata"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s ne estas en la dosiero sudoers. Ĉi tiu estos raportita.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
-msgstr "%s estas ne permesata plenumigi sudo-on en %s. Ĉi tio estos raportita\n"
+msgstr "%s ne estas permesata plenumigi sudo-on en %s. Ĉi tio estos raportita.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
-msgstr "Bedaŭre uzanto %s ne rajtas plenumigi sudo-on en %s.\n"
+msgstr "Bedaŭre uzanto %s ne rajtas plenumigi sudo-on en %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Bedaŭre uzanto %s ne rajtas plenumigi '%s%s%s'-on kiel %s%s%s en %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Neniu uzanto aŭ gastiganto"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "validiga malsukceso"
-
-#: plugins/sudoers/logging.c:334 plugins/sudoers/sudoers.c:498
-#: plugins/sudoers/sudoers.c:499 plugins/sudoers/sudoers.c:1517
-#: plugins/sudoers/sudoers.c:1518
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: komando ne trovita"
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:495
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"Ignoranta '%s'-on trovita en '.'\n"
"Uzu 'sudo ./%s'-on se tio estas la '%s', kiun vi volas plenumigi."
-#: plugins/sudoers/logging.c:350
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "aŭtentiga malsukceso"
-#: plugins/sudoers/logging.c:374
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "pasvorto estas bezonata"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] "%d malĝusta pasvorta provo"
msgstr[1] "%d malĝustaj pasvortaj provoj"
-#: plugins/sudoers/logging.c:377
-msgid "a password is required"
-msgstr "pasvorto estas bezonata"
-
-#: plugins/sudoers/logging.c:528
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "ne eblas forki"
-#: plugins/sudoers/logging.c:535 plugins/sudoers/logging.c:597
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "ne eblas forki: %m"
-#: plugins/sudoers/logging.c:587
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "ne eblas malfermi tubon: %m"
-#: plugins/sudoers/logging.c:612
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "ne eblas kopii enigon: %m"
-#: plugins/sudoers/logging.c:648
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "ne eblas plenumigi %s-on: %m"
-#: plugins/sudoers/logging.c:863
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
-msgstr "ena eraro: nesufiĉa spaco por protokola linio"
+msgstr "interna eraro: nesufiĉa spaco por protokola linio"
+
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "nekonata resuma tipo %d por %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: lega eraro"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "resumo por %s (%s) ne estas laŭ la formo %s"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "analiza eraro en %s proksime al linio %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "analiza eraro en %s"
-#: plugins/sudoers/parse.c:389
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Ero en sudoers:\n"
-#: plugins/sudoers/parse.c:391
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " RunAsUsers: "
-#: plugins/sudoers/parse.c:406
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " RunAsGroups: "
-#: plugins/sudoers/parse.c:415
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Elektoj: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "ne eblas plenumigi: %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Eldono %s de la konduta kromprogramo\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Eldono %d de la gramatikilo de sudoers\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Komandoj:\n"
-"\t"
+"\n"
+"Pado de sudoers: %s\n"
+
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "pado de nsswitch: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:670
+#, c-format
+msgid "ldap.conf path: %s\n"
+msgstr "pado de ldap.conf: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:671
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "ne eblas konservi uid-on %u (%s), jam ekzistas"
+msgid "ldap.secret path: %s\n"
+msgstr "pado de ldap.secret: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "ne eblas konservi uid-on %u, jam ekzistas"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "ne eblas konservi uzanton %s, jam ekzistas"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "ne eblas konservi gid-on %u (%s), jam ekzistas"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "ne eblas konservi gid-on %u, jam ekzistas"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "ne eblas konservi grupon %s, jam ekzistas"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "ne eblas konservi grupan liston por %s, jam ekzistas"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "ne eblas trakti grupon en %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "permeso-staka superfluo"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "permeso-staka subfluo"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "ne eblas ŝanĝi al radika gid"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "ne eblas ŝanĝi al plenumigkiela gid"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "ne eblas ŝanĝi al plenumigkiela uid"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "ne eblas ŝanĝi al gid de sudo-redaktantoj"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "tro da procezoj"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "ne eblas elekti vektoron de plenumigkiela grupo"
-#: plugins/sudoers/sudo_nss.c:243
+#: plugins/sudoers/sssd.c:257
+#, c-format
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "ne eblas ekigi SSS-fonton. Ĉu SSSD estas instalita en via maŝino?"
+
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
+#, c-format
+msgid "unable to find symbol \"%s\" in %s"
+msgstr "ne eblas trovi simbolon \"%s\" en %s"
+
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Kongruantaj eroj de Defaults: %s en ĉi tiu gastiganto:\n"
-#: plugins/sudoers/sudo_nss.c:256
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Plenumigkiela komando-specifaj aŭtomataĵoj por %s:\n"
-#: plugins/sudoers/sudo_nss.c:269
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Uzanto %s rajtas plenumigi la jenajn komandojn en ĉi tiu gastiganto:\n"
-#: plugins/sudoers/sudo_nss.c:278
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Uzanto %s ne rajtas plenumigi sudo-on en %s.\n"
-#: plugins/sudoers/sudoers.c:208 plugins/sudoers/sudoers.c:239
-#: plugins/sudoers/sudoers.c:943
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "problemoj kun aŭtomataj eroj"
-#: plugins/sudoers/sudoers.c:212
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "ne validaj fontotekstoj de sudoers trovita, ĉesiganta"
-#: plugins/sudoers/sudoers.c:264
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "ne eblas plenumigi %s-on: %s"
-
-#: plugins/sudoers/sudoers.c:331
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers specifas, ke ĉefuzanto ne rajtas sudo-i"
-#: plugins/sudoers/sudoers.c:338
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "vi ne rajtas uzi la parametron -C"
-#: plugins/sudoers/sudoers.c:427
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
-msgstr "posedanto de tempindiko estas %s -- sed tiu uzanto ne ekzistas"
+msgstr "tempindika posedanto (%s): neniu tia uzanto"
-#: plugins/sudoers/sudoers.c:443
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "neniu tty"
-#: plugins/sudoers/sudoers.c:444
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "bedaŭre vi devas havi tty-on por plenumigi sudo-on"
-#: plugins/sudoers/sudoers.c:494
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "komando en nuna dosierujo"
-#: plugins/sudoers/sudoers.c:506
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "bedaŭre vi ne rajtas konservi la medion"
-#: plugins/sudoers/sudoers.c:666 plugins/sudoers/sudoers.c:673
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
#, c-format
-msgid "internal error, runas_groups overflow"
-msgstr "ena eraro, runas_groups superfluo"
-
-#: plugins/sudoers/sudoers.c:926
-#, c-format
-msgid "internal error, set_cmnd() overflow"
-msgstr "ena eraro, superfluo en set_cmnd()"
+msgid "unable to stat %s"
+msgstr "ne eblas stat-i: %s"
-#: plugins/sudoers/sudoers.c:996
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s ne estas normala dosiero"
-#: plugins/sudoers/sudoers.c:999 toke.l:831
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s estas estrita de uid %u, devas esti %u"
-#: plugins/sudoers/sudoers.c:1003 toke.l:838
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s estas skribebla de ĉiuj"
-#: plugins/sudoers/sudoers.c:1006 toke.l:843
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s estas estrita de gid %u, devas esti %u"
-#: plugins/sudoers/sudoers.c:1033
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "nur ĉefuzanto rajtas uzi '-c %s'"
-#: plugins/sudoers/sudoers.c:1050 plugins/sudoers/sudoers.c:1052
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "nekonata ensaluta klaso: %s"
-#: plugins/sudoers/sudoers.c:1079
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "ne eblas trovi gastiganton %s"
-#: plugins/sudoers/sudoers.c:1131 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "nekonata grupo: %s"
-#: plugins/sudoers/sudoers.c:1180
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Eldono %s de la konduta kromprogramo\n"
-
-#: plugins/sudoers/sudoers.c:1182
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Eldono %d de la gramatikilo de sudoers\n"
-
-#: plugins/sudoers/sudoers.c:1186
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Pado de sudoers: %s\n"
-
-#: plugins/sudoers/sudoers.c:1189
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "pado de nsswitch: %s\n"
-
-#: plugins/sudoers/sudoers.c:1191
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "pado de ldap.conf: %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "pado de ldap.secret: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "nevalida filtrila elekto: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "nevalida maksimuma atendo: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "nevalida rapida faktoro: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s eldono %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s tempo-registrado: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/tempo-registrado: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Refaranta sudo-seancon: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Averto: via terminalo estas tro malgranda por konvene reskribi la protokolon.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Protokola grando estas %dx%d, sed via terminala grando estas %dx%d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "ne eblas elekti tty-on en nudan reĝimon"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "nevalida linio en la tempo-registran dosieron: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "skribanta al eligo"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "ambigua esprimo \"%s\""
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "tro da esprimoj en krampoj; maksimumo estas %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "esprimo kun ')' sen samnivela '('"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "nekonata serĉaĵo \"%s\""
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s bezonas parametron"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "nevalida regulesprimo: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "ne eblis analizi daton \"%s\""
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "esprimo kun '(' sen samnivela ')'"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "nevalida posta \"or\""
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "nevalida posta \"!\""
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "nevalida regulesprimo: %s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "uzado: %s [-h] [-d dosierujo] [-m maksimuma_atendo] [-s rapida_faktoro] identigilo\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "uzado: %s [-h] [-d dosierujo] -l [serĉaĵo]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - refari sudo-seancajn protokolojn\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
"Parametroj:\n"
" -d dosierujo specifi dosierujon por seancaj protokoloj\n"
" -f filtrilo specifi kiajn eneligajn tipojn por montri\n"
-" -h montri helpan mesaĝon kaj eliri -l [esprimo] listigi haveblajn seancajn identigilojn, kiuj kongruas kun esprimo\n"
+" -h montri helpan mesaĝon kaj eliri\n"
+" -l [esprimo] listigi haveblajn seancajn identigilojn, kiuj kongruas kun esprimo\n"
" -m [atendo] maksimuma nombro da sekundoj por atendi inter okazoj\n"
" -s [rapido] rapidigi aŭ malrapidigi eligon\n"
" -V eligi eldonan informon kaj eliri"
-#: plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, init_vars() overflow"
-msgstr "ena eraro, superfluo en init_vars()"
-
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\thost sen egalo"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Komando permesata"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Komando rifuzata"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Komando sen egalo"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "tempo-indikila pado tro longa: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s estas estrita de uid %u, devas esti uid %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s ekzistas sed ne estas normala dosiero (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s skribebla de ne-estro (0%o), devas esti reĝimo 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "tempo-indikilo tro estonte: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "ne eblas forigi: %s, restarigos al la epoko"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "ne eblas restarigi al la epoko: %s"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: bufra superfluo"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s gramatika eldono %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:538
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "premu enen-klavon por redakti %s-on: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "skriba eraro"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "ne eblas stat-i provizoron dosieron (%s), %s neŝanĝita"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "nul-longa provizora dosiero (%s), %s neŝanĝita"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "redaktilo (%s) malsukcesis, %s neŝanĝita"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s neŝanĝita"
-#: plugins/sudoers/visudo.c:483
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "ne eblas remalfermi provizoran dosieron (%s), %s neŝanĝita."
-#: plugins/sudoers/visudo.c:493
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "ne eblas analizi provizoran dosieron (%s), nekonata eraro"
-#: plugins/sudoers/visudo.c:531
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
-msgstr "ena eraro, ne eblas trovi '%s'-on en listo!"
+msgstr "interna eraro, ne eblas trovi '%s'-on en listo!"
-#: plugins/sudoers/visudo.c:583 plugins/sudoers/visudo.c:592
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "ne eblas ŝanĝi (uid, gid) de %s al (%u, %u)"
-#: plugins/sudoers/visudo.c:587 plugins/sudoers/visudo.c:597
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "ne eblas ŝanĝi reĝimon de %s al 0%o"
-#: plugins/sudoers/visudo.c:614
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s kaj %s ne estas la sama dosiersistemo, uzanta mv-on por alinomi"
-#: plugins/sudoers/visudo.c:628
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "komando malsukcesis: '%s %s %s', %s neŝanĝita"
-#: plugins/sudoers/visudo.c:638
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "eraro dum alinomi %s-on; %s neŝanĝita"
-#: plugins/sudoers/visudo.c:701
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Kion nun? "
-#: plugins/sudoers/visudo.c:715
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" x) eliri sen konservi ŝanĝojn al sudoers-dosiero\n"
" q) Eliri kaj konservi ŝanĝojn al sudoers-dosiero (DANĜERA!)\n"
-#: plugins/sudoers/visudo.c:756
-#, c-format
-msgid "unable to execute %s"
-msgstr "ne eblas plenumigi: %s"
-
-#: plugins/sudoers/visudo.c:763
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "ne eblas plenumigi: %s"
-#: plugins/sudoers/visudo.c:789
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: malĝusta estro (uid, gid) devas esti (%u, %u)\n"
-#: plugins/sudoers/visudo.c:796
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: misaj permesoj, devas esti reĝimo 0%o\n"
-#: plugins/sudoers/visudo.c:821
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "malsukcesis analizi dosieron %s, nekonata eraro"
-#: plugins/sudoers/visudo.c:834
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "analiza eraro en %s proksime al linio %d\n"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "analiza eraro en %s\n"
-#: plugins/sudoers/visudo.c:844 plugins/sudoers/visudo.c:849
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: analizita senerare\n"
-#: plugins/sudoers/visudo.c:896
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s okupata, reprovu pli malfrue"
-#: plugins/sudoers/visudo.c:940
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "specifita tekstoredaktilo (%s) ne ekzistas"
-#: plugins/sudoers/visudo.c:963
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "ne eblas stat-i tekstoredaktilon (%s)"
-#: plugins/sudoers/visudo.c:1011
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "neniu tekstoredaktilo trovita (pado = %s)"
-#: plugins/sudoers/visudo.c:1105
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Eraro: ciklo en %s_Alias '%s'"
-#: plugins/sudoers/visudo.c:1106
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Averto: ciklo en %s_Alias '%s'"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Eraro: %s_Alias '%s' referinta sed ne difinita"
-#: plugins/sudoers/visudo.c:1110
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Averto: %s_Alias '%s' referinta sed ne difinita"
-#: plugins/sudoers/visudo.c:1245
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s neuzata %s_Alias %s"
-#: plugins/sudoers/visudo.c:1301
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - sekure redakti la dosieron sudoers\n"
"\n"
-#: plugins/sudoers/visudo.c:1303
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -c nur kontroli\n"
" -f sudoers specifi lokon de la dosiero sudoers\n"
" -h montri helpan mesaĝon kaj eliri\n"
-" -q silenta pri sintaksaj eraroj\n"
+" -q pli silenta pri sintaksaj eraroj\n"
" -s malsevera kontrolado de sintakso\n"
" -V montri eldonon kaj eliri"
-#: toke.l:805
+#: toke.l:886
msgid "too many levels of includes"
msgstr "tro da niveloj de inkluzivaĵoj"
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok: %s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate: %s"
+
+#~ msgid "Password: "
+#~ msgstr "Pasvorto: "
+
+#~ msgid "getauid failed"
+#~ msgstr "getauid: malsukcesis"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "ne eblas apliki dlopen: %s: %s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "nevalida regulesprimo: %s"
+
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s: %s apud linio %d <<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "ne eblas generi memoron"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s: %s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "ne eblas elekti lokaĵaron \"%s\", uzanta lokaĵaron \"C\""
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " Komandoj:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "ne eblas konservi uid-on %u (%s), jam ekzistas"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "ne eblas konservi gid-on %u (%s), jam ekzistas"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "ne eblas plenumigi %s-on: %s"
+
+#~ msgid "internal error, expand_prompt() overflow"
+#~ msgstr "interna eraro, superfluo en expand_prompt()"
+
+#~ msgid "internal error, sudo_setenv2() overflow"
+#~ msgstr "interna eraro, superfluo en sudo_setenv2()"
+
+#~ msgid "internal error, sudo_setenv() overflow"
+#~ msgstr "interna eraro, superfluo en sudo_setenv()"
+
+#~ msgid "internal error, linux_audit_command() overflow"
+#~ msgstr "interna eraro, superfluo en linux_audit_command()"
+
+#~ msgid "internal error, runas_groups overflow"
+#~ msgstr "interna eraro, runas_groups superfluo"
+
+#~ msgid "internal error, init_vars() overflow"
+#~ msgstr "interna eraro, superfluo en init_vars()"
+
#~ msgid "invalid log file %s"
#~ msgstr "nevalida protokolo %s"
#~ msgid "set group on %s"
#~ msgstr "elekti grupon en %s"
-#~ msgid "unable to set group on %s"
-#~ msgstr "ne eblas elekti grupon en %s"
-
#~ msgid "unable to fix mode on %s"
#~ msgstr "ne eblas fiksi reĝimon en %s"
# Finnish messages for sudoers.
# This file is put in the public domain.
-# Copyright © 2011, 2012 Free Software Foundation, Inc.
# This file is distributed under the same license as the sudo package.
-# Jorma Karvonen <karvonen.jorma@gmail.com>, 2011-2012.
+# Jorma Karvonen <karvonen.jorma@gmail.com>, 2011-2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b4\n"
+"Project-Id-Version: sudoers 1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-14 09:15+0200\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-20 09:04+0300\n"
"Last-Translator: Jorma Karvonen <karvonen.jorma@gmail.com>\n"
"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
"Language: fi\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s lähellä riviä %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Salasana:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** TURVALLISUUS-tietoja kohteelle %h ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Valitan, yritä uudelleen."
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Alias ”%s” on jo määritelty"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
-msgstr "ei kyetä saamaan kirjautumisluokkaa käyttäjälle %s"
+msgstr "kirjautumisluokan saaminen käyttäjälle %s epäonnistui"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
-msgstr "ei kyetä aloittamaan bsd-todentamista"
+msgstr "bsd-todentamisen aloittaminen epäonnistui"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "virheellinen todennustyyppi"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
-msgstr "ei kyetä asettamaan todentamista"
+msgstr "asetustodentaminen epäonnistui"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
-msgstr "ei kyetä lukemaan fwtk config -asetusta"
+msgstr "fwtk config -asetuksen lukeminen epäonnistui"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
-msgstr "ei kyetä yhdistämään todentamispalvelimelle"
+msgstr "todentamispalvelimelle yhdistäminen epäonnistui"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "kadotettiin yhteys todentamispalvelimelle"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"todentamispalvelinvirhe:\n"
"%s"
-# Sana princ viittaa krb5_principal -määrittelyyn
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s: ei kyetä poistamaan valtuutetun (’%s’) jäsentämistä: %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: valtuutetun (’%s’) muuntaminen merkkijonoksi epäonnistui: %s"
# Ensimmäinen parametri on auth name
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
-msgstr "%s: ei kyetä jäsentämään todentamisnimeä ’%s’: %s"
+msgstr "%s: todentamisnimen ’%s’ jäsentäminen epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s: ei kyetä ratkaisemaan ccache-välimuistia: %s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: valtuustietovälimuistin ratkaiseminen epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
-msgstr "%s: ei kyetä varaamaan valitsimia: %s"
+msgstr "%s: muistin varaaminen valitsimille epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
-msgstr "%s: ei kyetä hakemaan valtuustietoja: %s"
+msgstr "%s: valtuustietojen hakeminen epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: ei kyetä alustamaan ccache-välimuistia: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: valtuustietovälimuistin alustaminen epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: ei kyetä tallentamaan valtuustietoja ccache-välimuistiin: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: valtuustietojen tallentaminen valtuustietovälimuistiin epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
-msgstr "%s: ei kyetä hakemaan tietokoneen valtuutettua: %s"
+msgstr "%s: tietokoneen valtuutetun hakeminen epäonnistui: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
-msgstr "%s: Ei voida todentaa TGT-lippua! Mahdollinen hyökkäys!: %s"
+msgstr "%s: TGT-lipun todentaminen epäonnistui! Mahdollinen hyökkäys!: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
-msgstr "ei kyetä alustamaan PAM:ia"
+msgstr "PAM:in alustaminen epäonnistui"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "tilikelpuutushäiriö, onko tilisi lukittu?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "Tili tai salasana on vanhentunut, nollaa salasanasi tai yritä uudelleen"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "vanhentuneen salasanan vaihtaminen epäonnistui: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Salasana vanhentunut, ota yhteyttä järjestelmän ylläpitäjään"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Tili vanhentunut tai PAM-asetuksista puuttuu ”account”-lohko sudo-komennolle, ota yhteyttä järjestelmän ylläpitäjään"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
+msgid "PAM authentication error: %s"
+msgstr "PAM-todentamisvirhe: %s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Salasana: "
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Salasana:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "valtuustietojen luominen epäonnistui: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "ei ole olemassa %s-tietokannassa"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
-msgstr "epäonnistui ACE API -kirjaston alustamisessa"
+msgstr "ACE API -kirjaston alustaminen epäonnistui"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
-msgstr "ei kyetä ottamaan yhteyttä SecurID-palvelimeen"
+msgstr "yhteyden ottaminen SecurID-palvelimeen epäonnistui"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "Käyttäjätunniste lukittu SecurID-todennukselle"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "virheellinen käyttäjänimipituus kohteelle SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "virheellinen todentamiskäsittelijä kohteelle SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "SecurID-viestintä epäonnistui"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "tuntematon SecurID-virhe"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "virheellinen salasanakoodipituus kohteelle SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
-msgstr "ei kyetä alustamaan SIA-istuntoa"
+msgstr "SIA-istunnon alustaminen epäonnistui"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "Virheellisiä todennusmenetelmiä käännetty sudo-ohjelmaan! Yksittäisiä ja ei-yksittäisiä todennuksia on ehkä sekoitettu keskenään."
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "virheelliset todennusmetodit"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Virheellisiä todennusmenetelmiä käännetty sudo-ohjelmaan! Yksittäisiä ja ei-yksittäisiä todennuksia ei voi sekoittaa keskenään."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "ei todennusmenetelmiä:"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "Sudo-ohjelmaan ei ole käännetty todentamismenelmiä! Jos haluat kääntää pois todentamisen, käytä asetusvalitsinta --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Todennusmenetelmät:"
#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153
#, c-format
msgid "Could not determine audit condition"
-msgstr "Ei voitu määritellä audit-ehtoa"
+msgstr "Audit-ehdon määrittely epäonnistui"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
-msgstr "getauid epäonnistui"
+msgid "getauid: failed"
+msgstr "getauid: epäonnistui"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
#, c-format
#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
#, c-format
msgid "unable to commit audit record"
-msgstr "ei kyetä suorittamaan commit-toimintoa audit-tietueelle"
-
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid: epäonnistui"
+msgstr "commit-toiminnon suorittaminen audit-tietueelle epäonnistui"
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text: epäonnistui"
-# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "ei kyetä avaamaan kohdetta %s"
-
-# Kirjoittamisen kohde voi olla timestamp file tai pathbuf
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "ei kyetä kirjoittamaan kohteeseen %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "ei kyetä suorittamaan käskyä mkdir %s"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "sisäinen virhe, %s-ylivuoto"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "aikaleimapolku on liian pitkä: %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s on uid %u:n omistama, pitäisi olla uid %u:n omistama"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "ei kyetä kutsumaan funktiota stat %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s on olemassa, mutta ei ole tavallinen tiedosto (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "ei kyetä poistamaan %s (%s), nollataan aika"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "ei kyetä nollaamaan %s ajaksi"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Luotamme siihen, että olet vastaanottanut tavallisen luennon paikalliselta Järjestelmä-\n"
+"hallinnoijalta. Se tavallisesti tiivistyy näihin kolmeen asiaan:\n"
+"\n"
+" #1) Kunnioita muiden yksityisyyttä.\n"
+" #2) Ajattele ennen kuin kirjoitat.\n"
+" #3) Suuren voiman mukana tulee suuri vastuu.\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "tuntematon uid-käyttäjätunniste: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "tuntematon käyttäjä: %s"
#: plugins/sudoers/def_data.c:219
msgid "If set, passprompt will override system prompt in all cases."
-msgstr "Jos asetettu, salasankehote korvaa järjestelmäkehotteen kaikissa tapauksissa."
+msgstr "Jos asetettu, salasanakehote korvaa järjestelmäkehotteen kaikissa tapauksissa."
# Tämä on tekemisessä runas_default -määrittelyn kanssa
#: plugins/sudoers/def_data.c:223
msgid "Set of limit privileges"
msgstr "Rajoitettuja käyttöoikeuksia"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Suorita komentoja pty:llä taustalla"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Luo uusi PAM-istunto suoritettavalle komennolle"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Suurin siirräntälokin sarjanumero %s"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "tuntematon oletusrivi ”%s”"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "arvo ”%s” on virheellinen valitsimelle ”%s”"
# parametrinä on variable
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "arvoa ei ole määritelty muuttujalle ”%s”"
# Parametri on muuttuja
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "muuttujan ”%s” arvojen on alettava merkillä ’/’"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "valitsin ”%s” ei ota arvoa"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "sisäinen virhe, %s-ylivuoto"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: rikkoutunut envp, pituus ei täsmää"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ei kyetä varaamaan muistia"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "seuraavia ympäristömuuttujia ei ole lupa asettaa: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s-omistajan on oltava uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s on vain omistajan kirjoitettava"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
-msgstr "ei kyetä kutsumaan funktiota dlopen %s: %s"
+msgstr "funktion dlopen %s kutsuminen epäonnistui: %s"
# parametrina on path
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
-msgstr "ei kyetä löytämään symbolia ”group_plugin” polusta %s"
+msgstr "symbolin ”group_plugin” löytäminen polusta %s epäonnistui"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: yhteensopimaton ryhmälisäosan major-versio %d, odotettiin %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Paikallinen ip-osoite ja verkkopeiteparit:\n"
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s on olemassa, mutta ei ole hakemisto (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "käskyn mkdir %s suorittaminen epäonnistui"
+
+# Avaamisen kohde voi olla timestamp file, sudoers file tai pathbuf
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "kohteen %s avaaminen epäonnistui"
+
# Parametrinä on sudoers-tiedosto tai pathbuf
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
-msgstr "ei kyetä lukemaan kohdetta %s"
+msgstr "kohteen %s lukeminen epäonnistui"
-#: plugins/sudoers/iolog.c:208
+# Kirjoittamisen kohde voi olla timestamp file tai pathbuf
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "virheellinen sarjanumero %s"
+msgid "unable to write to %s"
+msgstr "kohteeseen %s kirjoittaminen epäonnistui"
# Parametrina on pathbuf
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
-msgstr "ei kyetä luomaan hakemistopolkua %s"
+msgstr "hakemistopolun %s luominen epäonnistui"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "ei kyetä asettamaan locale-asetukseksi ”%s”, käytetään ”C”"
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: portti on liian suuri"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: hostbuf-puskuritila loppui"
# URL on verkko-osoite, loogisesti URI on verkkoresurssi(osoite)
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "tukematon LDAP-verkkoresurssin tunnustyyppi: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "virheellinen verkkoresurssin tunnus: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
-msgstr "ei kyetä sekottamaan ldap:n ja ldap-kohteiden verkkoresurssitunnuksia"
+msgstr "ldap:n ja ldap-verkkoresurssitunnuksien sekoittaminen epäonnistui"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
-msgstr "ei kyetä sekoittamaan ldap- ja starttl-kohteita"
+msgstr "ldap- ja starttl-kohteiden sekoittaminen epäonnistui"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: hostbuf-puskuritila loppui"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
-msgstr "ei kyetä alustamaan SSL-varmenne- ja -avaintietokantaa: %s"
+msgstr "SSL-varmenne- ja -avaintietokannan alustaminen epäonnistui: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "kohteessa %s TLS_CERT on asetettava käyttämään SSL:ää"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
-msgstr "ei kyetä saamaan GMT-aikaa"
+msgstr "GMT-ajan saaminen epäonnistui"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
-msgstr "ei kyetä muotoilemaan aikaleimaa"
+msgstr "aikaleiman muotoileminen epäonnistui"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
-msgstr "ei kyetä rakentamaan aikasuodatinta"
+msgstr "aikasuodattimen rakentaminen epäonnistui"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1-varaustäsmäämättömyys"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"LDAP-rooli: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"LDAP-rooli: TUNTEMATON\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Järjestys: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Komennot:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
-msgstr "ei kyetä alustamaan kohdetta LDAP: %s"
+msgstr "kohteen LDAP alustaminen epäonnistui: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
-msgstr "start_tls määritelty mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()"
+msgstr "start_tls määritelty, mutta LDAP-kirjastot ei tue funktiota ldap_start_tls_s() tai funktiota ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "virheellinen sudoOrder-attribuutti: %s"
#: plugins/sudoers/linux_audit.c:57
#, c-format
msgid "unable to open audit system"
-msgstr "ei kyetä avaamaan audit-järjestelmää"
+msgstr "audit-järjestelmän avaaminen epäonnistui"
#: plugins/sudoers/linux_audit.c:93
#, c-format
msgid "unable to send audit message"
-msgstr "ei kyetä lähettämään audit-viestiä"
+msgstr "audit-viestin lähettäminen epäonnistui"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s: (komento jatkui) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
-msgstr "ei kyetä avaamaan lokitiedostoa: %s: %s"
+msgstr "lokitiedoston avaaminen epäonnistui: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
-msgstr "ei kyetä lukitsemaan lokitiedostoa: %s: %s"
+msgstr "lokitiedoston lukitseminen epäonnistui: %s: %s"
+
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Ei käyttäjä eikä tietokone"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "kelpuutushäiriö"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "käyttäjä EI ole sudoers-tiedostossa"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "käyttäjä ei ole varmennettu tietokoneella"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "komento ei ole sallittu"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "käyttäjä %s ei ole sudoers-tiedostossa. Tästä tapahtumasta ilmoitetaan.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s. Tästä tapahtumasta ilmoitetaan.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Käyttäjä %s ei voi suorittaa komentoa sudo tietokoneella %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Käyttäjän %s ei sallita suorittaa ’%s%s%s’ käyttäjänä %s%s%s tietokoneella %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Ei käyttäjä eikä tietokone"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "kelpuutushäiriö"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: komentoa ei löytynyt"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"ohitetaan komento ”%s”, joka löytyi kohteesta ’.’\n"
"Käytä ”sudo ./%s”, jos tämä on ”%s”-komento, joka halutaan suorittaa."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "todentamishäiriö"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "vaaditaan salasana"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] "%d väärä salasana yritetty"
msgstr[1] "%d väärää salasanaa yritetty"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "vaaditaan salasana"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
-msgstr "ei kyetä kutsumaan fork-funktiota"
+msgstr "fork-funktion kutsuminen epäonnistui"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
-msgstr "ei kyetä kutsumaan fork-funktiota: %m"
+msgstr "fork-funktion kutsuminen epäonnistui: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
-msgstr "ei kyetä avaamaan putkea: %m"
+msgstr "putken avaaminen epäonnistui: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
-msgstr "ei kyetä kutsumaan funktiota dup vakiosyötteellä: %m"
+msgstr "funktion dup kutsuminen vakiosyötteellä epäonnistui: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
-msgstr "ei kyetä suorittamaan %s: %m"
+msgstr "käskyn %s suorittaminen epäonnistui: %m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "sisäinen virhe: riittämättömästi tilaa lokiriville"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "tukematon tiivistetyyppi %d kohteelle %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: kirjoitusvirhe"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "tiiviste kohteelle %s (%s) ei ole %s-muodossa"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "jäsentämisvirhe tiedostossa %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Sudoers-rivi:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " SuoritaKäyttäjänä: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " SuoritaRyhmänä: "
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Valitsimet: "
+
+# Parametri on path, mutta saattaa sisältää suoritettavan ohjelman
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "kohteen %s suorittaminen epäonnistui"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Sudoers-menettelytapalisäosaversio %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Sudoers-tiedostokielioppiversio %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Komennot:\n"
-"\t"
+"\n"
+"Sudoers-polku: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "nsswitch-polku: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "ei kyetä laittamaan välimuistiin uid %u (%s) -käyttäjää, on jo siellä"
+msgid "ldap.conf path: %s\n"
+msgstr "ldap.conf-polku: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
#, c-format
-msgid "unable to cache uid %u, already exists"
-msgstr "ei kyetä laittamaan välimuistiin uid %u -käyttäjää, on jo siellä"
+msgid "ldap.secret path: %s\n"
+msgstr "ldap.secret-polku: %s\n"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:148
#, c-format
-msgid "unable to cache user %s, already exists"
-msgstr "ei kyetä laittamaan välimuistiin käyttäjää %s, on jo siellä"
+msgid "unable to cache uid %u, already exists"
+msgstr "käyttäjän uid %u laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä"
-#: plugins/sudoers/pwutil.c:668
+#: plugins/sudoers/pwutil.c:190
#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "ei kyetä laittamaan välimuistiin gid %u (%s) -ryhmää, on jo siellä"
+msgid "unable to cache user %s, already exists"
+msgstr "käyttäjän %s laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä"
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
-msgstr "ei kyetä laittamaan välimuistiin gid %u -ryhmää, on jo siellä"
+msgstr "ryhmän gid %u laittaminen välimuistiin epäonnistui, ryhmä on jo siellä"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
-msgstr "ei kyetä laittamaan välimuistiin ryhmää %s, on jo siellä"
+msgstr "ryhmän %s laittaminen välimuistiin epäonnistui, ryhmä on jo siellä"
+
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "ryhmäluettelon laittaminen välimuistiin tiedostossa %s epäonnistui, ryhmäluettelo on jo siellä"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+# Parametri on sudoers file
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "ryhmien jäsentäminen tiedostossa %s epäonnistui"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "käyttöoikeuspinoylivuoto"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "käyttöoikeuspinovajaus"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "vaihtaminen root gid -tunnisteeksi epäonnistui"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
-msgstr "ei kyetä vaihtamaan runas gid -tunnisteeksi"
+msgstr "vaihtaminen runas gid -tunnisteeksi epäonnistui"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
-msgstr "ei kyetä vaihtamaan runas gid -tunnisteeksi"
+msgstr "vaihtaminen runas uid -tunnisteeksi epäonnistui"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
-msgstr "ei kyetä vaihtamaan sudoers gid-tunnisteeksi"
+msgstr "vaihtaminen sudoers gid-tunnisteeksi epäonnistui"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "liian monta prosessia"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
-msgstr "ei kyetä asettaan runas-ryhmävektoria"
+msgstr "runas-ryhmävektorin asettaminen epäonnistui"
-#: plugins/sudoers/sssd.c:251
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr "Ei kyetä kutsumaan funktiota dlopen %s: %s"
-
-#: plugins/sudoers/sssd.c:252
-#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
-msgstr "Ei kyetä alustamaan SSS-lähdettä. Onko SSSD asennettu tietokoneeseesi?"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "lähteen SSS alustaminen epäonnistui. Onko SSSD asennettu tietokoneeseesi?"
# parametrina on path
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
-msgstr "ei kyetä löytämään symbolia ”%s” polusta %s"
+msgstr "symbolin ”%s” löytäminen polusta %s epäonnistui"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Täsmäävät Defaults-rivit kohteelle %s tällä tietokoneella:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Runas- ja Command-kohtaiset oletukset kohteelle %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Käyttäjä %s voi suorittaa seuraavat komennot tällä tietokoneella:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Käyttäjä %s ei saa suorittaa komentoa sudo tietokoneella %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "oletusrivien pulma"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "ei löytynyt kelvollisia sudoers-lähteitä, poistutaan"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "ei kyetä suorittamaan komentoa %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers määrittelee, että root ei saa suorittaa sudo-komentoa"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "ei käyttöoikeuksia valitsimelle -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "aikaleimaomistaja (%s): Tuntematon käyttäjä"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "ei tty:tä"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "sudo-komennon suorittamiseksi on oltava tty"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "komento nykyisessä hakemistossa"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "ympäristöä ei ole lupa säilyttää"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "funktion stat %s kutsuminen epäonnistui"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s ei ole tavallinen tiedosto"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s on uid %u -käyttäjän omistama, pitäisi olla %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s on yleiskirjoitettava"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s on gid %u -ryhmän omistama, pitäisi olla %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "vain root-käyttäjä voi käyttää valitsinta ”-c %s”"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "tuntematon kirjautumisluokka: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
-msgstr "ei kyetä ratkaisemaan tietokonetta %s"
+msgstr "tietokoneen %s ratkaiseminen epäonnistui"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "tuntematon ryhmä: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Sudoers-menettelytapalisäosaversio %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Sudoers-tiedostokielioppiversio %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Sudoers-polku: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "nsswitch-polku: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "ldap.conf-polku: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "ldap.secret-polku: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "virheellinen suodatinvalitsin: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "virheellinen enimmäisodotusaika: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "virheellinen nopeustekijä: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s versio %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/ajoitus: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/ajoitus: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Toistetaan sudo-istunto: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Varoitus: pääteikkunasi on liian pieni tämän lokin toistamiseksi oikein.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Lokigeometria on %d x %d, pääteikkunasi geometria on %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
-msgstr "ei kyetä asettamaa tty:ta raakatilaan"
+msgstr "tty:n asettaminen raakatilaan epäonnistui"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "virheellinen ajoitustiedostorivi: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "kirjoitetaan vakiotulosteeseen"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "monimerkityksellinen lauseke ”%s”"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "liian monta sulkumerkillistä lauseketta, enintään %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "täsmäämätön ’)’ lausekkeessa"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "tuntematon hakutermi ”%s”"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s vaatii argumentin"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "virheellinen säännöllinen lauseke: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
-msgstr "ei voitu jäsentää päivämäärää ”%s”"
+msgstr "päivämäärän ”%s” jäsentäminen epäonnistui"
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "täsmäämätön ’(’ lausekkeessa"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "virheellinen jäljessä oleva ”or”"
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "virheellinen jäljessä oleva ”!”"
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "virheellinen säännöllinen lauseke: %s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "käyttö: %s [-h] [-d hakemisto] [-m enimmäisodotusaika] [-s nopeustekijä] ID-tunniste\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "käyttö: %s [-h] [-d hakemisto] -l [hakulauseke]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - toista sudo-istuntolokit\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s nopeustekijä nopeuta tai hidasta tulostusta\n"
" -V näytä versiotiedot ja poistu"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\ttietokone täsmäämätön"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Komento sallittu"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Komento kielletty"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Täsmäämätön komento"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "aikaleimapolku on liian pitkä: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s on uid %u:n omistama, pitäisi olla uid %u:n omistama"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s on olemassa, mutta ei ole tavallinen tiedosto (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s on kirjoitettava ei-omistajalle (0%o), pitäisi olla tila 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "aikaleima liian kaukana tulevaisuudessa: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "kohteen %s poistaminen epäonnistui, nollaa ajan"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "kohteen %s nollaaminen ajaksi epäonnistui"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: puskuriylivuoto"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s kielioppiversio %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "muokkaa %s painamalla enter-painiketta: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "kirjoitusvirhe"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
-msgstr "ei kyetä kutsumaan stat-funktiota tilapäiselle tiedostolle (%s), %s ennallaan"
+msgstr "funktion stat kutsuminen tilapäiselle tiedostolle (%s) epäonnistui, %s ennallaan"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "nollapituinen tilapäinen tiedosto (%s), %s ennallaan"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "editori (%s) epäonnistui, %s ennallaan"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s ennallaan"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
-msgstr "ei kyetä avaamaan uudelleen tilapäistä tiedostoa (%s), %s ennallaan."
+msgstr "tilapäisen tiedoston (%s) avaaminen uudelleen epäonnistui, %s ennallaan."
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
-msgstr "ei kyetä jäsentämään tilapäistä tiedostoa (%s), tuntematon virhe"
+msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
-msgstr "sisäinen virhe, ei kyetä löytämään %s luettelosta!"
+msgstr "sisäinen virhe, kohteen %s löytäminen luettelosta epäonnistui!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
-msgstr "ei kyetä asettamaan kohdetta %s (uid, gid) arvoihin (%u, %u)"
+msgstr "kohteen %s (uid, gid) asettaminen arvoihin (%u, %u) epäonnistui"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
-msgstr "ei kyetä muuttamaan %s-tilaa arvoon 0%o"
+msgstr "tilan %s vaihtaminen arvoon 0%o epäonnistui"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s ja %s eivät ole samassa tiedostojärjestelmässä, käytetään komentoa mv uudelleennimeämiseen"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "komento epäonnistui: ’%s %s %s’, %s ennallaan"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "virhe nimettäessä %s uudelleen, %s ennallaan"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Mitä nyt?"
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (Q) poistu ja tallenna muutokset sudoers-tiedostoon (VAARA!)\n"
# Parametri on path, mutta saattaa sisältää suoritettavan ohjelman
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "ei kyetä suorittamaan kohdetta %s"
-
-# Parametri on path, mutta saattaa sisältää suoritettavan ohjelman
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
-msgstr "ei kyetä suorittamaan kohdetta %s"
+msgstr "kohteen %s suorittaminen epäonnistui"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: väärä omistaja (uid, gid), pitäisi olla (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: väärät käyttöoikeudet, pitäisi olla tila 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "tiedoston %s jäsentäminen epäonnistui, tuntematon virhe"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "jäsentämisvirhe tiedostossa %s lähellä riviä %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "jäsentämisvirhe tiedostossa %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: jäsentäminen valmis\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s varattu, yritä myöhemmin uudelleen"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "määritelty editori (%s) ei ole olemassa"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
-msgstr "ei kyetä kutsumaan funktiota stat editori (%s)"
+msgstr "funktion stat editor (%s) kutsuminen epäonnistui"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "editoria ei löytynyt (editoripolku = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Virhe: jakso kohteessa %s_Alias ”%s”"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Varoitus: jakso kohteessa %s_Alias ”%s”"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Virhe: %s_Alias ”%s” uudelleenviitattu, mutta ei määritelty"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Varoitus: %s_Alias ”%s” uudelleenviitattu, mutta ei määritelty"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: käyttämätön %s_Alias %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - muokkaa sudoers-tiedostoa turvallisesti\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s tiukka syntaksitarkistus\n"
" -V näytä versiotiedot ja poistu"
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr "liian monta include-tasoa"
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok: %s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate: %s"
+
+#~ msgid "Password: "
+#~ msgstr "Salasana: "
+
+#~ msgid "getauid failed"
+#~ msgstr "getauid epäonnistui"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "Funktion dlopen %s kutsuminen epäonnistui: %s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "virheellinen säännöllinen lauseke: %s"
+
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s: %s lähellä riviä %d <<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "muistin varaaminen epäonnistui"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s: %s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "locale-asetuksen ”%s” asettaminen epäonnistui, käytetään ”C”"
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " Komennot:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "käyttäjän uid %u (%s) laittaminen välimuistiin epäonnistui, käyttäjä on jo siellä"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "ryhmän gid %u (%s) laittaminen välimuistiin epäonnistui, ryhmä on jo siellä"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "komennon %s suorittaminen epäonnistui: %s"
+
#~ msgid "internal error, expand_prompt() overflow"
#~ msgstr "sisäinen virhe, expand_prompt()-ylivuoto"
#~ msgid "set group on %s"
#~ msgstr "aseta ryhmä tiedostossa %s"
-# Parametri on sudoers file
-#~ msgid "unable to set group on %s"
-#~ msgstr "ei kyetä asettamaan ryhmää tiedostossa %s"
-
#~ msgid "unable to fix mode on %s"
-#~ msgstr "ei kyetä korjaamaan tilaa tiedostossa %s"
+#~ msgstr "tilan korjaaminen tiedostossa %s epäonnistui"
#~ msgid "%s is mode 0%o, should be 0%o"
#~ msgstr "%s on tila 0%o, pitäisi olla 0%o"
#~ msgstr "%s: %.*s\n"
#~ msgid "unable to get runas group vector"
-#~ msgstr "ei kyetä hakemaan runas-ryhmävektoria"
+#~ msgstr "runas-ryhmävektorin hakeminen epäonnistui"
#~ msgid "unable to reset group vector"
-#~ msgstr "ei kyetä nollaamaan ryhmävektoria"
+#~ msgstr "ryhmävektorin nollaaminen epäonnistui"
#~ msgid "unable to get group vector"
-#~ msgstr "ei kyetä hakemaan ryhmävektoria"
+#~ msgstr "ryhmävektorin hakeminen epäonnistui"
#~ msgid "%s: %s_Alias `%s' references self"
#~ msgstr "%s: %s_Alias ”%s” viittaa itseensä"
#~ msgid "unable to parse temporary file (%s), unknown error"
-#~ msgstr "ei kyetä jäsentämään tilapäistä tiedostoa (%s), tuntematon virhe"
+#~ msgstr "tilapäisen tiedoston (%s) jäsentäminen epäonnistui, tuntematon virhe"
# Translation of sudoers to Croatian.
# This file is put in the public domain.
+# Tomislav Krznar <tomislav.krznar@gmail.com>, 2012, 2013.
#
-# Tomislav Krznar <tomislav.krznar@gmail.com>, 2012.
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b4\n"
+"Project-Id-Version: sudoers 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 22:56+0200\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-18 15:32+0200\n"
"Last-Translator: Tomislav Krznar <tomislav.krznar@gmail.com>\n"
"Language-Team: Croatian <lokalizacija@linux.hr>\n"
"Language: hr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
-"X-Generator: Lokalize 1.4\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"X-Generator: Gtranslator 2.91.6\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s kod retka %d <<<"
+#: confstr.sh:2 plugins/sudoers/auth/pam.c:340
+msgid "Password:"
+msgstr "Lozinka:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** SIGURNOSNE informacije za %h ***"
-#: plugins/sudoers/alias.c:125
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Žao mi je, pokušajte ponovo."
+
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Alias „%s” je već definiran"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "ne mogu dobiti razred prijave korisnika %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "ne mogu započeti bsd provjeru"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "neispravna vrsta provjere"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "ne mogu postaviti provjeru"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "ne mogu čitati fwtk konfiguraciju"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "ne mogu se spojiti na poslužitelj za provjeru"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "izgubljena veza na poslužitelj za provjeru"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"greška poslužitelja za provjeru:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
msgid "%s: unable to unparse princ ('%s'): %s"
msgstr "%s: ne mogu ukloniti analizu upravitelja („%s”): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: ne mogu analizirati „%s”: %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
msgid "%s: unable to resolve ccache: %s"
msgstr "%s: ne mogu pronaći ccache: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: ne mogu alocirati opcije: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: ne mogu dobiti vjerodajnice: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
msgid "%s: unable to initialize ccache: %s"
msgstr "%s: ne mogu inicijalizirati ccache: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
msgid "%s: unable to store cred in ccache: %s"
msgstr "%s: ne mogu spremiti vjerodajnicu u ccache: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s: ne mogu dobiti upravitelja računala: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: Ne mogu provjeriti TGT! Moguć napad!: %s"
msgid "unable to initialize PAM"
msgstr "ne mogu inicijalizirati PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:145
msgid "account validation failure, is your account locked?"
msgstr "potvrđivanje računa nije uspjelo, je li vaš račun zaključan?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:149
msgid "Account or password is expired, reset your password and try again"
msgstr "Račun ili lozinka su istekli, vratite izvornu lozinku i pokušajte ponovo"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:156
#, c-format
msgid "pam_chauthtok: %s"
msgstr "pam_chauthtok: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:160
msgid "Password expired, contact your system administrator"
msgstr "Lozinka je istekla, javite vašem administratoru sustava"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:164
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Račun je istekao ili PAM konfiguracija nema odjeljak „account” za sudo, javite vašem administratoru sustava"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:181
#, c-format
msgid "pam_authenticate: %s"
msgstr "pam_authenticate: %s"
-#: plugins/sudoers/auth/pam.c:332
+#: plugins/sudoers/auth/pam.c:339
msgid "Password: "
msgstr "Lozinka: "
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Lozinka:"
-
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "niste navedeni u %s bazi podataka"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "nisam uspio inicijalizirati ACE API biblioteku"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "ne mogu uspostaviti vezu s SecurID poslužiteljem"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "Korisnički ID zaključan za SecurID provjeru"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "neispravna duljina korisničkog imena za SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "neispravni postupak provjere za SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "SecurID komunikacija nije uspjela"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "nepoznata SecurID greška"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "neispravna duljina lozinke za SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "ne mogu inicijalizirati SIA sjednicu"
-#: plugins/sudoers/auth/sudo_auth.c:121
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "neispravne metode provjere"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "Neispravne metode provjere kompajlirane u sudo! Možete miješati samostalne i nesamostalne provjere."
+msgstr "Neispravne metode provjere kompajlirane u sudo! Možete miješati samostalne i nesamostalne provjere."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "nema metoda provjere"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
-msgstr "Nema metoda provjere kompajliranih u sudo! Ako želite isključiti provjeru, koristite konfiguracijsku opciju --disable-authentication."
+msgstr "Nema metoda provjere kompajliranih u sudo! Ako želite isključiti provjeru, koristite konfiguracijsku opciju --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Metode provjere:"
msgid "au_to_text: failed"
msgstr "au_to_text: nije uspio"
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "ne mogu otvoriti %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "ne mogu pisati u %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "ne mogu napraviti direktorij %s"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "interna greška, %s preljev"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "putanja vremenske oznake predugačka: %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s postoji, ali nije direktorij (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "vlasnik %s je uid %u, treba biti uid %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "ne mogu izvršiti stat %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s postoji, ali nije obična datoteka (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "vremenska oznaka predaleko u budućnosti: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "ne mogu ukloniti %s (%s), vratit ću na početnu epohu"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "ne mogu vratiti %s na početnu epohu"
+#: plugins/sudoers/check.c:174
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Vjerujemo da vam je administrator lokalnog sustava održao uobičajeno\n"
+"predavanje. To se obično svodi na sljedeće tri stvari:\n"
+"\n"
+" #1) Poštujte tuđu privatnost.\n"
+" #2) Mislite prije pisanja.\n"
+" #3) S velikim moćima dolazi velika odgovornost.\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:212 plugins/sudoers/check.c:218
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "nepoznat uid: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:215 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "nepoznat korisnik: %s"
msgid "Set of limit privileges"
msgstr "Skup ograničenih ovlasti"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Pokreni naredbe na pseudoterminalu u pozadini"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Napravi novu PAM sjednicu u kojoj će se pokrenuti naredba"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Najveći redni broj U/I dnevnika"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "nepoznata stavka zadanih vrijednosti „%s”"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "vrijednost „%s” nije ispravna za opciju „%s”"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "nije navedena vrijednost za „%s”"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "vrijednost za „%s” mora početi s „/”"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "opcija „%s” ne prihvaća vrijednost"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "interna greška, %s preljev"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: oštećen envp, duljina ne odgovara"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ne mogu alocirati memoriju"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "žao mi je, nemate dozvolu za postavljanje sljedećih varijabli okoline: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "vlasnik %s mora biti uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "samo vlasnik smije imati dozvole za pisanje %s"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "ne mogu izvršiti dlopen %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "ne mogu pronaći simbol „group_plugin” u %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: nekompatibilna glavna inačica grupnog priključka %d, očekujem %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Parovi lokalnih IP adresa i mrežnih maski:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:199 plugins/sudoers/timestamp.c:243
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s postoji, ali nije direktorij (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:164
+#: plugins/sudoers/timestamp.c:220 plugins/sudoers/timestamp.c:270
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "ne mogu napraviti direktorij %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:154
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "ne mogu otvoriti %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "ne mogu čitati %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:158
#, c-format
-msgid "invalid sequence number %s"
-msgstr "neispravan broj niza %s"
+msgid "unable to write to %s"
+msgstr "ne mogu pisati u %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "ne mogu napraviti %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "ne mogu postaviti lokal u „%s”, koristim „C”"
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: port je prevelik"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: nema dovoljno prostora za proširenje međuspremnika računala"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "nepodržana vrsta LDAP uri-ja: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "neispravan uri: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "ne mogu miješati ldap i ldaps URI-je"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "ne mogu miješati ldaps i starttls"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: nema dovoljno prostora za izgradnju međuspremnika računala"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "ne mogu inicijalizirati SSL certifikat i bazu podataka ključeva: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "morate postaviti TLS_CERT u %s za korištenje SSL-a"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:996
#, c-format
msgid "unable to get GMT time"
msgstr "ne mogu dohvatiti GMT vrijeme"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1002
#, c-format
msgid "unable to format timestamp"
msgstr "ne mogu oblikovati vremensku oznaku"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1010
#, c-format
msgid "unable to build time filter"
msgstr "ne mogu izgraditi filtar vremena"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1229
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "neodgovarajuća sudo_ldap_build_pass1 alokacija"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1776
#, c-format
msgid ""
"\n"
"\n"
"LDAP uloga: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1778
#, c-format
msgid ""
"\n"
"\n"
"LDAP uloga: NEPOZNATA\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1825
#, c-format
msgid " Order: %s\n"
msgstr " Redoslijed: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1833 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1173
#, c-format
msgid " Commands:\n"
msgstr " Naredbe:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2255
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "ne mogu inicijalizirati LDAP: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2289
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "naveden je start_tls, ali LDAP biblioteke ne podržavaju ldap_start_tls_s() ili ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2525
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "neispravno sudoOrder svojstvo: %s"
msgid "unable to send audit message"
msgstr "ne mogu poslati poruku revizije"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (naredba nastavljena) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "ne mogu otvoriti dnevičku datoteku: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "ne mogu zaključati dnevničku datoteku: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Nema korisnika ili računala"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "provjera nije uspjela"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "korisnik NIJE u sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "korisnik NIJE ovlašten na računalu"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "naredba nije dozvoljena"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
-msgstr "%s nije u datoteci sudoers. Ovaj će incident biti prijavljen.\n"
+msgstr "%s nije u datoteci sudoers. Ovaj će incident biti prijavljen.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
-msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n"
+msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s. Ovaj će incident biti prijavljen.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Žao mi je, korisnik %s ne može pokrenuti sudo na %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Žao mi je, korisniku %s nije dozvoljeno izvršiti „%s%s%s” kao %s%s%s na %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Nema korisnika ili računala"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "provjera nije uspjela"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: naredba nije pronađena"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"zanemarujem „%s” pronađen u „.”\n"
"Koristite „sudo ./%s” ako je ovo „%s” koji želite pokrenuti."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "provjera nije uspjela"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "potrebna je lozinka"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[1] "%d netočna pokušaja unosa lozinke"
msgstr[2] "%d netočnih pokušaja unosa lozinke"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "potrebna je lozinka"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "ne mogu razdvojiti"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "ne mogu razdvojiti: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "ne mogu otvoriti cjevovod: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "ne mogu izvršiti dup stdin: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "ne mogu izvršiti %s: %m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "interna greška: nema dovoljno prostora za redak dnevnika"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "greška analize u %s kod retka %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "greška analize u %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Sudoers stavka:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " PokreniKaoKorisnici: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " PokreniKaoGrupe: "
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Opcije:"
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "ne mogu izvršiti %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Inačica sudoers priključka police %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Inačica sudoers gramatike datoteke %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Naredbe:\n"
-"\t"
+"\n"
+"Sudoers putanja: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "nsswitch putanja: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "ne mogu staviti uid %u (%s) u spremnik, već postoji"
+msgid "ldap.conf path: %s\n"
+msgstr "ldap.conf putanja: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "ldap.secret putanja: %s\n"
+
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "ne mogu staviti uid %u u spremnik, već postoji"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "ne mogu staviti korisnika %s u spremnik, već postoji"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "ne mogu staviti gid %u (%s) u spremnik, već postoji"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "ne mogu staviti gid %u u spremnik, već postoji"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "ne mogu staviti grupu %s u spremnik, već postoji"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "ne mogu staviti popis grupa u spremnik za %s, već postoji"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "ne mogu obraditi grupe za %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "preljev trajnog stoga"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "podljev trajnog stoga"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "ne mogu promijeniti u administratorski gid"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "ne mogu promijeniti u „pokreni kao” gid"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "ne mogu promijeniti u „pokreni kao” uid"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "ne mogu promijeniti u sudoers gid"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "previše procesa"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "ne mogu postaviti „pokreni kao” grupni vektor"
-#: plugins/sudoers/sssd.c:251
+#: plugins/sudoers/sssd.c:256
#, c-format
msgid "Unable to dlopen %s: %s"
msgstr "Ne mogu izvršiti dlopen %s: %s"
-#: plugins/sudoers/sssd.c:252
+#: plugins/sudoers/sssd.c:257
#, c-format
msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr "Ne mogu inicijalizirati SSS izvor. Je li SSSD instaliran na vašem stroju?"
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "ne mogu pronaći simbol „%s” u %s"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Spajam stavke zadanih vrijednosti za %s na ovom računalu:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Zadane vrijednosti „pokreni kao” i specifične za naredbe za %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Korisnik %s može pokrenuti sljedeće naredbe na ovom računalu:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Korisniku %s nije dozvoljeno pokrenuti sudo na %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "problem sa stavkama zadanih vrijednosti"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "nisu pronađeni ispravni sudoers izvori, izlazim"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "ne mogu izvršiti %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers navodi da root ne može koristiti sudo"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "nemate dozvolu za korištenje opcije -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "vlasnik vremenske oznake (%s): Nema takvog korisnika"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "nema terminala"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "žao mi je, morate imati terminal za pokretanje sudo"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "naredba u trenutnom direktoriju"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "žao mi je, nemate dozvolu za očuvanje okoline"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:215
+#: plugins/sudoers/timestamp.c:259 plugins/sudoers/timestamp.c:327
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "ne mogu izvršiti stat %s"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s nije obična datoteka"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:842
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "vlasnik %s je uid %u, treba biti %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:849
#, c-format
msgid "%s is world writable"
msgstr "%s ima dozvole za pisanje svih korisnika"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:854
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "vlasnik %s je gid %u, treba biti %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "samo root smije koristiti „-c %s”"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "nepoznat razred prijave: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "ne mogu pronaći računalo %s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "nepoznata grupa: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Inačica sudoers priključka police %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Inačica sudoers gramatike datoteke %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Sudoers putanja: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "nsswitch putanja: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "ldap.conf putanja: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "ldap.secret putanja: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "neispravna opcija filtra: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "neispravno najveće čekanje: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "neispravni faktor brzine: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s inačica %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/vrijeme: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/vrijeme: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Prikazujem sudo sjednicu: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Upozorenje: vaš terminal je premalen za ispravno prikazivanje dnevnika.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Veličina dnevnika je %d x %d, a veličina vašeg terminala %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "ne mogu postaviti terminal u sirovi način"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "neispravan redak datoteke mjerenja vremena: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "ispisujem na standardni izlaz"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "višeznačni izraz „%s”"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "previše izraza u zagradama, najviše %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "nesparena „)” u izrazu"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "nepoznat pojam pretrage „%s”"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s zahtijeva argument"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718
#, c-format
msgid "invalid regular expression: %s"
msgstr "neispravan regularni izraz: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "ne mogu analizirati datum „%s”"
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "nesparena „(” u izrazu"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "nedozvoljeni „or” na kraju"
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "nedozvoljeni „!” na kraju"
-#: plugins/sudoers/sudoreplay.c:1050
+#: plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regex: %s"
msgstr "neispravni regularni izraz: %s"
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "uporaba: %s [-h] [-d direktorij] [-m max_čekanje] [-s faktor_brzine] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "uporaba: %s [-h] [-d direktorij] -l [izraz pretrage]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - prikaži dnevnike sudo sjednica\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s faktor_brzine ubrzaj ili uspori ispis\n"
" -V prikaži informacije o inačici i izađi"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\tračunalo nije pronađeno"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Naredba dozvoljena"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Naredba zabranjena"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Naredba nije pronađena"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:128
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "putanja vremenske oznake predugačka: %s"
+
+#: plugins/sudoers/timestamp.c:202 plugins/sudoers/timestamp.c:246
+#: plugins/sudoers/timestamp.c:291
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "vlasnik %s je uid %u, treba biti uid %u"
+
+#: plugins/sudoers/timestamp.c:207 plugins/sudoers/timestamp.c:251
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0700"
+
+#: plugins/sudoers/timestamp.c:285
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s postoji, ali nije obična datoteka (0%o)"
+
+#: plugins/sudoers/timestamp.c:297
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "nevlasnici imaju dozvolu za pisanje u %s (0%o), treba biti mod 0600"
+
+#: plugins/sudoers/timestamp.c:352
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "vremenska oznaka predaleko u budućnosti: %20.20s"
+
+#: plugins/sudoers/timestamp.c:406
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "ne mogu ukloniti %s, vratit ću na početnu epohu"
+
+#: plugins/sudoers/timestamp.c:413
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "ne mogu vratiti %s na početnu epohu"
+
+#: plugins/sudoers/toke_util.c:221
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: preljev međuspremnika"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s inačica gramatike %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "pritisnite return za uređivanje %s: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "greška pisanja"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "na mogu izvršiti stat privremene datoteke (%s), %s nepromijenjen"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "privremena datoteka duljine nula (%s), %s nepromijenjen"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "uređivač (%s) nije uspio, %s nepromijenjen"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s nepromijenjen"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "ne mogu ponovo otvoriti privremenu datoteku (%s), %s nepromijenjen."
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "ne mogu analizirati privremenu datoteku (%s), nepoznata greška"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "interna greška, ne mogu pronaći %s na popisu!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "na mogu postaviti (uid, gid) od %s na (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "ne mogu promijeniti mod od %s u 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s i %s nisu na istom datotečnom sustavu, koristim mv za preimenovanje"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "naredba nije uspjela: „%s %s %s”, %s nepromijenjen"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "greška preimenovanja %s, %s nepromijenjen"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Što sada? "
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (x) izađi bez spremanja promjena u datoteku sudoers\n"
" (Q) izađi i spremi promjene u datoteku sudoers (OPASNO!)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "ne mogu izvršiti %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "ne mogu pokrenuti %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: krivi vlasnički (uid, gid), treba biti (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: neispravne dozvole, treba biti mod 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "nisam uspio analizirati %s datoteku, nepoznata greška"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "greška analize u %s kod retka %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "greška analize u %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: analiza u redu\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s je zauzet, pokušajte ponovo kasnije"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "navedeni uređivač (%s) ne postoji"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "ne mogu odrediti stanje uređivača (%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "nije pronađen uređivač (putanja uređivača = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Greška: petlja u %s_Alias „%s”"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Upozorenje: petlja u %s_Alias „%s”"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Greška: %s_Alias „%s” je referenciran, ali nije definiran"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Upozorenje: %s_Alias „%s” je referenciran, ali nije definiran"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: nekorišteni %s_Alias %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - sigurno uređivanje datoteke sudoers\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s strogo provjeravanje sintakse\n"
" -V prikaži informacije o inačici i izađi"
-#: toke.l:820
+#: toke.l:815
msgid "too many levels of includes"
msgstr "previše razina uključivanja"
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s: %s kod retka %d <<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "ne mogu alocirati memoriju"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s: %s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "ne mogu postaviti lokal u „%s”, koristim „C”"
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " Naredbe:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "ne mogu staviti uid %u (%s) u spremnik, već postoji"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "ne mogu staviti gid %u (%s) u spremnik, već postoji"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "ne mogu izvršiti %s: %s"
+
#~ msgid "internal error, expand_prompt() overflow"
#~ msgstr "interna greška, expand_prompt() preljev"
# Italian translations for sudoers package
-# Copyright (C) 2011, 2012 The Free Software Foundation
-# This file is distributed under the same license as the sudo package.
-#
-# Milo Casagrande <milo@casagrande.name>, 2011, 2012.
+# This file is put in the public domain.
+# Milo Casagrande <milo@milo.name>, 2011, 2012, 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers-1.8.6b4\n"
+"Project-Id-Version: sudoers-1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-15 18:27+0200\n"
-"Last-Translator: Milo Casagrande <milo@casagrande.name>\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-20 13:00+0200\n"
+"Last-Translator: Milo Casagrande <milo@milo.name>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
"Language: it\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8-bit\n"
"Plural-Forms: nplurals=2; plural=(n!=1);\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s vicino alla riga %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Password:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** Informazioni di SICUREZZA per %h ***"
-#: plugins/sudoers/alias.c:125
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Riprovare."
+
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Alias \"%s\" già definito"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "impossibile ottenere la classe di login per l'utente %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "impossibile iniziare l'autenticazione bsd"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "tipo di autenticazione non valida"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "impossibile impostare l'autenticazione"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "impossibile leggere la configurazione fwtk"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "impossibile connettersi al server di autenticazione"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "connessione al server di autenticazione persa"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"errore del server di autenticazione:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s: impossibile eseguire l'unparse di princ (\"%s\"): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: impossibile convertire il principal in stringa (\"%s\"): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: impossibile analizzare \"%s\": %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s: impossibile risolvere la ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: impossibile risolvere la cache delle credenziali: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: impossibile allocare le opzioni: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: impossibile ottenere le credenziali: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: impossibile inizializzare la ccache: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: impossibile inizializzare la cache delle credenziali: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: impossibile salvare le credenziali nella cchace: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: impossibile salvare le credenziali nella cache: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s: impossibile ottenere il principal dell'host: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: impossibile verificare TGT. Possibile attacco in corso: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr "impossibile inizializzare PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "validazione dell'account non riuscita: forse è bloccato?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "Account o password scaduto: reimpostare la password e provare nuovamente"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "impossibile modificare la password scaduta: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Password scaduta, contattare l'amministratore di sistema"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Account scaduto o alla configurazione PAM manca una sezione \"account\" per sudo: contattare l'amministratore di sistema"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
-
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Password: "
+msgid "PAM authentication error: %s"
+msgstr "errore autenticazione PAM: %s"
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Password:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "impossibile stabilire le credenziali: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "l'utente attuale non esiste nel database %s"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "inizializzazione della libreria API ACE non riuscita"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "impossibile contattare il server SecurID"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "ID utente bloccato per l'autenticazione SecurID"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "lunghezza del nome utente per SecurID non valida"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "gestore di autenticazione per SecurID non valido"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "Comunicazione SecurID non riuscita"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "errore SecurID sconosciuto"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "lunghezza del passcode per SecurID errata"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "impossibile inizializzare la sessione SIA"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "Metodi di autenticazione non validi compilati all'interno di sudo. È possibile usare assieme autenticazione standalone e non-standalone."
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "metodi di autenticazione non validi"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Metodi di autenticazione non validi compilati all'interno di sudo. Non è possibile usare assieme autenticazione standalone e non-standalone."
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "nessun metodo di autenticazione"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "Non ci sono metodi di autenticazione compilati all'interno di sudo. Per disabilitare l'autenticazione, usare l'opzione di configurazione --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Metodi di autenticazione:"
msgid "Could not determine audit condition"
msgstr "Impossibile determinare la condizione di audit"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
+msgid "getauid: failed"
msgstr "getauid non riuscita"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
msgid "unable to commit audit record"
msgstr "impossibile inviare il record di audit"
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid non riuscita"
-
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text non riuscita"
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "impossibile aprire %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "impossibile scrivere su %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "impossibile creare la directory %s"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "errore interno, overflow di %s"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "percorso marcatura temporale troppo lungo: %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s esiste, ma non è una directory (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s è di proprietà dell'uid %u, dovrebbe essere dell'uid %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "impossibile eseguire stat su %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s esiste, ma non è un file regolare (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "marcatura temporale troppo avanti nel tempo: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "impossibile rimuovere %s (%s), viene reimpostato al tempo epoch"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "impossibile reimpostare %s al tempo epoch"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Questa lezione dovrebbe essere stata impartita dall'amministratore\n"
+"di sistema locale. Solitamente equivale a:\n"
+"\n"
+" #1) Rispettare la privacy degli altri\n"
+" #2) Pensare prima di digitare\n"
+" #3) Da grandi poteri derivano grandi responsabilità\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "uid sconosciuto: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "utente sconosciuto: %s"
msgid "Set of limit privileges"
msgstr "Privilegi non concessi"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Esegue i comandi in un pty in background"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Crea una nuova sessione PAM in cui eseguire il comando"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Numero massimo di sequenze I/O di registro"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "voce Defaults \"%s\" sconosciuta"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "il valore \"%s\" non è valido per l'opzione \"%s\""
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "nessun valore specificato per \"%s\""
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "i valori per \"%s\" devono iniziare con un carattere \"/\""
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "l'opzione \"%s\" non accetta un valore"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "errore interno, overflow di %s"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: envp danneggiato, non corrispondenza in lunghezza"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "impossibile allocare memoria"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "permessi non sufficienti per impostare le seguenti variabili d'ambiente: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s deve essere di proprietà dello uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s deve essere scrivibile solo dal proprietario"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "impossibile eseguire dlopen su %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "impossibile trovare il simbolo \"group_plugin\" in %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: version major %d del plugin per il gruppo non compatibile, atteso %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Coppia indirizzo IP locale e maschera di rete:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s esiste, ma non è una directory (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "impossibile creare la directory %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "impossibile aprire %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "impossibile leggere %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "numero di sequenze %s non valido"
+msgid "unable to write to %s"
+msgstr "impossibile scrivere su %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "impossibile creare %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "impossibile impostare il locale a \"%s\", viene usato \"C\""
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: porta troppo grande"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: spazio esaurito nell'espansione di hostbuf"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "tipologia di uri LDAP non supportata: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "uri non valido: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "impossibile utilizzare URI ldap e ldaps assieme"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "impossibile utilizzare ldaps e starttls assieme"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: spazio esaurito nella generazione di hostbuf"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "impossibile inizializzare il certificato SSL e il database delle chiavi: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "è necessario selezionare TLS_CERT in %s per usare SSL"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "impossibile ottenere orario GMT"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "impossibile formattare la marcatura temporale"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "impossibile creare filtro temporale"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "non corrispondenza nell'allocazione sudo_ldap_build_pass1"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"Ruolo LDAP: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"Ruolo LDAP: sconosciuto\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Ordine: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Comandi:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "impossibile inizializzare LDAP: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "specificato start_tls ma le librerie LDAP non supportano ldap_start_tls_s() o ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "attributo sudoOrder non valido: %s"
msgid "unable to send audit message"
msgstr "impossibile inviare il messaggio di audit"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (comando continuato) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "impossibile aprire il file di registro: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "impossibile impostare il blocco sul file di registro: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Nessun utente o host"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "validazione non riuscita"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "utente non tra i sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "utente non autorizzato sull'host"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "comando non consentito"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s non è nel file sudoers. Questo evento verrà segnalato.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "A %s non è consentito eseguire sudo su %s. Questo evento verrà segnalato.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "L'utente %s non può eseguire sudo su %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "All'utente %s non è consentito eseguire \"%s%s%s\" come %s%s%s su %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Nessun utente o host"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "validazione non riuscita"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: comando non trovato"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"viene ignorato \"%s\" trovato in \".\"\n"
"Usare \"sudo ./%s\" se \"%s\" è quello da eseguire."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "autenticazione non riuscita"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "è necessaria una password"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] "%d tentativo di immissione password non corretto"
msgstr[1] "%d tentativi di immissione password non corretti"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "è necessaria una password"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "impossibile eseguire fork"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "impossibile eseguire fork: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "impossibile aprire una pipe: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "impossibile eseguire dup sullo stdin: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "impossibile eseguire %s: %m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "errore interno: spazio insufficiente per la riga di registro"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "tipo di digest %d non supportato per %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: errore di lettura"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "digest per %s (%s) non è nella forma %s"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "errore di analisi in %s vicino alla riga %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "errore di analisi in %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Voce sudoers:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " RunAsUsers: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " RunAsGroups: "
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Opzioni: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "impossibile eseguire %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Versione %s del plugin della politica sudoers\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Versione %d della grammatica del file sudoers\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Comandi:\n"
-"\t"
+"\n"
+"Percorso sudoers: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "percorso nsswitch: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "impossibile salvare in cache lo uid %u (%s), esiste già"
+msgid "ldap.conf path: %s\n"
+msgstr "percorso ldap.conf: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "percorso ldap.secret: %s\n"
+
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "impossibile salvare in cache lo uid %u, esiste già"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "impossibile salvare in cache l'utente %s, esiste già"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "impossibile salvare in cache il gid %u (%s), esiste già"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "impossibile salvare in cache il gid %u, esiste già"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "impossibile salvare in cache il gruppo %s, esiste già"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "impossibile salvare in cache l'elenco di gruppo %s, esiste già"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "impossibile analizzare i gruppi per %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "overflow dello stack perm"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "underflow dello stack perm"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "impossibile passare al gid root"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "impossibile passare al gid runas"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "impossibile passare allo uid runas"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "impossibile passare al gid sudoers"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "troppi processi"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "impossibile impostare il vettore di gruppo per runas"
-#: plugins/sudoers/sssd.c:251
-#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr "Impossibile eseguire dlopen su %s: %s"
-
-#: plugins/sudoers/sssd.c:252
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
-msgstr "Impossibile inizializzare la sorgente SSS. È stato installato SSSD?"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "impossibile inizializzare la sorgente SSS. È stato installato SSSD?"
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "impossibile trovare il simbolo \"%s\" in \"%s\""
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Corrispondenza voci Defaults per %s su questo host:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Valori predefiniti per Runas e Command per %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "L'utente %s può eseguire i seguenti comandi su questo host:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "L'utente %s non è abilitato all'esecuzione di sudo su %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "problema con le voci Defaults"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "nessuna sorgente valida di sudoers trovata, uscita"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "impossibile eseguire %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers indica che a root non è consentito usare sudo"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "non è consentito usare l'opzione -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "proprietario marcatura temporale (%s): utente inesistente"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "nessun tty"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "è necessario disporre di un tty per eseguire sudo"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "comando nella directory corrente"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "non è consentito preservare l'ambiente"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "impossibile eseguire stat su %s"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s non è un file regolare"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s è scrivibile da tutti"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s è di proprietà del gid %u, dovrebbe essere di %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "solo root può usare \"-c %s\""
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "classe di login sconosciuta: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "impossibile risolvere l'host %s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "gruppo sconosciuto: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Versione %s del plugin della politica sudoers\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Versione %d della grammatica del file sudoers\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Percorso sudoers: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "percorso nsswitch: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "percorso ldap.conf: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "percorso ldap.secret: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "opzione di filtro non valida: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "attesa massima non valida: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "fattore di velocità non valido: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s versione %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/timing: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/timing: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Riproduzione della sessione sudo: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Attenzione: il terminale è troppo piccolo per riprodurre correttamente il registro.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "La geometria del registro è %dx%d, quella del terminale è %dx%d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "impossibile impostare il terminale in modalità raw"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "riga di timing del file non valida: %sas"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "scrittura sullo standard output"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "espressione \"%s\" ambigua"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "troppe espressioni con parentesi, massimo %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "carattere \"(\" nell'espressione non corrisposto"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "termine di ricerca \"%s\" non conosciuto"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s richiede un argomento"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "espressione regolare non valida: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "impossibile analizzare la data \"%s\""
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "carattere \"(\" nell'espressione non corrisposto"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "\"or\" finale non consentito"
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "carattere \"!\" finale non consentito"
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "espressione regolare non valida: %s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "uso: %s [-h] [-d DIRECTORY] [-m MAX_WAIT] [-s SPEED_FACTOR] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "uso: %s [-h] [-d DIRECTORY] -l [ESPRESSIONE DI RICERCA]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - Riproduce i registri di sessione di sudo\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s SPEED_FACTOR Velocizza o rallenta l'output\n"
" -V Visualizza la versione ed esce"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\thost non trovato"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Comando consentito"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Comando negato"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Comando non trovato"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "percorso marcatura temporale troppo lungo: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s è di proprietà dell'uid %u, dovrebbe essere dell'uid %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s esiste, ma non è un file regolare (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s è accessibile in scrittura dal non-proprietario (0%o), dovrebbe avere modalità 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "marcatura temporale troppo avanti nel tempo: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "impossibile rimuovere %s, viene reimpostato al tempo epoch"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "impossibile reimpostare %s al tempo epoch"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: buffer overflow"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s versione grammaticale %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "premere Invio per modificare %s:"
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "errore di scrittura"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "impossibile eseguire stat sul file temporaneo (%s), %s non modificato"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "file temporaneo di lunghezza pari a zero (%s), %s non modificato"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "editor (%s) non riuscito, %s non modificato"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s non modificato"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "impossibile riaprire il file temporaneo (%s), %s non modificato"
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "impossibile analizzare il file temporaneo (%s), errore sconosciuto"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "errore interno, impossibile trovare %s nell'elenco."
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "impossibile impostare (uid, gid) di %s a (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "impossibile modificare la modalità di %s a 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s e %s non sono sullo stesso file system, viene usato \"mv\" per rinominare"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "comando non riuscito: \"%s %s %s\", %s non modificato"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "errore nel rinominare %s, %s non è stato modificato"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Cosa fare ora?"
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (x) Esce senza salvare le modifiche al file sudoers\n"
" (Q) Esce e salva le modifiche al file sudoers (pericoloso)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "impossibile eseguire %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "impossibile avviare %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: proprietario errato (uid, gid), dovrebbe essere (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: permessi errati, dovrebbe avere modalità 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "analisi del file %s non riuscita, errore sconosciuto"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "errore di analisi in %s vicino alla riga %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "errore di analisi in %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: analisi effettuata correttamente\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s occupato, riprovare"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "l'editor specificato (%s) non esiste"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "impossibile eseguire stat sull'editor (%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "nessun editor trovato (percorso dell'editor = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Errore: ciclo in %s_Alias \"%s\""
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Attenzione: ciclo in %s_Alias \"%s\""
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Errore: riferimento a \"%2$s\" %1$s_Alias, ma non definito"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Attenzione: riferimento a \"%2$s\" %1$s_Alias, ma non definito"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%1$s: %3$s di %2$s_Alias non utilizzato"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"\n"
msgstr "%s - Modifica in sicurezza il file sudoers\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s Verifica precisa della sintassi\n"
" -V Visualizza la versione ed esce"
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr "troppi livelli di inclusioni"
+
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok: %s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate: %s"
+
+#~ msgid "Password: "
+#~ msgstr "Password: "
+
+#~ msgid "getauid failed"
+#~ msgstr "getauid non riuscita"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "Impossibile eseguire dlopen su %s: %s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "espressione regolare non valida: %s"
+
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s: %s vicino alla riga %d <<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "impossibile allocare memoria"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s: %s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "impossibile impostare il locale a \"%s\", viene usato \"C\""
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " Comandi:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "impossibile salvare in cache lo uid %u (%s), esiste già"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "impossibile salvare in cache il gid %u (%s), esiste già"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "impossibile eseguire %s: %s"
--- /dev/null
+# Dutch translation for sudoers.
+# Copyright (C) 2013 P. Hamming
+# This file is distributed under the same license as the sudo package.
+# P. Hamming <peterhamming@gmail.com>, 2013
+msgid ""
+msgstr ""
+"Project-Id-Version: sudoers 1.8.6b4\n"
+"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
+"POT-Creation-Date: 2012-08-10 13:08-0400\n"
+"PO-Revision-Date: 2013-03-10 23:18+0100\n"
+"Last-Translator: P. Hamming <peterhamming@gmail.com>\n"
+"Language-Team: Dutch <vertaling@vrijschrift.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=n != 1\n"
+
+#: gram.y:112
+#, c-format
+msgid ">>> %s: %s near line %d <<<"
+msgstr ">>> %s: %s bij regel %d <<<"
+
+#: plugins/sudoers/alias.c:125
+#, c-format
+msgid "Alias `%s' already defined"
+msgstr "Alias `%s' reeds gedefinieerd"
+
+#: plugins/sudoers/auth/bsdauth.c:78
+#, c-format
+msgid "unable to get login class for user %s"
+msgstr "kan de loginklasse voor gebruiker %s niet verkrijgen"
+
+#: plugins/sudoers/auth/bsdauth.c:84
+msgid "unable to begin bsd authentication"
+msgstr "kan de bsd aanmelding niet starten"
+
+#: plugins/sudoers/auth/bsdauth.c:92
+msgid "invalid authentication type"
+msgstr "ongeldig type verificatie"
+
+#: plugins/sudoers/auth/bsdauth.c:101
+msgid "unable to setup authentication"
+msgstr "kan verificatie niet instellen"
+
+#: plugins/sudoers/auth/fwtk.c:60
+#, c-format
+msgid "unable to read fwtk config"
+msgstr "kan fwtk configuratie niet lezen"
+
+#: plugins/sudoers/auth/fwtk.c:65
+#, c-format
+msgid "unable to connect to authentication server"
+msgstr "kan niet verbinden met aanmeldingsserver"
+
+#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
+#: plugins/sudoers/auth/fwtk.c:128
+#, c-format
+msgid "lost connection to authentication server"
+msgstr "verbinding met aanmeldingsserver verloren"
+
+#: plugins/sudoers/auth/fwtk.c:75
+#, c-format
+msgid ""
+"authentication server error:\n"
+"%s"
+msgstr ""
+"aanmeldingsserverfout:\n"
+"%s"
+
+#: plugins/sudoers/auth/kerb5.c:117
+#, c-format
+msgid "%s: unable to unparse princ ('%s'): %s"
+msgstr "%s: kan princ ('%s') niet deontleden: %s"
+
+#: plugins/sudoers/auth/kerb5.c:160
+#, c-format
+msgid "%s: unable to parse '%s': %s"
+msgstr "%s: kan '%s': %s niet ontleden"
+
+#: plugins/sudoers/auth/kerb5.c:170
+#, c-format
+msgid "%s: unable to resolve ccache: %s"
+msgstr "%s: kan ccache: %s niet oplossen"
+
+#: plugins/sudoers/auth/kerb5.c:218
+#, c-format
+msgid "%s: unable to allocate options: %s"
+msgstr "%s: kan opties: %s niet reserveren"
+
+#: plugins/sudoers/auth/kerb5.c:234
+#, c-format
+msgid "%s: unable to get credentials: %s"
+msgstr "%s: kan aanmeldingsgegevens: %s niet verkrijgen"
+
+#: plugins/sudoers/auth/kerb5.c:247
+#, c-format
+msgid "%s: unable to initialize ccache: %s"
+msgstr "%s: kan ccache: %s niet initialiseren"
+
+#: plugins/sudoers/auth/kerb5.c:251
+#, c-format
+msgid "%s: unable to store cred in ccache: %s"
+msgstr "%s: kan aanmeldingsgegeven niet opslaan in ccache: %s"
+
+#: plugins/sudoers/auth/kerb5.c:316
+#, c-format
+msgid "%s: unable to get host principal: %s"
+msgstr "%s: kan belangrijkste server niet vinden: %s"
+
+#: plugins/sudoers/auth/kerb5.c:331
+#, c-format
+msgid "%s: Cannot verify TGT! Possible attack!: %s"
+msgstr "%s: Kan TGT niet verifieren! U bent mogelijk aangevallen!: %s"
+
+#: plugins/sudoers/auth/pam.c:100
+msgid "unable to initialize PAM"
+msgstr "kan PAM niet initialiseren"
+
+#: plugins/sudoers/auth/pam.c:144
+msgid "account validation failure, is your account locked?"
+msgstr "fout bij valideren van account, is uw account geblokkeerd?"
+
+#: plugins/sudoers/auth/pam.c:148
+msgid "Account or password is expired, reset your password and try again"
+msgstr "Account of wachtwoord is verlopen, stel uw wachtwoord opnieuw in en probeer opnieuw"
+
+#: plugins/sudoers/auth/pam.c:155
+#, c-format
+msgid "pam_chauthtok: %s"
+msgstr "pam_chauthtok: %s"
+
+#: plugins/sudoers/auth/pam.c:159
+msgid "Password expired, contact your system administrator"
+msgstr "Wachtwoord verlopen, neem contact op met uw systeembeheerder"
+
+#: plugins/sudoers/auth/pam.c:163
+msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
+msgstr "Account verlopen of PAM configuratie heeft geen \"account\"-gedeelte voor sudo,neem contact op met uw systeembeheerder"
+
+#: plugins/sudoers/auth/pam.c:180
+#, c-format
+msgid "pam_authenticate: %s"
+msgstr "pam_authenticate: %s"
+
+#: plugins/sudoers/auth/pam.c:332
+msgid "Password: "
+msgstr "Wachtwoord: "
+
+#: plugins/sudoers/auth/pam.c:333
+msgid "Password:"
+msgstr "Wachtwoord:"
+
+#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#, c-format
+msgid "you do not exist in the %s database"
+msgstr "u bestaat niet in de %s database"
+
+#: plugins/sudoers/auth/securid5.c:81
+#, c-format
+msgid "failed to initialise the ACE API library"
+msgstr "initialiseren van de ACE API bibliotheek mislukt"
+
+#: plugins/sudoers/auth/securid5.c:107
+#, c-format
+msgid "unable to contact the SecurID server"
+msgstr "kan geen contact krijgen met de SecurID server"
+
+#: plugins/sudoers/auth/securid5.c:116
+#, c-format
+msgid "User ID locked for SecurID Authentication"
+msgstr "Gebruikers ID geblokkeerd voor SecurID verificatie"
+
+#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#, c-format
+msgid "invalid username length for SecurID"
+msgstr "ongeldige gebruikersnaamlengte voor SecurID"
+
+#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#, c-format
+msgid "invalid Authentication Handle for SecurID"
+msgstr "kan verificatie voor SecurID op deze manier niet afhandelen"
+
+#: plugins/sudoers/auth/securid5.c:128
+#, c-format
+msgid "SecurID communication failed"
+msgstr "SecurID communicatie mislukt"
+
+#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#, c-format
+msgid "unknown SecurID error"
+msgstr "onbekende SecurID fout"
+
+#: plugins/sudoers/auth/securid5.c:166
+#, c-format
+msgid "invalid passcode length for SecurID"
+msgstr "ongeldige lengte van passcode voor SecurID"
+
+#: plugins/sudoers/auth/sia.c:109
+msgid "unable to initialize SIA session"
+msgstr "kan SIA-sessie niet initialiseren"
+
+#: plugins/sudoers/auth/sudo_auth.c:121
+msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
+msgstr "Ongeldige verificatie-methoden in sudo gecompileerd! U kunt zelfstandige en niet-zelfstandige verificatie-methoden door elkaar gebruiken."
+
+#: plugins/sudoers/auth/sudo_auth.c:206
+msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
+msgstr "Er zijn geen verificatie-methoden in sudo gecompileerd! Als u verificatie wilt uitschakelen, dient u de --disable-authentication configuratie-optie te gebruiken."
+
+#: plugins/sudoers/auth/sudo_auth.c:374
+msgid "Authentication methods:"
+msgstr "Verificatie-methoden:"
+
+#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63
+#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116
+#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172
+#, c-format
+msgid "getaudit: failed"
+msgstr "getaudit: mislukt"
+
+#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153
+#, c-format
+msgid "Could not determine audit condition"
+msgstr "Kan voorwaarden voor controle niet bepalen"
+
+#: plugins/sudoers/bsm_audit.c:101
+#, c-format
+msgid "getauid failed"
+msgstr "getauid mislukt"
+
+#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
+#, c-format
+msgid "au_open: failed"
+msgstr "au_open: mislukt"
+
+#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174
+#, c-format
+msgid "au_to_subject: failed"
+msgstr "au_to_subject: mislukt"
+
+#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178
+#, c-format
+msgid "au_to_exec_args: failed"
+msgstr "au_to_exec_args: mislukt"
+
+#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187
+#, c-format
+msgid "au_to_return32: failed"
+msgstr "au_to_return32: mislukt"
+
+#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
+#, c-format
+msgid "unable to commit audit record"
+msgstr "kan controlestructuur niet opbouwen"
+
+#: plugins/sudoers/bsm_audit.c:160
+#, c-format
+msgid "getauid: failed"
+msgstr "getauid: failed"
+
+#: plugins/sudoers/bsm_audit.c:183
+#, c-format
+msgid "au_to_text: failed"
+msgstr "au_to_text: failed"
+
+#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
+#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
+#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
+#: plugins/sudoers/visudo.c:818
+#, c-format
+msgid "unable to open %s"
+msgstr "kan %s niet openen"
+
+#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
+#, c-format
+msgid "unable to write to %s"
+msgstr "kan %s niet schrijven"
+
+#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
+#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
+#: plugins/sudoers/iolog.c:156
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "mkdir %s: aanmaken mislukt"
+
+#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
+#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
+#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
+#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "interne fout, %s overflow"
+
+#: plugins/sudoers/check.c:460
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "tijd voor pad te lang: %s"
+
+#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
+#: plugins/sudoers/iolog.c:158
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s bestaat al, maar is geen map (0%o)"
+
+#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
+#: plugins/sudoers/check.c:583
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s is van gebruikersnummer %u, zou gebruikersnummer %u moeten zijn"
+
+#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s kan geschreven worden door niet-eigenaar (0%o), zou ingesteld moeten zijn op 0700"
+
+#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
+#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
+#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
+#, c-format
+msgid "unable to stat %s"
+msgstr "kan stat %s niet uitvoeren"
+
+#: plugins/sudoers/check.c:577
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s bestaat maar is geen normaal bestand (0%o)"
+
+#: plugins/sudoers/check.c:589
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s kan geschreven worden bij niet-eigenaar (0%o), zou ingesteld moeten zijn op 0600"
+
+#: plugins/sudoers/check.c:643
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "tijd is te ver in de toekomst: %20.20s"
+
+#: plugins/sudoers/check.c:690
+#, c-format
+msgid "unable to remove %s (%s), will reset to the epoch"
+msgstr "kan %s niet verwijderen (%s), wordt geherinitialiseerd op de epoch"
+
+#: plugins/sudoers/check.c:698
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "kan %s niet herinitialiseren op de epoch"
+
+#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
+#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#, c-format
+msgid "unknown uid: %u"
+msgstr "onbekend gebruikersnummer: %u"
+
+#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
+#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
+#: plugins/sudoers/testsudoers.c:369
+#, c-format
+msgid "unknown user: %s"
+msgstr "onbekende gebruiker: %s"
+
+#: plugins/sudoers/def_data.c:27
+#, c-format
+msgid "Syslog facility if syslog is being used for logging: %s"
+msgstr "Syslog-voorziening als syslog wordt gebruikt voor loggen: %s"
+
+#: plugins/sudoers/def_data.c:31
+#, c-format
+msgid "Syslog priority to use when user authenticates successfully: %s"
+msgstr "Syslog-prioriteit wanneer aanmelden van gebruiker gelukt is: %s"
+
+#: plugins/sudoers/def_data.c:35
+#, c-format
+msgid "Syslog priority to use when user authenticates unsuccessfully: %s"
+msgstr "Syslog-prioriteit wanneer aanmelden van gebruiker niet gelukt is: %s"
+
+#: plugins/sudoers/def_data.c:39
+msgid "Put OTP prompt on its own line"
+msgstr "Geef OTP prompt een eigen regel"
+
+#: plugins/sudoers/def_data.c:43
+msgid "Ignore '.' in $PATH"
+msgstr "Negeer '.' in $PATH"
+
+#: plugins/sudoers/def_data.c:47
+msgid "Always send mail when sudo is run"
+msgstr "Stuur altijd een mail wanneer sudo is gebruikt"
+
+#: plugins/sudoers/def_data.c:51
+msgid "Send mail if user authentication fails"
+msgstr "Stuur een mail wanneer aanmelden van gebruiker mislukt"
+
+#: plugins/sudoers/def_data.c:55
+msgid "Send mail if the user is not in sudoers"
+msgstr "Stuur een mail als de gebruiker niet in sudoers staat"
+
+#: plugins/sudoers/def_data.c:59
+msgid "Send mail if the user is not in sudoers for this host"
+msgstr "Stuur een mail als de gebruiker niet voor deze computer in sudoers staat"
+
+#: plugins/sudoers/def_data.c:63
+msgid "Send mail if the user is not allowed to run a command"
+msgstr "Stuur een mail als de gebruiker een opdracht niet mag gebruiken"
+
+#: plugins/sudoers/def_data.c:67
+msgid "Use a separate timestamp for each user/tty combo"
+msgstr "Gebruik een verschillende tijd voor elke gebruiker/terminal combinatie"
+
+#: plugins/sudoers/def_data.c:71
+msgid "Lecture user the first time they run sudo"
+msgstr "Instrueer gebruikers de eerste keer dat ze sudo gebruiken"
+
+#: plugins/sudoers/def_data.c:75
+#, c-format
+msgid "File containing the sudo lecture: %s"
+msgstr "Bestand met de sudo-instructies: %s"
+
+#: plugins/sudoers/def_data.c:79
+msgid "Require users to authenticate by default"
+msgstr "Standaard is verificatie van gebruikers vereist"
+
+#: plugins/sudoers/def_data.c:83
+msgid "Root may run sudo"
+msgstr "Root mag sudo gebruiken"
+
+#: plugins/sudoers/def_data.c:87
+msgid "Log the hostname in the (non-syslog) log file"
+msgstr "Log de computernaam in het (niet-syslog) logbestand"
+
+#: plugins/sudoers/def_data.c:91
+msgid "Log the year in the (non-syslog) log file"
+msgstr "Log het jaar in het (niet-syslog) logbestand"
+
+#: plugins/sudoers/def_data.c:95
+msgid "If sudo is invoked with no arguments, start a shell"
+msgstr "Start een shell als sudo wordt aangeroepen zonder argumenten"
+
+#: plugins/sudoers/def_data.c:99
+msgid "Set $HOME to the target user when starting a shell with -s"
+msgstr "Stel $HOME in op de doel-gebruiker wanneer een shell wordt gestart met -s"
+
+#: plugins/sudoers/def_data.c:103
+msgid "Always set $HOME to the target user's home directory"
+msgstr "$HOME altijd instellen op de persoonlijke map van de doelgebruiker"
+
+#: plugins/sudoers/def_data.c:107
+msgid "Allow some information gathering to give useful error messages"
+msgstr "Sta verzamelen van informatie toe om bruikbare fout-berichten te geven"
+
+#: plugins/sudoers/def_data.c:111
+msgid "Require fully-qualified hostnames in the sudoers file"
+msgstr "Vereis volledig-gekwalificeerde computernamen (fqdn) in het sudoers-bestand"
+
+#: plugins/sudoers/def_data.c:115
+msgid "Insult the user when they enter an incorrect password"
+msgstr "Beledig de gebruiker wanneer ze een verkeerd wachtwoord invoeren"
+
+#: plugins/sudoers/def_data.c:119
+msgid "Only allow the user to run sudo if they have a tty"
+msgstr "Gebruiker alleen toestaan sudo te gebruiken wanneer deze een terminal heeft"
+
+#: plugins/sudoers/def_data.c:123
+msgid "Visudo will honor the EDITOR environment variable"
+msgstr "Visudo zal de EDITOR omgevingsvariabele in acht nemen"
+
+#: plugins/sudoers/def_data.c:127
+msgid "Prompt for root's password, not the users's"
+msgstr "Vraag naar wachtwoord van root, niet van de gebruiker"
+
+#: plugins/sudoers/def_data.c:131
+msgid "Prompt for the runas_default user's password, not the users's"
+msgstr "Vraag naar wachtwoord van runas_default gebruiker, niet van huidige gebruiker"
+
+#: plugins/sudoers/def_data.c:135
+msgid "Prompt for the target user's password, not the users's"
+msgstr "Vraag naar wachtwoord van doelgebruiker, niet van huidige gebruiker"
+
+#: plugins/sudoers/def_data.c:139
+msgid "Apply defaults in the target user's login class if there is one"
+msgstr "Pas de standaardinstellingen van de doelgebruikers inlogklasse toe wanneer deze bestaat"
+
+#: plugins/sudoers/def_data.c:143
+msgid "Set the LOGNAME and USER environment variables"
+msgstr "Stel de LOGNAME en USER omgevingsvariabelen in"
+
+#: plugins/sudoers/def_data.c:147
+msgid "Only set the effective uid to the target user, not the real uid"
+msgstr "Stel het effectieve gebruikersnummer van de doelgebuiker in, niet het werkelijke gebruikersnummer"
+
+#: plugins/sudoers/def_data.c:151
+msgid "Don't initialize the group vector to that of the target user"
+msgstr "Initialiseer niet de doelgebruikers groepsvector"
+
+#: plugins/sudoers/def_data.c:155
+#, c-format
+msgid "Length at which to wrap log file lines (0 for no wrap): %d"
+msgstr "Breek regels in logbestanden af op (0 voor niet afbreken): %d"
+
+#: plugins/sudoers/def_data.c:159
+#, c-format
+msgid "Authentication timestamp timeout: %.1f minutes"
+msgstr "Aanmeldtijd timeout: %.1f minuten"
+
+#: plugins/sudoers/def_data.c:163
+#, c-format
+msgid "Password prompt timeout: %.1f minutes"
+msgstr "Wachtwoordprompt timeout: %.1f minuten"
+
+#: plugins/sudoers/def_data.c:167
+#, c-format
+msgid "Number of tries to enter a password: %d"
+msgstr "Aantal pogingen om een wachtwoord in te voeren: %d"
+
+#: plugins/sudoers/def_data.c:171
+#, c-format
+msgid "Umask to use or 0777 to use user's: 0%o"
+msgstr "Te gebruiken umask of 0777 om die van gebruiker te gebruiken: 0%o"
+
+#: plugins/sudoers/def_data.c:175
+#, c-format
+msgid "Path to log file: %s"
+msgstr "Pad naar logbestand: %s"
+
+#: plugins/sudoers/def_data.c:179
+#, c-format
+msgid "Path to mail program: %s"
+msgstr "Pad naar mailprogramma: %s"
+
+#: plugins/sudoers/def_data.c:183
+#, c-format
+msgid "Flags for mail program: %s"
+msgstr "Opties voor mailprogramma: %s"
+
+#: plugins/sudoers/def_data.c:187
+#, c-format
+msgid "Address to send mail to: %s"
+msgstr "Adres om mails naar te sturen: %s"
+
+#: plugins/sudoers/def_data.c:191
+#, c-format
+msgid "Address to send mail from: %s"
+msgstr "Adres waarvan de mail wordt verzonden: %s"
+
+#: plugins/sudoers/def_data.c:195
+#, c-format
+msgid "Subject line for mail messages: %s"
+msgstr "Onderwerp voor mails: %s"
+
+#: plugins/sudoers/def_data.c:199
+#, c-format
+msgid "Incorrect password message: %s"
+msgstr "Boodschap voor verkeerd wachtwoord: %s"
+
+#: plugins/sudoers/def_data.c:203
+#, c-format
+msgid "Path to authentication timestamp dir: %s"
+msgstr "Pad naar aanmeld-tijdmap: %s"
+
+#: plugins/sudoers/def_data.c:207
+#, c-format
+msgid "Owner of the authentication timestamp dir: %s"
+msgstr "Eigenaar van aanmeld-tijdmap: %s"
+
+#: plugins/sudoers/def_data.c:211
+#, c-format
+msgid "Users in this group are exempt from password and PATH requirements: %s"
+msgstr "Gebruikers in deze groep hoeven geen wachtwoord en PATH in te voeren: %s"
+
+#: plugins/sudoers/def_data.c:215
+#, c-format
+msgid "Default password prompt: %s"
+msgstr "Standaard wachtwoordprompt: %s"
+
+#: plugins/sudoers/def_data.c:219
+msgid "If set, passprompt will override system prompt in all cases."
+msgstr "Wanneer ingesteld zal de wachtwoordprompt altijd de systeempromt vervangen."
+
+#: plugins/sudoers/def_data.c:223
+#, c-format
+msgid "Default user to run commands as: %s"
+msgstr "Standaard gebruiker om opdrachten uit te voeren: %s"
+
+#: plugins/sudoers/def_data.c:227
+#, c-format
+msgid "Value to override user's $PATH with: %s"
+msgstr "Waarde om $PATH van gebruiker te vervangen %s"
+
+#: plugins/sudoers/def_data.c:231
+#, c-format
+msgid "Path to the editor for use by visudo: %s"
+msgstr "Pad naar de editor bij gebruik van visudo: %s"
+
+#: plugins/sudoers/def_data.c:235
+#, c-format
+msgid "When to require a password for 'list' pseudocommand: %s"
+msgstr "Wanneer een wachtwoord noodzakelijk is voor 'list' pseudopdracht: %s"
+
+#: plugins/sudoers/def_data.c:239
+#, c-format
+msgid "When to require a password for 'verify' pseudocommand: %s"
+msgstr "Wanneer een wachtwoord noodzakelijk is voor 'verify' pseudopdracht: %s"
+
+#: plugins/sudoers/def_data.c:243
+msgid "Preload the dummy exec functions contained in the sudo_noexec library"
+msgstr "Laadt vooraf de dummy uitvoerfuncties uit de sudo_noexec-bibliotheek"
+
+#: plugins/sudoers/def_data.c:247
+msgid "If LDAP directory is up, do we ignore local sudoers file"
+msgstr "Als de LDAP-map beschikbaar is, wordt het lokale sudoersbestand genegeerd?"
+
+#: plugins/sudoers/def_data.c:251
+#, c-format
+msgid "File descriptors >= %d will be closed before executing a command"
+msgstr "Bestandsindicators >= %d zullen worden gesloten voor uitvoeren van een opdracht"
+
+#: plugins/sudoers/def_data.c:255
+msgid "If set, users may override the value of `closefrom' with the -C option"
+msgstr "Als ingesteld, gebruikers mogen de waarde van `closefrom' vervangen met de optie -C"
+
+#: plugins/sudoers/def_data.c:259
+msgid "Allow users to set arbitrary environment variables"
+msgstr "Sta gebruikers toe willekeurige omgevingsvariabelen in te stellen"
+
+#: plugins/sudoers/def_data.c:263
+msgid "Reset the environment to a default set of variables"
+msgstr "Stel de omgevingsvariablen in op een standaard set"
+
+#: plugins/sudoers/def_data.c:267
+msgid "Environment variables to check for sanity:"
+msgstr "Omgevingsvariablen om juistheid te controleren:"
+
+#: plugins/sudoers/def_data.c:271
+msgid "Environment variables to remove:"
+msgstr "Verwijder de volgende omgevingsvariablen:"
+
+#: plugins/sudoers/def_data.c:275
+msgid "Environment variables to preserve:"
+msgstr "Behoud de volgende omgevingsvariablen:"
+
+#: plugins/sudoers/def_data.c:279
+#, c-format
+msgid "SELinux role to use in the new security context: %s"
+msgstr "SELinux role om in de nieuwe beveiliginscontext te gebruiken: %s"
+
+#: plugins/sudoers/def_data.c:283
+#, c-format
+msgid "SELinux type to use in the new security context: %s"
+msgstr "SELinux type om in de nieuwe beveiliginscontext te gebruiken: %s"
+
+#: plugins/sudoers/def_data.c:287
+#, c-format
+msgid "Path to the sudo-specific environment file: %s"
+msgstr "Pad naar het omgevingsbestand voor sudo: %s"
+
+#: plugins/sudoers/def_data.c:291
+#, c-format
+msgid "Locale to use while parsing sudoers: %s"
+msgstr "Te gebruiken taaldefinitie bij ontleden sudoers: %s"
+
+#: plugins/sudoers/def_data.c:295
+msgid "Allow sudo to prompt for a password even if it would be visible"
+msgstr "Sta sudo toe ook te vragen naar een wachtwoord wanneer dit zichtbaar zou worden"
+
+#: plugins/sudoers/def_data.c:299
+msgid "Provide visual feedback at the password prompt when there is user input"
+msgstr "Zorg voor zichtbare terugkoppeling op de wachtwoordprompt wanneer er gebruikersinvoer is"
+
+#: plugins/sudoers/def_data.c:303
+msgid "Use faster globbing that is less accurate but does not access the filesystem"
+msgstr "Gebruik snellere expansie van jokertekens. Dit is minder nauwkeurig, maar maakt geen gebruik van het bestandsysteem"
+
+#: plugins/sudoers/def_data.c:307
+msgid "The umask specified in sudoers will override the user's, even if it is more permissive"
+msgstr "De umask die is opgegeven in het sudoersbestand zal die van de gebruiker vervangen, ook wanneer deze meer toestaat"
+
+#: plugins/sudoers/def_data.c:311
+msgid "Log user's input for the command being run"
+msgstr "Log gebruikersinvoer voor de uitgevoerde opdracht"
+
+#: plugins/sudoers/def_data.c:315
+msgid "Log the output of the command being run"
+msgstr "Log uitvoer voor de uitgevoerde opdracht"
+
+#: plugins/sudoers/def_data.c:319
+msgid "Compress I/O logs using zlib"
+msgstr "Comprimeer in-/uitvoer logs met zlib"
+
+#: plugins/sudoers/def_data.c:323
+msgid "Always run commands in a pseudo-tty"
+msgstr "Voer opdrachten altijd uit in een pseudo-terminal"
+
+#: plugins/sudoers/def_data.c:327
+#, c-format
+msgid "Plugin for non-Unix group support: %s"
+msgstr "Plugin voor ondersteuning van niet-Unixgroepen: %s"
+
+#: plugins/sudoers/def_data.c:331
+#, c-format
+msgid "Directory in which to store input/output logs: %s"
+msgstr "Map waarin in-/uitvoerlogs moeten worden opgeslagen: %s"
+
+#: plugins/sudoers/def_data.c:335
+#, c-format
+msgid "File in which to store the input/output log: %s"
+msgstr "Bestand waarin in-/uitvoerlogs moeten worden opgeslagen: %s"
+
+#: plugins/sudoers/def_data.c:339
+msgid "Add an entry to the utmp/utmpx file when allocating a pty"
+msgstr "Voeg een item toe aan het utmp/utmpx-bestand wanneer een virtuele terminal wordt gereserveerd"
+
+#: plugins/sudoers/def_data.c:343
+msgid "Set the user in utmp to the runas user, not the invoking user"
+msgstr "Stel de gebruiker in utmp in als de doelgebruiker, niet als de aanroepende gebruiker"
+
+#: plugins/sudoers/def_data.c:347
+msgid "Set of permitted privileges"
+msgstr "Set van toegestane privileges"
+
+#: plugins/sudoers/def_data.c:351
+msgid "Set of limit privileges"
+msgstr "Set van beperkende privileges"
+
+#: plugins/sudoers/defaults.c:208
+#, c-format
+msgid "unknown defaults entry `%s'"
+msgstr "onbekend standaarditem `%s'"
+
+#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
+#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
+#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
+#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
+#: plugins/sudoers/defaults.c:328
+#, c-format
+msgid "value `%s' is invalid for option `%s'"
+msgstr "waarde `%s' is ongeldig voor optie `%s'"
+
+#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
+#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
+#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
+#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
+#: plugins/sudoers/defaults.c:324
+#, c-format
+msgid "no value specified for `%s'"
+msgstr "geen waarde opgegeven voor `%s'"
+
+#: plugins/sudoers/defaults.c:242
+#, c-format
+msgid "values for `%s' must start with a '/'"
+msgstr "waarden voor `%s' moeten beginnen met een '/'"
+
+#: plugins/sudoers/defaults.c:304
+#, c-format
+msgid "option `%s' does not take a value"
+msgstr "optie `%s' kan geen waarde verwerken"
+
+#: plugins/sudoers/env.c:367
+#, c-format
+msgid "sudo_putenv: corrupted envp, length mismatch"
+msgstr "sudo_putenv: envp bevat fouten, verkeerde lengte"
+
+#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
+#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
+#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
+#, c-format
+msgid "unable to allocate memory"
+msgstr "kan geen geheugen reserveren"
+
+#: plugins/sudoers/env.c:992
+#, c-format
+msgid "sorry, you are not allowed to set the following environment variables: %s"
+msgstr "excuseer, u mag de volgende omgevingsvariabelen niet instellen: %s"
+
+#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
+#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
+#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
+#, c-format
+msgid "%s: %s"
+msgstr "%s: %s"
+
+#: plugins/sudoers/group_plugin.c:91
+#, c-format
+msgid "%s%s: %s"
+msgstr "%s%s: %s"
+
+#: plugins/sudoers/group_plugin.c:103
+#, c-format
+msgid "%s must be owned by uid %d"
+msgstr "%s moet eigendom zijn van gebruikersnummer %d"
+
+#: plugins/sudoers/group_plugin.c:107
+#, c-format
+msgid "%s must only be writable by owner"
+msgstr "%s mag enkel schrijfbaar zijn voor eigenaar"
+
+#: plugins/sudoers/group_plugin.c:114
+#, c-format
+msgid "unable to dlopen %s: %s"
+msgstr "kan niet dlopen %s: %s"
+
+#: plugins/sudoers/group_plugin.c:119
+#, c-format
+msgid "unable to find symbol \"group_plugin\" in %s"
+msgstr "kan symbool \"group_plugin\" niet vinden in %s"
+
+#: plugins/sudoers/group_plugin.c:124
+#, c-format
+msgid "%s: incompatible group plugin major version %d, expected %d"
+msgstr "%s: incompatibele groepplugin hoofdversie %d, verwacht wordt %d"
+
+#: plugins/sudoers/interfaces.c:112
+msgid "Local IP address and netmask pairs:\n"
+msgstr "Combinaties van lokale IP-adressen en netwerkmaskers:\n"
+
+#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#, c-format
+msgid "unable to read %s"
+msgstr "kan %s niet lezen"
+
+#: plugins/sudoers/iolog.c:208
+#, c-format
+msgid "invalid sequence number %s"
+msgstr "ongeldig volgnummer %s"
+
+#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
+#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
+#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
+#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
+#: plugins/sudoers/iolog.c:569
+#, c-format
+msgid "unable to create %s"
+msgstr "kan %s niet aanmaken"
+
+#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
+#, c-format
+msgid "unable to set locale to \"%s\", using \"C\""
+msgstr "kan taaldefinitie niet instellen op \"%s\", gebruikt wordt \"C\""
+
+#: plugins/sudoers/ldap.c:387
+#, c-format
+msgid "sudo_ldap_conf_add_ports: port too large"
+msgstr "sudo_ldap_conf_add_ports: poort te groot"
+
+#: plugins/sudoers/ldap.c:410
+#, c-format
+msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
+msgstr "sudo_ldap_conf_add_ports: ruimte ontoereikend bij uitbreiden hostbuf"
+
+#: plugins/sudoers/ldap.c:440
+#, c-format
+msgid "unsupported LDAP uri type: %s"
+msgstr "niet-ondersteund LDAP uri type: %s"
+
+#: plugins/sudoers/ldap.c:469
+#, c-format
+msgid "invalid uri: %s"
+msgstr "ongeldige uri: %s"
+
+#: plugins/sudoers/ldap.c:475
+#, c-format
+msgid "unable to mix ldap and ldaps URIs"
+msgstr "kan ldap en ldaps URIs niet door elkaar gebruiken"
+
+#: plugins/sudoers/ldap.c:479
+#, c-format
+msgid "unable to mix ldaps and starttls"
+msgstr "kan ldaps en starttls niet door elkaar gebruiken"
+
+#: plugins/sudoers/ldap.c:498
+#, c-format
+msgid "sudo_ldap_parse_uri: out of space building hostbuf"
+msgstr "sudo_ldap_parse_uri: ruimte ontoereikend bij bouwen van hostbuf"
+
+#: plugins/sudoers/ldap.c:572
+#, c-format
+msgid "unable to initialize SSL cert and key db: %s"
+msgstr "kan SSL cert en key db niet initialiseren: %s"
+
+#: plugins/sudoers/ldap.c:575
+#, c-format
+msgid "you must set TLS_CERT in %s to use SSL"
+msgstr "u moet TLS_CERT in %s instellen om SSL te gebruiken"
+
+#: plugins/sudoers/ldap.c:992
+#, c-format
+msgid "unable to get GMT time"
+msgstr "kan GMT-tijd niet verkrijgen"
+
+#: plugins/sudoers/ldap.c:998
+#, c-format
+msgid "unable to format timestamp"
+msgstr "kan tijd niet juist opmaken"
+
+#: plugins/sudoers/ldap.c:1006
+#, c-format
+msgid "unable to build time filter"
+msgstr "kan tijd-filter niet opbouwen"
+
+#: plugins/sudoers/ldap.c:1225
+#, c-format
+msgid "sudo_ldap_build_pass1 allocation mismatch"
+msgstr "sudo_ldap_build_pass1 reserveren mislukt"
+
+#: plugins/sudoers/ldap.c:1761
+#, c-format
+msgid ""
+"\n"
+"LDAP Role: %s\n"
+msgstr ""
+"\n"
+"LDAP Role: %s\n"
+
+#: plugins/sudoers/ldap.c:1763
+#, c-format
+msgid ""
+"\n"
+"LDAP Role: UNKNOWN\n"
+msgstr ""
+"\n"
+"LDAP Role: UNKNOWN\n"
+
+#: plugins/sudoers/ldap.c:1810
+#, c-format
+msgid " Order: %s\n"
+msgstr " Volgorde: %s\n"
+
+#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#, c-format
+msgid " Commands:\n"
+msgstr " Opdrachten:\n"
+
+#: plugins/sudoers/ldap.c:2240
+#, c-format
+msgid "unable to initialize LDAP: %s"
+msgstr "kan LDAP niet initialiseren: %s"
+
+#: plugins/sudoers/ldap.c:2274
+#, c-format
+msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
+msgstr "start_tls opgegeven maar LDAP bibliotheken ondersteunen geen ldap_start_tls_s() of ldap_start_tls_s_np()"
+
+#: plugins/sudoers/ldap.c:2510
+#, c-format
+msgid "invalid sudoOrder attribute: %s"
+msgstr "ongeldig sudoOrder kenmerk: %s"
+
+#: plugins/sudoers/linux_audit.c:57
+#, c-format
+msgid "unable to open audit system"
+msgstr "kan controlesysteem niet openen"
+
+#: plugins/sudoers/linux_audit.c:93
+#, c-format
+msgid "unable to send audit message"
+msgstr "kan controleboodschap niet verzenden"
+
+#: plugins/sudoers/logging.c:202
+#, c-format
+msgid "unable to open log file: %s: %s"
+msgstr "kan logbestand niet openen: %s: %s"
+
+#: plugins/sudoers/logging.c:205
+#, c-format
+msgid "unable to lock log file: %s: %s"
+msgstr "kan logbestand niet vergrendelen: %s: %s"
+
+#: plugins/sudoers/logging.c:260
+msgid "user NOT in sudoers"
+msgstr "gebruiker NIET in sudoers"
+
+#: plugins/sudoers/logging.c:262
+msgid "user NOT authorized on host"
+msgstr "gebruiker NIET aangemeld op computer"
+
+#: plugins/sudoers/logging.c:264
+msgid "command not allowed"
+msgstr "opdracht niet toegestaan"
+
+#: plugins/sudoers/logging.c:274
+#, c-format
+msgid "%s is not in the sudoers file. This incident will be reported.\n"
+msgstr "%s in niet in het sudoersbestand. Dit incident zal worden gerapporteerd.\n"
+
+#: plugins/sudoers/logging.c:277
+#, c-format
+msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
+msgstr "%s is niet toegestaan sudo te gebruiken op %s. Dit incident zal worden gerapporteerd.\n"
+
+#: plugins/sudoers/logging.c:281
+#, c-format
+msgid "Sorry, user %s may not run sudo on %s.\n"
+msgstr "Excuseer, gebruiker %s mag sudo niet gebruiken op %s.\n"
+
+#: plugins/sudoers/logging.c:284
+#, c-format
+msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
+msgstr "Excuseer, gebruiker %s man '%s%s%s' niet uitvoeren als %s%s%s op %s.\n"
+
+#: plugins/sudoers/logging.c:317
+msgid "No user or host"
+msgstr "Geen gebruiker of computer"
+
+#: plugins/sudoers/logging.c:319
+msgid "validation failure"
+msgstr "geldigheidsfout"
+
+#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
+#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
+#: plugins/sudoers/sudoers.c:1540
+#, c-format
+msgid "%s: command not found"
+msgstr "%s: opdracht niet gevonden"
+
+#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#, c-format
+msgid ""
+"ignoring `%s' found in '.'\n"
+"Use `sudo ./%s' if this is the `%s' you wish to run."
+msgstr ""
+"`%s' gevonden in '.' wordt genegeerd.\n"
+"Gebruik `sudo ./%s' als `%s' is wat u wilt gebruiken."
+
+#: plugins/sudoers/logging.c:352
+msgid "authentication failure"
+msgstr "aanmeldfout"
+
+#: plugins/sudoers/logging.c:376
+#, c-format
+msgid "%d incorrect password attempt"
+msgid_plural "%d incorrect password attempts"
+msgstr[0] "%d ongeldige wachtwoord poging"
+msgstr[1] "%d ongeldige wachtwoord pogingen"
+
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "een wachtwoord is verplicht"
+
+#: plugins/sudoers/logging.c:530
+#, c-format
+msgid "unable to fork"
+msgstr "kan niet afsplitsen"
+
+#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#, c-format
+msgid "unable to fork: %m"
+msgstr "kan niet afsplitsen: %m"
+
+#: plugins/sudoers/logging.c:589
+#, c-format
+msgid "unable to open pipe: %m"
+msgstr "kan pipe niet openen: %m"
+
+#: plugins/sudoers/logging.c:614
+#, c-format
+msgid "unable to dup stdin: %m"
+msgstr "kan stdin niet klonen: %m"
+
+#: plugins/sudoers/logging.c:650
+#, c-format
+msgid "unable to execute %s: %m"
+msgstr "kan %s niet uitvoeren: %m"
+
+#: plugins/sudoers/logging.c:865
+#, c-format
+msgid "internal error: insufficient space for log line"
+msgstr "interne fout: onvoldoende ruimte voor logregel"
+
+#: plugins/sudoers/parse.c:123
+#, c-format
+msgid "parse error in %s near line %d"
+msgstr "ontleedfout in %s bij regel %d"
+
+#: plugins/sudoers/parse.c:126
+#, c-format
+msgid "parse error in %s"
+msgstr "ontleedfout in %s"
+
+#: plugins/sudoers/parse.c:414
+#, c-format
+msgid ""
+"\n"
+"Sudoers entry:\n"
+msgstr ""
+"\n"
+"Sudoers item:\n"
+
+#: plugins/sudoers/parse.c:416
+#, c-format
+msgid " RunAsUsers: "
+msgstr " RunAsUsers: "
+
+#: plugins/sudoers/parse.c:431
+#, c-format
+msgid " RunAsGroups: "
+msgstr " RunAsGroups: "
+
+#: plugins/sudoers/parse.c:440
+#, c-format
+msgid ""
+" Commands:\n"
+"\t"
+msgstr ""
+" Opdrachten:\n"
+"\t"
+
+#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
+msgid ": "
+msgstr ": "
+
+#: plugins/sudoers/pwutil.c:278
+#, c-format
+msgid "unable to cache uid %u (%s), already exists"
+msgstr "kan gebruikersnummer %u niet bufferen (%s), bestaat reeds"
+
+#: plugins/sudoers/pwutil.c:286
+#, c-format
+msgid "unable to cache uid %u, already exists"
+msgstr "kan gebruikersnummer %u niet bufferen, bestaat reeds"
+
+#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#, c-format
+msgid "unable to cache user %s, already exists"
+msgstr "kan gebruiker %s niet bufferen, bestaat reeds"
+
+#: plugins/sudoers/pwutil.c:668
+#, c-format
+msgid "unable to cache gid %u (%s), already exists"
+msgstr "kan groepsnummer %u niet bufferen (%s), bestaat reeds"
+
+#: plugins/sudoers/pwutil.c:676
+#, c-format
+msgid "unable to cache gid %u, already exists"
+msgstr "kan groepsnummer %u niet bufferen, bestaat reeds"
+
+#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#, c-format
+msgid "unable to cache group %s, already exists"
+msgstr "kan groep %s niet bufferen, bestaat reeds"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
+#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
+#: plugins/sudoers/set_perms.c:1396
+msgid "perm stack overflow"
+msgstr "permanente stapeloverloop"
+
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
+#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
+#: plugins/sudoers/set_perms.c:1404
+msgid "perm stack underflow"
+msgstr "permanente stapelonderloop"
+
+#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
+#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+msgid "unable to change to runas gid"
+msgstr "kan niet wijzigen naar doelgroupsnummer"
+
+#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
+#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+msgid "unable to change to runas uid"
+msgstr "kan niet wijzigen naar doelgebruikersnummer"
+
+#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+msgid "unable to change to sudoers gid"
+msgstr "kan niet wijzigen naar sudoers groupsnummer"
+
+#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
+#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
+#: plugins/sudoers/set_perms.c:1474
+msgid "too many processes"
+msgstr "te veel taken"
+
+#: plugins/sudoers/set_perms.c:1542
+msgid "unable to set runas group vector"
+msgstr "kan doelgroepvector niet instellen"
+
+#: plugins/sudoers/sssd.c:251
+#, c-format
+msgid "Unable to dlopen %s: %s"
+msgstr "Kan niet dlopen %s: %s"
+
+#: plugins/sudoers/sssd.c:252
+#, c-format
+msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "Kan SSS-bron niet initialiseren. Is SSSD op uw machine geinstalleerd?"
+
+#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
+#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
+#: plugins/sudoers/sssd.c:287
+#, c-format
+msgid "unable to find symbol \"%s\" in %s"
+msgstr "kan symbool \"%s\" niet vinden in %s"
+
+#: plugins/sudoers/sudo_nss.c:267
+#, c-format
+msgid "Matching Defaults entries for %s on this host:\n"
+msgstr "Overeenkomende standaarditems voor %s op deze computer:\n"
+
+#: plugins/sudoers/sudo_nss.c:280
+#, c-format
+msgid "Runas and Command-specific defaults for %s:\n"
+msgstr "Runas en opdrachtspecifieke standaarden voor %s:\n"
+
+#: plugins/sudoers/sudo_nss.c:293
+#, c-format
+msgid "User %s may run the following commands on this host:\n"
+msgstr "Gebruiker %s man de volgede opdrachten uitvoeren op deze computer:\n"
+
+#: plugins/sudoers/sudo_nss.c:302
+#, c-format
+msgid "User %s is not allowed to run sudo on %s.\n"
+msgstr "Gebruiker %s in niet toegestaan sudo te gebruiken op %s.\n"
+
+#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
+#: plugins/sudoers/sudoers.c:953
+msgid "problem with defaults entries"
+msgstr "probleem met standaarditems"
+
+#: plugins/sudoers/sudoers.c:216
+#, c-format
+msgid "no valid sudoers sources found, quitting"
+msgstr "geen geldige sudoers-bronnen gevonden, afsluiten"
+
+#: plugins/sudoers/sudoers.c:268
+#, c-format
+msgid "unable to execute %s: %s"
+msgstr "kan %s niet uitvoeren: %s"
+
+#: plugins/sudoers/sudoers.c:335
+#, c-format
+msgid "sudoers specifies that root is not allowed to sudo"
+msgstr "sudoers geeft aan dat root sudo niet mag gebruiken"
+
+#: plugins/sudoers/sudoers.c:342
+#, c-format
+msgid "you are not permitted to use the -C option"
+msgstr "u mag de optie -C niet gebruiken"
+
+#: plugins/sudoers/sudoers.c:431
+#, c-format
+msgid "timestamp owner (%s): No such user"
+msgstr "tijd-eigenaar (%s): Gebruiker bestaat niet"
+
+#: plugins/sudoers/sudoers.c:447
+msgid "no tty"
+msgstr "geen terminal"
+
+#: plugins/sudoers/sudoers.c:448
+#, c-format
+msgid "sorry, you must have a tty to run sudo"
+msgstr "excuseer, u moet een terminal hebben om sudo te gebruiken"
+
+#: plugins/sudoers/sudoers.c:498
+msgid "command in current directory"
+msgstr "opdracht in huidige map"
+
+#: plugins/sudoers/sudoers.c:510
+#, c-format
+msgid "sorry, you are not allowed to preserve the environment"
+msgstr "excuseer, u mag de omgeving niet behouden"
+
+#: plugins/sudoers/sudoers.c:1006
+#, c-format
+msgid "%s is not a regular file"
+msgstr "%s in geen regulier bestand"
+
+#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr "%s is eigendom van gebruikersnummer %u, moet zijn %u"
+
+#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#, c-format
+msgid "%s is world writable"
+msgstr "%s kan door iedereen worden geschreven"
+
+#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#, c-format
+msgid "%s is owned by gid %u, should be %u"
+msgstr "%s is eigendom van groupsnummer %u, moet zijn %u"
+
+#: plugins/sudoers/sudoers.c:1043
+#, c-format
+msgid "only root can use `-c %s'"
+msgstr "alleen root kan `-c %s' gebruiken"
+
+#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#, c-format
+msgid "unknown login class: %s"
+msgstr "onbekende loginklasse: %s"
+
+#: plugins/sudoers/sudoers.c:1089
+#, c-format
+msgid "unable to resolve host %s"
+msgstr "kan computernaam %s niet herleiden"
+
+#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#, c-format
+msgid "unknown group: %s"
+msgstr "onbekende groep: %s"
+
+#: plugins/sudoers/sudoers.c:1190
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Sudoers beleidsplugin versie %s\n"
+
+#: plugins/sudoers/sudoers.c:1192
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Versie van sudoers bestandsgrammatica %d\n"
+
+#: plugins/sudoers/sudoers.c:1196
+#, c-format
+msgid ""
+"\n"
+"Sudoers path: %s\n"
+msgstr ""
+"\n"
+"Sudoers pad: %s\n"
+
+#: plugins/sudoers/sudoers.c:1199
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "nsswitch pad: %s\n"
+
+#: plugins/sudoers/sudoers.c:1201
+#, c-format
+msgid "ldap.conf path: %s\n"
+msgstr "ldap.conf pad: %s\n"
+
+#: plugins/sudoers/sudoers.c:1202
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "ldap.secret pad: %s\n"
+
+#: plugins/sudoers/sudoreplay.c:293
+#, c-format
+msgid "invalid filter option: %s"
+msgstr "ongeldige filteroptie: %s"
+
+#: plugins/sudoers/sudoreplay.c:306
+#, c-format
+msgid "invalid max wait: %s"
+msgstr "ongeldige maximale wacht: %s"
+
+#: plugins/sudoers/sudoreplay.c:312
+#, c-format
+msgid "invalid speed factor: %s"
+msgstr "ongeldige snelheidsfactor: %s"
+
+#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#, c-format
+msgid "%s version %s\n"
+msgstr "%s versie %s\n"
+
+#: plugins/sudoers/sudoreplay.c:340
+#, c-format
+msgid "%s/%.2s/%.2s/%.2s/timing: %s"
+msgstr "%s/%.2s/%.2s/%.2s/timing: %s"
+
+#: plugins/sudoers/sudoreplay.c:346
+#, c-format
+msgid "%s/%s/timing: %s"
+msgstr "%s/%s/timing: %s"
+
+#: plugins/sudoers/sudoreplay.c:364
+#, c-format
+msgid "Replaying sudo session: %s\n"
+msgstr "Bekijken van sudo sessie: %s\n"
+
+#: plugins/sudoers/sudoreplay.c:370
+#, c-format
+msgid "Warning: your terminal is too small to properly replay the log.\n"
+msgstr "Waarschuwing: uw terminal is te klein om de log goed af te bekijken.\n"
+
+#: plugins/sudoers/sudoreplay.c:371
+#, c-format
+msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
+msgstr "Logverhouding is %d x %d, de verhouding van uw terminal is %d x %d."
+
+#: plugins/sudoers/sudoreplay.c:401
+#, c-format
+msgid "unable to set tty to raw mode"
+msgstr "kan terminal niet instellen voor ruwe modus"
+
+#: plugins/sudoers/sudoreplay.c:418
+#, c-format
+msgid "invalid timing file line: %s"
+msgstr "ongeldige timing bestandsregel: %s"
+
+#: plugins/sudoers/sudoreplay.c:501
+#, c-format
+msgid "writing to standard output"
+msgstr "naar standaarduitvoer schrijven"
+
+#: plugins/sudoers/sudoreplay.c:530
+#, c-format
+msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
+msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
+
+#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#, c-format
+msgid "ambiguous expression \"%s\""
+msgstr "dubbelzinnige expressie \"%s\""
+
+#: plugins/sudoers/sudoreplay.c:685
+#, c-format
+msgid "too many parenthesized expressions, max %d"
+msgstr "te veel geneste expressies, maximum %d"
+
+#: plugins/sudoers/sudoreplay.c:696
+#, c-format
+msgid "unmatched ')' in expression"
+msgstr "onvergezelde ')' in expressie"
+
+#: plugins/sudoers/sudoreplay.c:702
+#, c-format
+msgid "unknown search term \"%s\""
+msgstr "onbekende zoekterm \"%s\""
+
+#: plugins/sudoers/sudoreplay.c:716
+#, c-format
+msgid "%s requires an argument"
+msgstr "%s heeft een argument nodig"
+
+#: plugins/sudoers/sudoreplay.c:720
+#, c-format
+msgid "invalid regular expression: %s"
+msgstr "ongeldige reguliere expressie: %s"
+
+#: plugins/sudoers/sudoreplay.c:726
+#, c-format
+msgid "could not parse date \"%s\""
+msgstr "kan datum niet ontleden \"%s\""
+
+#: plugins/sudoers/sudoreplay.c:739
+#, c-format
+msgid "unmatched '(' in expression"
+msgstr "onvergezelde '(' in expressie"
+
+#: plugins/sudoers/sudoreplay.c:741
+#, c-format
+msgid "illegal trailing \"or\""
+msgstr "ongeldige afsluitende \"or\""
+
+#: plugins/sudoers/sudoreplay.c:743
+#, c-format
+msgid "illegal trailing \"!\""
+msgstr "ongeldige afsluitende \"!\""
+
+#: plugins/sudoers/sudoreplay.c:1050
+#, c-format
+msgid "invalid regex: %s"
+msgstr "ongeldige reguliere expressie: %s"
+
+#: plugins/sudoers/sudoreplay.c:1174
+#, c-format
+msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
+msgstr "gebruik: %s [-h] [-d map] [-m max_wacht] [-s snelheidsfactor] ID\n"
+
+#: plugins/sudoers/sudoreplay.c:1177
+#, c-format
+msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
+msgstr "gebruik: %s [-h] [-d map] -l [zoek expressie]\n"
+
+#: plugins/sudoers/sudoreplay.c:1186
+#, c-format
+msgid ""
+"%s - replay sudo session logs\n"
+"\n"
+msgstr ""
+"%s - sudo sessielogs bekijken\n"
+"\n"
+
+#: plugins/sudoers/sudoreplay.c:1188
+msgid ""
+"\n"
+"Options:\n"
+" -d directory specify directory for session logs\n"
+" -f filter specify which I/O type to display\n"
+" -h display help message and exit\n"
+" -l [expression] list available session IDs that match expression\n"
+" -m max_wait max number of seconds to wait between events\n"
+" -s speed_factor speed up or slow down output\n"
+" -V display version information and exit"
+msgstr ""
+"\n"
+"Opties:\n"
+" -d map map voor sessielogs opgeven\n"
+" -f filter opgeven welk type in-/uitvoer moet worden weergegeven\n"
+" -h geef help weer (dit bericht) en sluit af\n"
+" -l [expressie] som beschikbare sessienummers\n"
+" die overeenkomen met de expressie op\n"
+" -m max_wacht wacht tussen gebeurtenissen maximaal m seconden\n"
+" -s snelheis_factor snelheid van uitvoer verhogen of verlagen\n"
+" -V geef versieinformatie weer en sluit af"
+
+#: plugins/sudoers/testsudoers.c:338
+msgid "\thost unmatched"
+msgstr "\tcomputer komt niet overeen"
+
+#: plugins/sudoers/testsudoers.c:341
+msgid ""
+"\n"
+"Command allowed"
+msgstr ""
+"\n"
+"Opdracht toegestaan"
+
+#: plugins/sudoers/testsudoers.c:342
+msgid ""
+"\n"
+"Command denied"
+msgstr ""
+"\n"
+"Opdracht niet toegestaan"
+
+#: plugins/sudoers/testsudoers.c:342
+msgid ""
+"\n"
+"Command unmatched"
+msgstr ""
+"\n"
+"Opdracht komt niet overeen"
+
+#: plugins/sudoers/toke_util.c:218
+msgid "fill_args: buffer overflow"
+msgstr "fill_args: stapeloverloop"
+
+#: plugins/sudoers/visudo.c:188
+#, c-format
+msgid "%s grammar version %d\n"
+msgstr "%s grammaticaversie %d\n"
+
+#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#, c-format
+msgid "press return to edit %s: "
+msgstr "toets enter om te bewerken %s: "
+
+#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#, c-format
+msgid "write error"
+msgstr "schrijffout"
+
+#: plugins/sudoers/visudo.c:423
+#, c-format
+msgid "unable to stat temporary file (%s), %s unchanged"
+msgstr "kan status van tijdelijk bestand (%s) niet vaststellen, %s ongewijzigd"
+
+#: plugins/sudoers/visudo.c:428
+#, c-format
+msgid "zero length temporary file (%s), %s unchanged"
+msgstr "tijdelijk bestand (%s) leeg, %s ongewijzigd"
+
+#: plugins/sudoers/visudo.c:434
+#, c-format
+msgid "editor (%s) failed, %s unchanged"
+msgstr "editor (%s) mislukt, %s ongewijzigd"
+
+#: plugins/sudoers/visudo.c:457
+#, c-format
+msgid "%s unchanged"
+msgstr "%s ongewijzigd"
+
+#: plugins/sudoers/visudo.c:486
+#, c-format
+msgid "unable to re-open temporary file (%s), %s unchanged."
+msgstr "kan tijdelijk bestand (%s) niet openen, %s ongewijzigd."
+
+#: plugins/sudoers/visudo.c:496
+#, c-format
+msgid "unabled to parse temporary file (%s), unknown error"
+msgstr "kan tijdelijke bestand (%s) niet ontleden, onbekende fout"
+
+#: plugins/sudoers/visudo.c:534
+#, c-format
+msgid "internal error, unable to find %s in list!"
+msgstr "interne fout, kan %s niet in de lijst vinden!"
+
+#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#, c-format
+msgid "unable to set (uid, gid) of %s to (%u, %u)"
+msgstr "kan %s niet wijzigen (gebruikers- of groupsnummer) naar (%u, %u)"
+
+#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#, c-format
+msgid "unable to change mode of %s to 0%o"
+msgstr "kan modus van %s niet wijzigen naar 0%o"
+
+#: plugins/sudoers/visudo.c:617
+#, c-format
+msgid "%s and %s not on the same file system, using mv to rename"
+msgstr "%s en %s niet op hetzelfde bestandssyteem, gebuikt mv om te hernoemen"
+
+#: plugins/sudoers/visudo.c:631
+#, c-format
+msgid "command failed: '%s %s %s', %s unchanged"
+msgstr "opdracht mislukt: '%s %s %s', %s ongewijzigd"
+
+#: plugins/sudoers/visudo.c:641
+#, c-format
+msgid "error renaming %s, %s unchanged"
+msgstr "fout bij hernoemen %s, %s ongewijzigd"
+
+#: plugins/sudoers/visudo.c:704
+msgid "What now? "
+msgstr "Wat nu? "
+
+#: plugins/sudoers/visudo.c:718
+msgid ""
+"Options are:\n"
+" (e)dit sudoers file again\n"
+" e(x)it without saving changes to sudoers file\n"
+" (Q)uit and save changes to sudoers file (DANGER!)\n"
+msgstr ""
+"Opties zijn:\n"
+" (e)dit sudoers bestand opnieuw\n"
+" e(x)it zonder de wijzigingen op te slaan\n"
+" (Q)uit en sla wijziging op in het sudoers bestand (GEVAAR!)\n"
+
+#: plugins/sudoers/visudo.c:759
+#, c-format
+msgid "unable to execute %s"
+msgstr "kan %s niet uitvoeren"
+
+#: plugins/sudoers/visudo.c:766
+#, c-format
+msgid "unable to run %s"
+msgstr "kan %s niet gebruiken"
+
+#: plugins/sudoers/visudo.c:792
+#, c-format
+msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
+msgstr "%s: verkeerde eigenaar (gebruikers-, groepsnummer) zou moeten zijn (%u, %u)\n"
+
+#: plugins/sudoers/visudo.c:799
+#, c-format
+msgid "%s: bad permissions, should be mode 0%o\n"
+msgstr "%s: verkeerde permissies, mout zijn modus 0%o\n"
+
+#: plugins/sudoers/visudo.c:824
+#, c-format
+msgid "failed to parse %s file, unknown error"
+msgstr "kon %sbestand niet ontleden, onbekende fout"
+
+#: plugins/sudoers/visudo.c:837
+#, c-format
+msgid "parse error in %s near line %d\n"
+msgstr "fout bij ontleden van %s bij regel %d\n"
+
+#: plugins/sudoers/visudo.c:840
+#, c-format
+msgid "parse error in %s\n"
+msgstr "fout bij ontleden van %s\n"
+
+#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#, c-format
+msgid "%s: parsed OK\n"
+msgstr "%s: ontleden geslaagd\n"
+
+#: plugins/sudoers/visudo.c:899
+#, c-format
+msgid "%s busy, try again later"
+msgstr "%s bezig, probeer later opnieuw"
+
+#: plugins/sudoers/visudo.c:943
+#, c-format
+msgid "specified editor (%s) doesn't exist"
+msgstr "opgegeven editor (%s) bestaat niet"
+
+#: plugins/sudoers/visudo.c:966
+#, c-format
+msgid "unable to stat editor (%s)"
+msgstr "kan status van editor (%s) niet verkrijgen"
+
+#: plugins/sudoers/visudo.c:1014
+#, c-format
+msgid "no editor found (editor path = %s)"
+msgstr "geen editor gevonden (editorpad = %s)"
+
+#: plugins/sudoers/visudo.c:1108
+#, c-format
+msgid "Error: cycle in %s_Alias `%s'"
+msgstr "Fout: cyclus van %s_Alias `%s'"
+
+#: plugins/sudoers/visudo.c:1109
+#, c-format
+msgid "Warning: cycle in %s_Alias `%s'"
+msgstr "Waarschuwing: cyclus van %s_Alias `%s'"
+
+#: plugins/sudoers/visudo.c:1112
+#, c-format
+msgid "Error: %s_Alias `%s' referenced but not defined"
+msgstr "Fout: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerd"
+
+#: plugins/sudoers/visudo.c:1113
+#, c-format
+msgid "Warning: %s_Alias `%s' referenced but not defined"
+msgstr "Waarschuwing: %s_Alias `%s' wordt naar verwezen, maar is niet gedefinieerd"
+
+#: plugins/sudoers/visudo.c:1248
+#, c-format
+msgid "%s: unused %s_Alias %s"
+msgstr "%s: ongebruikte %s_Alias %s"
+
+#: plugins/sudoers/visudo.c:1304
+#, c-format
+msgid ""
+"%s - safely edit the sudoers file\n"
+"\n"
+msgstr ""
+"%s - bewerk het sudoersbestand voorzichtig\n"
+"\n"
+
+#: plugins/sudoers/visudo.c:1306
+msgid ""
+"\n"
+"Options:\n"
+" -c check-only mode\n"
+" -f sudoers specify sudoers file location\n"
+" -h display help message and exit\n"
+" -q less verbose (quiet) syntax error messages\n"
+" -s strict syntax checking\n"
+" -V display version information and exit"
+msgstr ""
+"\n"
+"Opties:\n"
+" -c alleen lezen modus\n"
+" -f sudoers geef lokatie van sudoersbestand op\n"
+" -h geef help weer (dit bericht) en sluit af\n"
+" -q minder uitgebreide syntactische fout berichten\n"
+" -s stricte controle van syntaxis\n"
+" -V geef versieinformatie weer en sluit af"
+
+#: toke.l:820
+msgid "too many levels of includes"
+msgstr "te veel niveaus van insluitingen"
# Polish translation for sudo/sudoers.
# This file is put in the public domain.
-# Jakub Bogusz <qboosh@pld-linux.org>, 2011-2012.
+# Jakub Bogusz <qboosh@pld-linux.org>, 2011-2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b4\n"
+"Project-Id-Version: sudoers 1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-20 19:07+0200\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-19 21:56+0200\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
"Language: pl\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s w okolicy linii %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Hasło:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** informacje dotyczące BEZPIECZEŃSTWA dla %h ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Niestety, proszę spróbować ponownie."
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Alias `%s' jest już zdefiniowany"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "nie udało się uzyskać klasy logowania dla użytkownika %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "nie udało się rozpocząć uwierzytelnienia BSD"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "błędny rodzaj uwierzytelnienia"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "nie udało się ustawić parametrów uwierzytelnienia"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "nie udało się odczytać konfiguracji fwtk"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "nie udało się połączyć z serwerem uwierzytelniającym"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "utracono połączenie z serwerem uwierzytelniającym"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"błąd serwera uwierzytelniającego:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s: nie udało się złożyć princ ('%s'): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: nie udało się przekształcić nazwy principal do łańcucha ('%s'): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: nie udało się przeanalizować '%s': %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s: nie udało się rozwiązać ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: nie udało się rozwiązać pamięci podręcznej danych uwierzytelniających: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: nie udało się przydzielić opcji: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: nie udało się pobrać danych uwierzytelniających: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: nie udało się zainicjować ccache: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: nie udało się zainicjować pamięci podręcznej danych uwierzytelniających: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: nie udało się zapisać danych uwierzytelniających w ccache: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: nie udało się zapisać danych uwierzytelniających w pamięci podręcznej: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
-msgstr "%s: nie udało się pobrać głównego hosta: %s"
+msgstr "%s: nie udało się pobrać nazwy principal dla hosta: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: Nie można zweryfikować TGT! Możliwy atak!: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr "nie udało się zainicjować PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "błąd kontroli poprawności konta - konto zablokowane?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "Konto lub hasło wygasło, należy ustawić ponownie hasło i spróbować jeszcze raz"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "nie udało się zmienić przedawnionego hasła: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Hasło wygasło, proszę skontaktować się z administratorem systemu"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Konto wygasło lub w konfiguracji PAM brak sekcji \"account\" dla sudo, proszę skontaktować się z administratorem systemu"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
+msgid "PAM authentication error: %s"
+msgstr "Błąd uwierzytelniania PAM: %s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Hasło: "
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Hasło:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "nie udało się ustanowić danych uwierzytelniających: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "nie istniejesz w bazie danych %s"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "nie udało się zainicjować biblioteki ACE API"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "nie udało się połączyć z serwerem SecurID"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "ID użytkownika zablokowany dla uwierzytelnienia SecurID"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "błędna długość nazwy użytkownika dla SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "błędny uchwyt uwierzytelnienia dla SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "błąd komunikacji SecurID"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "nieznany błąd SecurID"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "błędna długość hasła dla SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "nie udało się zainicjować sesji SIA"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "W sudo wkompilowano błędne metody uwierzytelniania! Można mieszać samodzielne i niesamodzielne sposoby uwierzytelniania."
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "błędne metody uwierzytelniania"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "W sudo wkompilowano błędne metody uwierzytelniania! Nie można mieszać samodzielnych i niesamodzielnych sposobów uwierzytelniania."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "brak metod uwierzytelniania"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "W sudo nie wkompilowano żadnych metod uwierzytelniania! Aby wyłączyć uwierzytelnianie, proszę użyć opcji konfiguracyjnej --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Metody uwierzytelniania:"
msgid "Could not determine audit condition"
msgstr "Nie udało się określić warunku audytowego"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
-msgstr "getauid nie powiodło się"
+msgid "getauid: failed"
+msgstr "getauid: niepowodzenie"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
#, c-format
msgid "unable to commit audit record"
msgstr "nie udało się zatwierdzić rekordu audytowego"
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid: niepowodzenie"
-
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text: niepowodzenie"
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "nie udało się otworzyć %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "nie udało się zapisać do %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "nie udało się wykonać mkdir %s"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "błąd wewnętrzny, przepełnienie %s"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "ścieżka znacznika czasu zbyt długa: %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s istnieje, ale nie jest katalogiem (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "właścicielem %s jest uid %u, powinien być uid %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0700)"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "nie udało się wykonać stat na %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s istnieje, ale nie jest zwykłym plikiem (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0600)"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "znacznik czasu zbyt daleko w przyszłości: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "nie udało się usunąć %s (%s), zostanie zresetowany do epoch"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "nie udało się zresetować %s do epoch"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Ufamy, że lokalny administrator udzielił odpowiedniego szkolenia.\n"
+"Zwykle sprowadza się ono do tych trzech rzeczy:\n"
+"\n"
+" 1) należy respektować prywatność innych,\n"
+" 2) należy myśleć przed pisaniem,\n"
+" 3) z dużą władzą wiąże się duża odpowiedzialność.\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "nieznany uid: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "nieznany użytkownik: %s"
msgid "Set of limit privileges"
msgstr "Zbiór ograniczonych uprawnień"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Uruchomienie poleceń na pseudoterminalu w tle"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Utworzenie nowej sesji PAM dla uruchamianego polecenia"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Maksymalny numer sekwencji logu we/wy"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "nieznany wpis domyślny `%s'"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "błędna wartość `%s' dla opcji `%s'"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "nie podano wartości dla `%s'"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "wartości `%s' muszą zaczynać się od '/'"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "opcja `%s' nie przyjmuje wartości"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "błąd wewnętrzny, przepełnienie %s"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: uszkodzone envp, niezgodność długości"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "nie udało się przydzielić pamięci"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "niestety nie jest dozwolone ustawianie następujących zmiennych środowiskowych: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "właścicielem %s musi być uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "prawo zapisu do %s może mieć tylko właściciel"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "nie udało się wykonać dlopen %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "nie udało się odnaleźć symbolu \"group_plugin\" w %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: niezgodna główna wersja wtyczki grup %d, oczekiwano %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Pary lokalnych adresów IP i masek:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s istnieje, ale nie jest katalogiem (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "nie udało się wykonać mkdir %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "nie udało się otworzyć %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "nie udało się odczytać %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "błędny numer sekwencyjny %s"
+msgid "unable to write to %s"
+msgstr "nie udało się zapisać do %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "nie udało się utworzyć %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "nie udało się ustawić lokalizacji na \"%s\", użyto \"C\""
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: port zbyt duży"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: brak miejsca podczas rozszerzania hostbuf"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "nieobsługiwany rodzaj URI LDAP: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "błędny URI: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "nie można mieszać URI ldap i ldaps"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "nie można mieszać ldaps i starttls"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: brak miejsca podczas konstruowania hostbuf"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "nie udało się zainicjować bazy certyfikatów i kluczy SSL: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "aby używać SSL, trzeba ustawić TLS_CERT w %s"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "nie udało się pobrać czasu GMT"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "nie udało się sformatować znacznika czasu"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "nie udało się stworzyć filtra czasu"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "niezgodność przydzielenia sudo_ldap_build_pass1"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"Rola LDAP: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"Rola LDAP: NIEZNANA\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Porządek: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Polecenia:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "nie udało się zainicjować LDAP: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "wybrano start_tls, ale biblioteki LDAP nie obsługują ldap_start_tls_s() ani ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "błędny atrybut sudoOrder: %s"
msgid "unable to send audit message"
msgstr "nie udało się wysłać komunikatu audytowego"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (kontynuacja polecenia) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "nie udało się otworzyć pliku logu: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "nie udało się zablokować pliku logu: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Brak użytkownika lub hosta"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "błąd kontroli poprawności"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "użytkownik NIE występuje w sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "użytkownik NIE jest autoryzowany na hoście"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "polecenie niedozwolone"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s nie występuje w pliku sudoers. Ten incydent zostanie zgłoszony.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s nie ma uprawnień do uruchamiania sudo na %s. Ten incydent zostanie zgłoszony.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Niestety użytkownik %s nie może uruchamiać sudo na %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Niestety użytkownik %s nie ma uprawnień do uruchamiania '%s%s%s' jako %s%s%s na %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Brak użytkownika lub hosta"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "błąd kontroli poprawności"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: nie znaleziono polecenia"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"zignorowano plik `%s' znaleziony w '.'\n"
"Proszę użyć `sudo ./%s', jeśli to `%s' ma być uruchomiony."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "błąd uwierzytelniania"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "wymagane jest hasło"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[1] "%d błędne próby wprowadzenia hasła"
msgstr[2] "%d błędnych prób wprowadzenia hasła"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "wymagane jest hasło"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "nie udało się wykonać fork"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "nie udało się wykonać fork: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "nie udało się otworzyć potoku: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "nie udało się wykonać dup na stdin: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "nie udało się wywołać %s: %m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "błąd wewnętrzny: za mało miejsca na linię logu"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "nieobsługiwany typ skrótu %d dla %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: błąd odczytu"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "skrót dla %s (%s) nie jest w postaci %s"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "błąd składni w %s w okolicy linii %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "błąd składni w %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Wpis sudoers:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " Jako użytkownicy: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " Jako grupy: "
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Opcje: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "nie udało się wywołać %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Wersja wtyczki polityki sudoers %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Wersja gramatyki pliku sudoers %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Polecenia:\n"
-"\t"
+"\n"
+"Ścieżka do sudoers: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "ścieżka do nsswitch: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "nie udało się zapamiętać uid-a %u (%s), już istnieje"
+msgid "ldap.conf path: %s\n"
+msgstr "ścieżka do ldap.conf: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "ścieżka do ldap.secret: %s\n"
+
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "nie udało się zapamiętać uid-a %u, już istnieje"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "nie udało się zapamiętać użytkownika %s, już istnieje"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "nie udało się zapamiętać gid-a %u (%s), już istnieje"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "nie udało się zapamiętać gid-a %u, już istnieje"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "nie udało się zapamiętać grupy %s, już istnieje"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "nie udało się zapamiętać listy grup dla %s, już istnieje"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "nie udało się przeanalizować grup dla %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "przepełnienie stosu uprawnień"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "niedopełnienie stosu uprawnień"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "nie udało się zmienić na gid roota"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "nie udało się zmienić na docelowy gid"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "nie udało się zmienić na docelowy uid"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "nie udało się zmienić na gid sudoers"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "zbyt dużo procesów"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "nie udało się ustawić wektora grup docelowych"
-#: plugins/sudoers/sssd.c:251
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr "Nie udało się wykonać dlopen %s: %s"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "nie udało się zainicjować źródła SSS. Czy SSSD jest zainstalowany na tej maszynie?"
-#: plugins/sudoers/sssd.c:252
-#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
-msgstr "Nie udało się zainicjować źródła SSS. Czy SSSD jest zainstalowany na tej maszynie?"
-
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "nie udało się odnaleźć symbolu \"%s\" w %s"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Pasujące wpisy Defaults dla %s na tym hoście:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Wartości specyficzne dla Runas i Command dla %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Użytkownik %s może uruchamiać na tym hoście następujące polecenia:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Użytkownik %s nie ma uprawnień do uruchamiania sudo na %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "problem z wpisami domyślnymi"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "nie znaleziono poprawnych źródeł sudoers, zakończenie"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "nie udało się wywołać %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "wg sudoers root nie ma prawa używać sudo"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "brak uprawnień do używania opcji -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "właściciel znacznika czasu (%s): nie ma takiego użytkownika"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "brak tty"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "niestety do uruchomienia sudo konieczny jest tty"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "polecenie w bieżącym katalogu"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "niestety brak uprawnień do zachowania środowiska"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "nie udało się wykonać stat na %s"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s nie jest zwykłym plikiem"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "właścicielem %s jest uid %u, powinien być %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s jest zapisywalny dla świata"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "właścicielem %s jest gid %u, powinien być %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "tylko root może używać `-c %s'"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "nieznana klasa logowania: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "nie udało się rozwiązać nazwy hosta %s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "nieznana grupa: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Wersja wtyczki polityki sudoers %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Wersja gramatyki pliku sudoers %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Ścieżka do sudoers: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "ścieżka do nsswitch: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "ścieżka do ldap.conf: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "ścieżka do ldap.secret: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "błędna opcja filtra: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "błędny maksymalny czas oczekiwania: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "błędny współczynnik szybkości: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s wersja %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/czas: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/czas: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Odtwarzanie sesji sudo: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Uwaga: ten terminal jest za mały, aby właściwie odtworzyć log.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Geometria logu to %d x %d, geometria terminala to %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "nie udało się przestawić tty w tryb surowy"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "błędna linia pliku czasu: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "zapis na standardowe wyjście"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanospeep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "niejednoznaczne wyrażenie \"%s\""
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "zbyt dużo zagnieżdżonych wyrażeń w nawiasach, maksimum to %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "niesparowany ')' w wyrażeniu"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "nieznany warunek wyszukiwania \"%s\""
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s wymaga argumentu"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "błędne wyrażenie regularne: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "nie udało się przeanalizować daty \"%s\""
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "niesparowany '(' w wyrażeniu"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "niedozwolone kończące \"or\""
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "niedozwolony kończący \"!\""
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "błędne wyrażenie regularne: %s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "Składnia: %s [-h] [-d katalog] [-m maks_oczek] [-s wsp_szybkości] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "Składnia: %s [-h] [-d katalog] -k [wyrażenie wyszukiwania]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - odtwarzanie logów sesji sudo\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s wsp_szybkości przyspieszenie lub spowolnienie wyjścia\n"
" -V wyświetlenie informacji o wersji i zakończenie"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\thost nie znaleziony"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Polecenie dozwolone"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Polecenie niedozwolone"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Polecenie nie znalezione"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "ścieżka znacznika czasu zbyt długa: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "właścicielem %s jest uid %u, powinien być uid %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0700)"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s istnieje, ale nie jest zwykłym plikiem (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s zapisywalny nie tylko dla właściciela (uprawnienia 0%o, powinny być 0600)"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "znacznik czasu zbyt daleko w przyszłości: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "nie udało się usunąć %s, zostanie zresetowany do epoch"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "nie udało się zresetować %s do epoch"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: przepełnienie bufora"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s, wersja gramatyki %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "wciśnięcie return przejdzie do edycji %s: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "błąd zapisu"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "nie udało się wykonać stat na pliku tymczasowym (%s), %s nie zmieniony"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "plik tymczasowy (%s) zerowej długości, %s nie zmieniony"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "błąd edytora (%s), %s nie zmieniony"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s nie zmieniony"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "nie udało się ponownie otworzyć pliku tymczasowego (%s), %s nie zmieniony."
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "nie udało się przeanalizować pliku tymczasowego (%s), nieznany błąd"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "błąd wewnętrzny, nie znaleziono %s na liście!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "nie udało się ustawić (uid, gid) %s na (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "nie udało się zmienić uprawnień %s na 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s i %s nie są na tym samym systemie plików, użycie mv do zmiany nazwy"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "polecenie nie powiodło się: '%s %s %s', %s nie zmieniony"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "błąd podczas zmiany nazwy %s, %s nie zmieniony"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Co teraz? "
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (x) wyjście bez zapisu zmian do pliku sudoers\n"
" (Q) wyjście i zapisanie zmian w pliku sudoers (NIEBEZPIECZNE!)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "nie udało się wywołać %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "nie udało się uruchomić %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: błędny właściciel, (uid, gid) powinny wynosić (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: błędne uprawnienia, powinny być 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "nie udało się przeanalizować pliku %s, nieznany błąd"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "błąd składni w %s w okolicy linii %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "błąd składni w %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: składnia poprawna\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s zajęty, proszę spróbować później"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "podany edytor (%s) nie istnieje"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "nie udało się wykonać stat na edytorze (%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "nie znaleziono edytora (ścieżka = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Błąd: cykl w %s_Alias `%s'"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Uwaga: cykl w %s_Alias `%s'"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Błąd: %s_Alias `%s' użyty, ale nie zdefiniowany"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Uwaga: %s_Alias `%s' użyty, ale nie zdefiniowany"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: nie użyty %s_Alias %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - bezpieczna edycja pliku sudoers\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s ścisłe sprawdzanie składni\n"
" -V wyświetlenie informacji o wersji i zakończenie"
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr "za dużo poziomów include"
-
-#~ msgid "internal error, expand_prompt() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie expand_prompt()"
-
-#~ msgid "internal error, sudo_setenv2() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie sudo_setenv2()"
-
-#~ msgid "internal error, sudo_setenv() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie sudo_setenv()"
-
-#~ msgid "internal error, linux_audit_command() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie linux_audit_command()"
-
-#~ msgid "internal error, runas_groups overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie runas_groups"
-
-#~ msgid "internal error, init_vars() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie init_vars()"
# This file is distributed under the same license as the sudo package.
#
# Damir Jerovšek <damir.jerovsek@gmail.com>, 2012.
-# Klemen Košir <klemen.kosir@gmx.com>, 2012.
+# Klemen Košir <klemen.kosir@gmx.com>, 2012 - 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b4\n"
+"Project-Id-Version: sudoers 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 22:12+0100\n"
-"Last-Translator: Klemen Košir <klemen.kosir@gmx.com>\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-06 09:44+0100\n"
+"Last-Translator: Klemen Košir <klemen913@gmail.com>\n"
"Language-Team: Slovenian <translation-team-sl@lists.sourceforge.net>\n"
"Language: sl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n%100==4 ? 3 : 0);\n"
+"X-Generator: Poedit 1.5.5\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s blizu vrstice %d <<<"
+#: confstr.sh:2 plugins/sudoers/auth/pam.c:340
+msgid "Password:"
+msgstr "Geslo:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** Varnostni podatki za %h ***"
-#: plugins/sudoers/alias.c:125
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Prosimo, poskusite znova."
+
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Vzdevek `%s' je že določen"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "prijavnega razreda uporabnika %s ni mogoče pridobiti"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "ni mogoče začeti overitve bsd"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "neveljavna vrsta overitve"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "ni mogoče nastaviti overitve"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "ni mogoče brati nastavitev fwtk"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "ni se mogoče povezati s strežnikom overitve"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "povezava s strežnikom overitve je bila izgubljena"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"napaka strežnika overitve:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
msgid "%s: unable to unparse princ ('%s'): %s"
msgstr "%s: ni mogoče odrazčleniti princ ('%s'): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: ni mogoče razčleniti '%s': %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
msgid "%s: unable to resolve ccache: %s"
msgstr "%s: ni mogoče razrešiti ccache: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: ni mogoče dodeliti možnosti: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: ni mogoče dobiti poverila: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
msgid "%s: unable to initialize ccache: %s"
msgstr "%s: ni mogoče začeti ccache: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
msgid "%s: unable to store cred in ccache: %s"
msgstr "%s: ni mogoče shraniti cred v ccache: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s: ni mogoče pridobiti predstojnika gostitve: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: ni mogoče preveriti TGT! Možen napad!: %s"
msgid "unable to initialize PAM"
msgstr "ni mogoče začeti PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:145
msgid "account validation failure, is your account locked?"
msgstr "potrditev veljavnosti računa je spodletela, je vaš račun zaklenjen?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:149
msgid "Account or password is expired, reset your password and try again"
msgstr "Geslo ali račun je potekel, ponastavite svoje geslo in poskusite znova"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:156
#, c-format
msgid "pam_chauthtok: %s"
msgstr "pam_chauthtok: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:160
msgid "Password expired, contact your system administrator"
msgstr "Veljavnost gesla je potekla. Stopite v stik s svojim sistemskim skrbnikom"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:164
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Račun je potekel ali pa nastavitvam PAM primanjkuje odsek \"account\" za sudo, obrnite se na sistemskega skrbnika"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:181
#, c-format
msgid "pam_authenticate: %s"
msgstr "pam_authenticate: %s"
-#: plugins/sudoers/auth/pam.c:332
+#: plugins/sudoers/auth/pam.c:339
msgid "Password: "
msgstr "Geslo: "
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Geslo:"
-
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "ne obstajate v podatkovni zbirki %s"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "začenjanje knjižnice ACE API je spodletelo"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "ni mogoče navezati stika s strežnikom SecurID"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "ID uporabnika je zaklenjen zaradi overitve SecurID"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "neveljavna dolžina imena uporabnika za SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "neveljavna ročica overitve za SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "sporazumevanje SecurID je spodletelo"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "neznana napaka SecurID"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "neveljavna dolžina gesla za SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "ni mogoče začeti seje SIA"
-#: plugins/sudoers/auth/sudo_auth.c:121
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "neveljavni načini overitve"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
msgstr "Neveljavni načini overitve so kodno prevedeni v sudo! Mešate lahko samostojno in nesamostojno overjanje."
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "ni načinov overjanja"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "Ni načinov overitve, kodno prevedenih v sudo! Če želite izklopiti overjanje, uporabite nastavitveno možnost --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Načini overjanja:"
msgid "au_to_text: failed"
msgstr "au_to_text: spodletelo"
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "ni mogoče odpreti %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "ni mogoče pisati v %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "ustvarjenje mape %s z mkdir ni mogoče"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "notranja napaka, prekoračitev funkcije %s"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "pot časovnega žiga je predolga : %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s že obstaja, toda ni mapa (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti ID uporabnika %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "stanja %s ni mogoče dobiti"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s obstaja, toda ni običajna datoteka (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "časovni žig je predaleč v prihodnosti: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "ni mogoče odstraniti %s (%s), ponastavitev na epoho"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "%s ni mogoče ponastaviti na epoho"
+#: plugins/sudoers/check.c:174
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Verjetno vam je skrbnik sistemov že pridigal o varnosti,\n"
+"vendar si vseeno zapomnite naslednja pravila:\n"
+"\n"
+" #1) Spoštujte zasebnost drugih.\n"
+" #2) Premislite, preden izvedete ukaze.\n"
+" #3) Velika moč prinaša veliko odgovornost.\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:212 plugins/sudoers/check.c:218
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "neznan ID uporabnika: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:215 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "neznan uporabnik: %s"
msgid "Set of limit privileges"
msgstr "Niz omejenih dovoljenj"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Zaženi ukaze v terminalu v ozadju"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Ustvari sejo PAM, v kateri se bodo ukazi izvajali"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Največja zaporedna številka dnevnika I/O"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "neznan privzet vnos `%s'"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "vrednost `%s' je neveljavna za možnost `%s'"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "za `%s' ni določena nobena vrednost"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "vrednosti za `%s' se morajo začeti s '/'"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "možnost `%s' ne sprejme vrednosti"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "notranja napaka, prekoračitev funkcije %s"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: pokvarjen envp, neujemanje dolžine"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ni mogoče dodeliti pomnilnika"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "nimate dovoljenj nastavljati naslednjih spremenljivk okolja: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s mora biti v lasti ID-ja uporabnika %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s mora biti zapisljiv samo za lastnika"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "ni mogoče uporabiti dlopen %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "ni mogoče najti simbola \"group_plugin\" v %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: nezdružljiva večja različica vstavka skupin %d, pričakovana %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Pari krajevnih naslovov IP in omrežnih mask:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:199 plugins/sudoers/timestamp.c:243
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s že obstaja, toda ni mapa (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:164
+#: plugins/sudoers/timestamp.c:220 plugins/sudoers/timestamp.c:270
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "ustvarjenje mape %s z mkdir ni mogoče"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:154
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "ni mogoče odpreti %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "ni mogoče brati %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:158
#, c-format
-msgid "invalid sequence number %s"
-msgstr "neveljavna številka zaporedja %s"
+msgid "unable to write to %s"
+msgstr "ni mogoče pisati v %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "ni mogoče ustvariti %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "ni mogoče nastaviti jezikovne oznake na \"%s\" z uporabo \"C\""
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: vrednost vrat je prevelika"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: med razširjanjem hostbuf je zmanjkalo prostora"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "nepodprta vrsta uri-ja LDAP: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "neveljaven uri: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "ni mogoče mešati URI-jev ldap in ldaps"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "ni mogoče mešati ldaps in starttls"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: med izgradnjo hostbuf je zmanjkalo prostora"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "ni mogoče začenjati potrdila SSL in ključa db: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "za uporabo SSL-ja morate nastaviti TSL_CERT v datoteki %s"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:996
#, c-format
msgid "unable to get GMT time"
msgstr "ni mogoče dobiti časa GMT"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1002
#, c-format
msgid "unable to format timestamp"
msgstr "ni mogoče oblikovati časovnega žiga"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1010
#, c-format
msgid "unable to build time filter"
msgstr "ni mogoče izgraditi časovnega filtra"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1229
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1 neujemanje dodelitve"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1776
#, c-format
msgid ""
"\n"
"\n"
"Vloga LDAP: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1778
#, c-format
msgid ""
"\n"
"\n"
"Vloga LDAP: NEZNANA\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1825
#, c-format
msgid " Order: %s\n"
msgstr " Vrstni red: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1833 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1173
#, c-format
msgid " Commands:\n"
msgstr " Ukazi:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2255
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "ni mogoče začeti LDAP: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2289
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls je določen, toda knjižnice LDAP ne podpirajo ldap_start_tls_s() ali ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2525
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "neveljaven atribut sudoOrder: %s"
msgid "unable to send audit message"
msgstr "ni mogoče poslati nadzornega sporočila"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (ukaz) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "ni mogoče odpreti datoteke dnevnika: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "ni mogoče zakleniti datoteke dnevnika: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Brez uporabnika ali gostitelja"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "potrjevanje veljavnosti ni uspelo"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "uporabnika NI v sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "uporabnik NI pooblaščen na gostitelju"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "ukaz ni dovoljen"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s ni v datoteki sudoers. Ta dogodek bo zabeležen.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s nima dovoljenj za izvajanje sudo na %s. Ta dogodek bo zabeležen.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Uporabnik %s ne sme izvajati sudo na %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Uporabnik %s ne sme zagnati '%s%s%s' kot %s%s%s na %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Brez uporabnika ali gostitelja"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "potrjevanje veljavnosti ni uspelo"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: ukaza ni bilo mogoče najti"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"prezrtje `%s', najdenega v '.'\n"
"Uporabite `sudo ./%s', če je to `%s', ki ga želite zagnati."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "napaka overitve"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "zahtevano je geslo"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[2] "%d nepravilna poskusa vnosa gesla"
msgstr[3] "%d nepravilni poskusi vnosa gesla"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "zahtevano je geslo"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "ni mogoče razvejiti"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "ni mogoče razvejiti: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "ni mogoče odpreti cevi: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "ni mogoče podvojiti stdin: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "ni mogoče izvesti %s: %m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "notranja napaka: premalo prostora za vrstico dnevnika"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "napaka razčlenjevanja v %s blizu vrstice %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "napaka med razčlenjevanjem datoteke %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Vnos sudoers:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " ZaženiKotUporabniki: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " ZaženiKotSkupine: "
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Možnosti: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "ni mogoče izvršiti %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Vstavek pravilnika sudoers različica %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Datoteka slovnice sudoers različica %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Ukazi:\n"
-"\t"
+"\n"
+"Pot sudoers: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "pot nsswitch: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "ni mogoče predpomniti ID-ja uporabnika %u (%s), že obstaja"
+msgid "ldap.conf path: %s\n"
+msgstr "pot ldap.conf: %s\n"
+
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "pot ldap.secret: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "ni mogoče predpomniti ID-ja uporabnika %u, že obstaja"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "ni mogoče predpomniti uporabnika %s, že obstaja"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "ni mogoče predpomniti ID-ja skupine %u (%s), že obstaja"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "ni mogoče predpomniti ID-ja skupine %u, že obstaja"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "ni mogoče predpomniti skupine %s, že obstaja"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "seznama skupina za %s ni mogoče predpomniti, saj že obstaja"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "skupin za %s ni mogoče razčleniti"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "prekoračitev trajnega sklada"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "prekoračitev spodnje meje trajnega sklada"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "številke skupine skrbnika ni mogoče spremeniti"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "ni mogoče spremeniti v ID-ja skupine runas"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "ni mogoče spremeniti v ID-ja uporabnika runas"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "ni mogoče spremeniti ID-ja skupine sudoers"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "preveč opravil"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "ni mogoče nastaviti vektorja skupine runas"
-#: plugins/sudoers/sssd.c:251
+#: plugins/sudoers/sssd.c:256
#, c-format
msgid "Unable to dlopen %s: %s"
msgstr "ni mogoče uporabiti dlopen %s: %s"
-#: plugins/sudoers/sssd.c:252
+#: plugins/sudoers/sssd.c:257
#, c-format
msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr "Vira SSS ni mogoče zagnati. Ali je SSSD pravilno nameščen?"
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "simbola \"%s\" ni mogoče najti v %s"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Ujemajoči vpisi privzetih vrednosti za %s na tem gostitelju:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Runas in ukazno določene privzete vrednosti za %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Na tem gostitelju lahko uporabnik %s zažene naslednje ukaze:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Uporabniku %s ni dovoljeno zagnati sudo na %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "težave z vnosi privzetih vrednosti"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "najdenih niso bili nobeni veljavni viri sudoers, končanje"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "ni mogoče zagnati %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers določa, da skrbniku ni dovoljeno uporabiti sudo"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "ni vam dovoljeno uporabiti možnosti -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "lastnik časovnega žiga (%s): ni takšnega uporabnika"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "brez tty"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "za izvajanje sudo morate imeti tty"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "ukaz v trenutni mapi"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "nimate dovoljenj za ohranjanje okolja"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:215
+#: plugins/sudoers/timestamp.c:259 plugins/sudoers/timestamp.c:327
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "stanja %s ni mogoče dobiti"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s ni običajna datoteka"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:842
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:849
#, c-format
msgid "%s is world writable"
msgstr "v datoteko %s lahko zapisujejo vsi uporabniki"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:854
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s je v lasti ID-ja skupine %u, moral bi biti %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "samo skrbnik lahko uporabi `-c %s'"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "neznan razred prijave: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "ni mogoče razrešiti gostitelja %s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "neznana skupina: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Vstavek pravilnika sudoers različica %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Datoteka slovnice sudoers različica %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Pot sudoers: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "pot nsswitch: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "pot ldap.conf: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "pot ldap.secret: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "neveljavna možnost filtra: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "neveljavna zgornja meja čakanja: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "neveljaven dejavnik hitrosti: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s različica %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/časovna uskladitev: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/časovna uskladitev: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Izpisovanje dnevnika seje sudo: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Opozorilo: terminal je premajhen za pravilno izpisovanje dnevnika.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Geometrija dnevnika je %d x %d, medtem ko je geometrija terminala %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "ni mogoče nastaviti tty na surov način"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "neveljavna vrstica datoteke časovne uskladitve: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "pisanje na standardni izhod"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "dvoumen izraz \"%s\""
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "preveč izrazov z oklepaji, največje število %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "v izrazu je neujemajoč ')'"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "naznan iskalni izraz \"%s\""
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s zahteva argument"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718
#, c-format
msgid "invalid regular expression: %s"
msgstr "neveljaven logični izraz: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "ni mogoče razčleniti datuma \"%s\""
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "v izrazu je neujemajoč '('"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "neveljaven zaključni \"or\""
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "neveljaven zaključni \"!\""
-#: plugins/sudoers/sudoreplay.c:1050
+#: plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regex: %s"
msgstr "neveljavni logični izraz: %s"
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "uporaba: %s [-h] [-d mapa] [-m zg_meja_čakanja] [-s faktor_hitrosti] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "uporaba: %s [-h] [-d mapa] -l [iskalni izraz]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - ponovno predvajaj dnevnike sej sudo\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s faktor_hitrosti pospeši ali upočasni izhod\n"
" -V prikaži podrobnosti o različici in končaj"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\tgostitelj se ne ujema"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Ukaz je dovoljen"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Ukaz je bil zavrnjen"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Ukaz se ne ujema"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:128
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "pot časovnega žiga je predolga : %s"
+
+#: plugins/sudoers/timestamp.c:202 plugins/sudoers/timestamp.c:246
+#: plugins/sudoers/timestamp.c:291
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s je v lasti ID-ja uporabnika %u, moral bi biti ID uporabnika %u"
+
+#: plugins/sudoers/timestamp.c:207 plugins/sudoers/timestamp.c:251
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0700"
+
+#: plugins/sudoers/timestamp.c:285
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s obstaja, toda ni običajna datoteka (0%o)"
+
+#: plugins/sudoers/timestamp.c:297
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s je zapisljiv za ne-lastnika (0%o), moral bi biti način 0600"
+
+#: plugins/sudoers/timestamp.c:352
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "časovni žig je predaleč v prihodnosti: %20.20s"
+
+#: plugins/sudoers/timestamp.c:406
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "%s ni mogoče odstraniti"
+
+#: plugins/sudoers/timestamp.c:413
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "%s ni mogoče ponastaviti na epoho"
+
+#: plugins/sudoers/toke_util.c:221
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: prekoračitev medpomnilnika"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s različica slovnice %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "za urejanje %s pritisnite return: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "napaka med pisanjem"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "ni mogoče začeti začasne datoteke (%s), %s nepsremenjeno"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "začasna datoteka brez dolžine (%s), %s nespremenjena"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "urejevalnik (%s) je spodletel, %s nespremenjen"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s nespremenjeno"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "ni mogoče ponovno odpreti začasne datoteke (%s), %s je nespremenjen."
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "ni mogoče razčleniti začasne datoteke (%s), neznana napaka"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "notranja napaka, na seznamu ni mogoče najti %s!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "ni mogoče nastaviti (ID uporabnika, ID skupine) od %s do (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "ni mogoče spremeniti načina iz %s na 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s in %s nista na enakem datotečnem sistemu, uporaba mv za preimenovanje"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "ukaz je spodletel: '%s %s %s', %s nespremenjen"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "napaka med preimenovanjem %s, %s nespremenjen"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "Kaj pa zdaj? "
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (x)končaj brez shranjevanja sprememb v datoteko sudoers\n"
" (Q)končaj in shrani spremembe v datoteko sudoers (NEVARNOST!)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "ni mogoče izvršiti %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "ni mogoče zagnati %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: napačen lastnik (ID uporabnika, ID skupine) moralo bi biti (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: slaba dovoljenja, moral bi biti način 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "razčlenjevanje datoteke %s je spodletelo, neznana napaka"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "napaka razčlenjevanja v %s blizu vrstice %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "napaka razčlenjevanja v %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: uspešno razčlenjeno\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s zaseden, poskusite ponovno pozneje"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "določen urejevalnik (%s) se ne konča"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "ni mogoče začeti urejevalnika (%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "najdenega ni nobenega urejevalnika (pot urejevalnika = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Napaka: kroženje v %s_Alias `%s'"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Opozorilo: kroženje v %s_Alias `%s'"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Napaka: %s_Alias `%s' sklicevan, toda ne določen"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Warning: %s_Alias `%s' sklicevan, toda ne določen"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: neuporabljen %s_Alias %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - varno uredi datoteko sudoers\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s strogo preverjanje skladnje\n"
" -V prikaži podrobnosti različice in končaj"
-#: toke.l:820
+#: toke.l:815
msgid "too many levels of includes"
msgstr "preveč stopenj vključitev"
-
-#~ msgid "internal error, expand_prompt() overflow"
-#~ msgstr "notranja napaka, prekoračitev expand_prompt()"
-
-#~ msgid "internal error, sudo_setenv2() overflow"
-#~ msgstr "notranja napaka, prekoračitev v funkciji sudo_setenv2()"
-
-#~ msgid "internal error, sudo_setenv() overflow"
-#~ msgstr "notranja napaka, prekoračitev sudo_setenv()"
-
-#~ msgid "internal error, linux_audit_command() overflow"
-#~ msgstr "notranja napaka, prekoračitev linux_audit_command()"
-
-#~ msgid "internal error, runas_groups overflow"
-#~ msgstr "notranja napaka, prekoračitev v funkciji runas_groups()"
-
-#~ msgid "internal error, init_vars() overflow"
-#~ msgstr "notranja napaka, prekoračitev init_vars()"
-# SOME DESCRIPTIVE TITLE.
+# Portable object template file for the sudoers plugin
# This file is put in the public domain.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+# Todd C. Miller <Todd.Miller@courtesan.com>, 2011-2013
#
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6\n"
+"Project-Id-Version: sudo 1.8.7\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
+"POT-Creation-Date: 2013-04-29 14:01-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
+#: confstr.sh:2
+msgid "Password:"
msgstr ""
-#: plugins/sudoers/alias.c:125
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr ""
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr ""
+
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr ""
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr ""
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr ""
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr ""
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr ""
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr ""
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr ""
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr ""
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"%s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
+msgid "%s: unable to initialize credential cache: %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
+msgid "%s: unable to store credential in cache: %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr ""
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr ""
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr ""
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr ""
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr ""
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
msgstr ""
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr ""
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid ""
"Account expired or PAM config lacks an \"account\" section for sudo, contact "
"your system administrator"
msgstr ""
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr ""
-
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
+msgid "PAM authentication error: %s"
msgstr ""
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
msgstr ""
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr ""
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr ""
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr ""
-#: plugins/sudoers/auth/sudo_auth.c:121
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr ""
+
+#: plugins/sudoers/auth/sudo_auth.c:120
msgid ""
-"Invalid authentication methods compiled into sudo! You may mix standalone "
-"and non-standalone authentication."
+"Invalid authentication methods compiled into sudo! You may not mix "
+"standalone and non-standalone authentication."
+msgstr ""
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
msgstr ""
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid ""
"There are no authentication methods compiled into sudo! If you want to turn "
"off authentication, use the --disable-authentication configure option."
msgstr ""
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr ""
-#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63
-#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116
-#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172
-#, c-format
-msgid "getaudit: failed"
-msgstr ""
-
#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153
#, c-format
msgid "Could not determine audit condition"
msgstr ""
-#: plugins/sudoers/bsm_audit.c:101
-#, c-format
-msgid "getauid failed"
-msgstr ""
-
-#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
-#, c-format
-msgid "au_open: failed"
-msgstr ""
-
-#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174
-#, c-format
-msgid "au_to_subject: failed"
-msgstr ""
-
-#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178
-#, c-format
-msgid "au_to_exec_args: failed"
-msgstr ""
-
-#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187
-#, c-format
-msgid "au_to_return32: failed"
-msgstr ""
-
#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
#, c-format
msgid "unable to commit audit record"
msgstr ""
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr ""
-
-#: plugins/sudoers/bsm_audit.c:183
-#, c-format
-msgid "au_to_text: failed"
-msgstr ""
-
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr ""
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr ""
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr ""
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr ""
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr ""
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr ""
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr ""
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr ""
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr ""
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr ""
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr ""
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr ""
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr ""
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
msgstr ""
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr ""
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:645
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr ""
msgid "Set of limit privileges"
msgstr ""
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr ""
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr ""
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr ""
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr ""
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr ""
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr ""
-#: plugins/sudoers/env.c:367
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:430 plugins/sudoers/policy.c:437
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
#, c-format
-msgid "sudo_putenv: corrupted envp, length mismatch"
+msgid "internal error, %s overflow"
msgstr ""
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
+#: plugins/sudoers/env.c:367
#, c-format
-msgid "unable to allocate memory"
+msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr ""
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid ""
"sorry, you are not allowed to set the following environment variables: %s"
msgstr ""
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr ""
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr ""
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr ""
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr ""
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr ""
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr ""
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr ""
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr ""
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
#, c-format
-msgid "unable to read %s"
+msgid "%s exists but is not a directory (0%o)"
msgstr ""
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
#, c-format
-msgid "invalid sequence number %s"
+msgid "unable to mkdir %s"
msgstr ""
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:810
#, c-format
-msgid "unable to create %s"
+msgid "unable to open %s"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
+#, c-format
+msgid "unable to read %s"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
+#, c-format
+msgid "unable to write to %s"
msgstr ""
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
+#: plugins/sudoers/iolog.c:334
#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
+msgid "unable to create %s"
msgstr ""
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:407
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr ""
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:430
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr ""
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:460
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr ""
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:489
#, c-format
msgid "invalid uri: %s"
msgstr ""
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:495
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr ""
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:499
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr ""
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:518
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr ""
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:592
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr ""
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:595
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr ""
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1081
#, c-format
msgid "unable to get GMT time"
msgstr ""
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1087
#, c-format
msgid "unable to format timestamp"
msgstr ""
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1095
#, c-format
msgid "unable to build time filter"
msgstr ""
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1314
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr ""
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1845
#, c-format
msgid ""
"\n"
"LDAP Role: %s\n"
msgstr ""
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1847
#, c-format
msgid ""
"\n"
"LDAP Role: UNKNOWN\n"
msgstr ""
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1894
#, c-format
msgid " Order: %s\n"
msgstr ""
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1902 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr ""
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2325
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr ""
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2359
#, c-format
msgid ""
"start_tls specified but LDAP libs do not support ldap_start_tls_s() or "
"ldap_start_tls_s_np()"
msgstr ""
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2595
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr ""
msgid "unable to send audit message"
msgstr ""
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr ""
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr ""
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr ""
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr ""
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr ""
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr ""
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr ""
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr ""
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr ""
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr ""
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr ""
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr ""
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr ""
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr ""
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr ""
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr ""
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"Use `sudo ./%s' if this is the `%s' you wish to run."
msgstr ""
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr ""
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr ""
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] ""
msgstr[1] ""
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr ""
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr ""
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr ""
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr ""
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr ""
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr ""
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr ""
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr ""
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr ""
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr ""
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr ""
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr ""
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"Sudoers entry:\n"
msgstr ""
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr ""
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr ""
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr ""
+
+#: plugins/sudoers/policy.c:527 plugins/sudoers/visudo.c:751
+#, c-format
+msgid "unable to execute %s"
+msgstr ""
+
+#: plugins/sudoers/policy.c:669
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:675
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
+#: plugins/sudoers/policy.c:678
+#, c-format
+msgid "nsswitch path: %s\n"
msgstr ""
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:680
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
+msgid "ldap.conf path: %s\n"
msgstr ""
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:681
#, c-format
-msgid "unable to cache uid %u, already exists"
+msgid "ldap.secret path: %s\n"
msgstr ""
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:148
#, c-format
-msgid "unable to cache user %s, already exists"
+msgid "unable to cache uid %u, already exists"
msgstr ""
-#: plugins/sudoers/pwutil.c:668
+#: plugins/sudoers/pwutil.c:190
#, c-format
-msgid "unable to cache gid %u (%s), already exists"
+msgid "unable to cache user %s, already exists"
msgstr ""
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:386
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr ""
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:422
#, c-format
msgid "unable to cache group %s, already exists"
msgstr ""
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:598
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr ""
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr ""
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr ""
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr ""
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr ""
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr ""
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr ""
-#: plugins/sudoers/sssd.c:251
-#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr ""
-
-#: plugins/sudoers/sssd.c:252
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr ""
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr ""
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr ""
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr ""
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr ""
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr ""
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr ""
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr ""
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr ""
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr ""
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr ""
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr ""
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr ""
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr ""
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr ""
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr ""
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:312 plugins/sudoers/visudo.c:577
+#, c-format
+msgid "unable to stat %s"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr ""
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr ""
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr ""
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr ""
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr ""
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr ""
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr ""
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr ""
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr ""
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr ""
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr ""
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr ""
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr ""
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr ""
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:530
-#, c-format
-msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
-msgstr ""
-
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr ""
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr ""
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr ""
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr ""
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr ""
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr ""
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"\n"
msgstr ""
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -V display version information and exit"
msgstr ""
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr ""
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
msgstr ""
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
msgstr ""
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
msgstr ""
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr ""
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr ""
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr ""
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:530
#, c-format
msgid "press return to edit %s: "
msgstr ""
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:328 plugins/sudoers/visudo.c:334
#, c-format
msgid "write error"
msgstr ""
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:416
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr ""
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:421
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr ""
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:427
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr ""
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:450
#, c-format
msgid "%s unchanged"
msgstr ""
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:475
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr ""
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:485
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr ""
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:521
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr ""
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:579 plugins/sudoers/visudo.c:588
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr ""
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:583 plugins/sudoers/visudo.c:593
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr ""
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:610
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr ""
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:624
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr ""
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:634
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr ""
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:696
msgid "What now? "
msgstr ""
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:710
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (Q)uit and save changes to sudoers file (DANGER!)\n"
msgstr ""
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr ""
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:758
#, c-format
msgid "unable to run %s"
msgstr ""
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:784
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr ""
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:791
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr ""
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:816
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr ""
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:832
#, c-format
msgid "parse error in %s near line %d\n"
msgstr ""
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:835
#, c-format
msgid "parse error in %s\n"
msgstr ""
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:842 plugins/sudoers/visudo.c:847
#, c-format
msgid "%s: parsed OK\n"
msgstr ""
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:894
#, c-format
msgid "%s busy, try again later"
msgstr ""
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:938
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr ""
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:961
#, c-format
msgid "unable to stat editor (%s)"
msgstr ""
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1009
#, c-format
msgid "no editor found (editor path = %s)"
msgstr ""
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr ""
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1102
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr ""
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr ""
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1106
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr ""
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1241
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr ""
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1303
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"\n"
msgstr ""
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1305
msgid ""
"\n"
"Options:\n"
" -V display version information and exit"
msgstr ""
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr ""
--- /dev/null
+# Turkish translations for sudoers package
+# This file is put in the public domain.
+# Todd C. Miller <Todd.Miller@courtesan.com>, 2011-2013
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: sudoers 1.8.7b2\n"
+"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-27 23:41+0200\n"
+"Last-Translator: Özgür Sarıer <ozgursarier1011601115@gmail.com>\n"
+"Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"
+"Language: tr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 1.5.5\n"
+
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Parola:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** %h için GÜVENLİK bilgisi ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Üzgünüm, yeniden deneyin."
+
+#: plugins/sudoers/alias.c:124
+#, c-format
+msgid "Alias `%s' already defined"
+msgstr "Takma ad `%s' önceden tanımlanmış"
+
+#: plugins/sudoers/auth/bsdauth.c:77
+#, c-format
+msgid "unable to get login class for user %s"
+msgstr "kullanıcı %s için oturum açma sınıfı elde edilemedi"
+
+#: plugins/sudoers/auth/bsdauth.c:83
+msgid "unable to begin bsd authentication"
+msgstr "bsd kimlik doğrulama işlemine başlanılamadı"
+
+#: plugins/sudoers/auth/bsdauth.c:91
+msgid "invalid authentication type"
+msgstr "geçersiz kimlik doğrulama türü"
+
+#: plugins/sudoers/auth/bsdauth.c:100
+msgid "unable to setup authentication"
+msgstr "kimlik doğrulama gerçekleştirilemedi"
+
+#: plugins/sudoers/auth/fwtk.c:59
+#, c-format
+msgid "unable to read fwtk config"
+msgstr "fwtk yapılandırması okunamadı"
+
+#: plugins/sudoers/auth/fwtk.c:64
+#, c-format
+msgid "unable to connect to authentication server"
+msgstr "kimlik doğrulama sunucusuna bağlanılamadı"
+
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
+#, c-format
+msgid "lost connection to authentication server"
+msgstr "kimlik doğrulama sunucusunda bağlantı kaybı"
+
+#: plugins/sudoers/auth/fwtk.c:74
+#, c-format
+msgid ""
+"authentication server error:\n"
+"%s"
+msgstr ""
+"kimlik doğrulama sunucusu hatası:\n"
+"%s"
+
+#: plugins/sudoers/auth/kerb5.c:116
+#, c-format
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr ""
+
+#: plugins/sudoers/auth/kerb5.c:159
+#, c-format
+msgid "%s: unable to parse '%s': %s"
+msgstr "%s: ayrıştırılamayan öge '%s': %s"
+
+#: plugins/sudoers/auth/kerb5.c:169
+#, c-format
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: kimlik bilgisi önbelleği çözülemedi: %s"
+
+#: plugins/sudoers/auth/kerb5.c:217
+#, c-format
+msgid "%s: unable to allocate options: %s"
+msgstr "%s: seçenekler ayrılamadı: %s"
+
+#: plugins/sudoers/auth/kerb5.c:233
+#, c-format
+msgid "%s: unable to get credentials: %s"
+msgstr "%s: kimlik bilgileri elde edilemedi: %s"
+
+#: plugins/sudoers/auth/kerb5.c:246
+#, c-format
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: kimlik bilgisi önbelleği hazırlanamadı: %s"
+
+#: plugins/sudoers/auth/kerb5.c:250
+#, c-format
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: kimlik bilgisi önbellekte saklanamadı: %s"
+
+#: plugins/sudoers/auth/kerb5.c:315
+#, c-format
+msgid "%s: unable to get host principal: %s"
+msgstr ""
+
+#: plugins/sudoers/auth/kerb5.c:330
+#, c-format
+msgid "%s: Cannot verify TGT! Possible attack!: %s"
+msgstr "%s: TGT doğrulanamadı! Muhtemel saldırı!: %s"
+
+#: plugins/sudoers/auth/pam.c:105
+msgid "unable to initialize PAM"
+msgstr "PAM başlatılamadı"
+
+#: plugins/sudoers/auth/pam.c:150
+msgid "account validation failure, is your account locked?"
+msgstr "hesap geçerliliği teyit edilemedi, hesabınız kilitli mi?"
+
+#: plugins/sudoers/auth/pam.c:154
+msgid "Account or password is expired, reset your password and try again"
+msgstr "Hesabın veya hesap parolasının süresi dolmuş, parolanızı sıfırlayınız ve yeniden deneyiniz"
+
+#: plugins/sudoers/auth/pam.c:162
+#, c-format
+msgid "unable to change expired password: %s"
+msgstr "zaman aşımına uğramış parola değiştirilemedi: %s"
+
+#: plugins/sudoers/auth/pam.c:167
+msgid "Password expired, contact your system administrator"
+msgstr "Parola geçerlilik süresi dolmuş, sistem yöneticinizle temasa geçiniz"
+
+#: plugins/sudoers/auth/pam.c:171
+msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
+msgstr "Hesap geçerlilik süresi dolmuş veya sudo için PAM yapılandırması bir \"account\" bölümünden yoksun, sistem yöneticinizle temasa geçiniz"
+
+#: plugins/sudoers/auth/pam.c:188
+#, c-format
+msgid "PAM authentication error: %s"
+msgstr "PAM kimlik doğrulama hatası: %s"
+
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "kimlik bilgileri oluşturulamadı: %s"
+
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
+#, c-format
+msgid "you do not exist in the %s database"
+msgstr "%s veritabanında bulunmuyorsunuz"
+
+#: plugins/sudoers/auth/securid5.c:80
+#, c-format
+msgid "failed to initialise the ACE API library"
+msgstr "ACE API kütüphanesinin hazırlanması başarısız oldu"
+
+#: plugins/sudoers/auth/securid5.c:106
+#, c-format
+msgid "unable to contact the SecurID server"
+msgstr "SecurID sunucusuyla bağlantı kurulamadı"
+
+#: plugins/sudoers/auth/securid5.c:115
+#, c-format
+msgid "User ID locked for SecurID Authentication"
+msgstr "Kullanıcı Kimliği(User ID), SecurID Kimlik Doğrulaması için kilitli"
+
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
+#, c-format
+msgid "invalid username length for SecurID"
+msgstr "SecurID için geçersiz kullanıcı adı uzunluğu"
+
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
+#, c-format
+msgid "invalid Authentication Handle for SecurID"
+msgstr "SecurID için geçersiz Kimlik Doğrulama İşleyicisi"
+
+#: plugins/sudoers/auth/securid5.c:127
+#, c-format
+msgid "SecurID communication failed"
+msgstr "SecurID iletişimi başarısız oldu"
+
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
+#, c-format
+msgid "unknown SecurID error"
+msgstr "bilinmeyen SecurID hatası"
+
+#: plugins/sudoers/auth/securid5.c:165
+#, c-format
+msgid "invalid passcode length for SecurID"
+msgstr "SecurID için geçersiz şifre uzunluğu"
+
+#: plugins/sudoers/auth/sia.c:108
+msgid "unable to initialize SIA session"
+msgstr "SIA oturumu başlatılamadı"
+
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "geçersiz kimlik doğrulama yöntemleri"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Sudo içinde geçersiz kimlik doğrulama yöntemleri derlenmiş! Bağımsız ve bağımsız olmayan kimlik doğrulama yöntemlerini karma bir şekilde kullanamayabilirsiniz."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "kimlik doğrulama yöntemleri yok"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
+msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
+msgstr "Sudo içinde herhangi bir kimlik doğrulama yöntemi derlenmemiş! Kimlik doğrulamayı kapatmak isterseniz, --disable-authentication seçeneğini kullanınız."
+
+#: plugins/sudoers/auth/sudo_auth.c:389
+msgid "Authentication methods:"
+msgstr "Kimlik doğrulama yöntemleri:"
+
+#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63
+#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116
+#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172
+#, c-format
+msgid "getaudit: failed"
+msgstr "getaudit: işlem başarısız"
+
+#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153
+#, c-format
+msgid "Could not determine audit condition"
+msgstr "Denetim durumu belirlenemedi"
+
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
+#, c-format
+msgid "getauid: failed"
+msgstr "getauid: işlem başarısız"
+
+#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
+#, c-format
+msgid "au_open: failed"
+msgstr "au_open: işlem başarısız"
+
+#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174
+#, c-format
+msgid "au_to_subject: failed"
+msgstr "au_to_subject: işlem başarısız"
+
+#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178
+#, c-format
+msgid "au_to_exec_args: failed"
+msgstr "au_to_exec_args: işlem başarısız"
+
+#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187
+#, c-format
+msgid "au_to_return32: failed"
+msgstr "au_to_return32: işlem başarısız"
+
+#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
+#, c-format
+msgid "unable to commit audit record"
+msgstr "denetim kaydı işlenemiyor"
+
+#: plugins/sudoers/bsm_audit.c:183
+#, c-format
+msgid "au_to_text: failed"
+msgstr "au_to_text: işlem başarısız"
+
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Yerel Sistem Yöneticisinden olağan öğütleri aldığınıza güveniyoruz.\n"
+"Bunları genellikle aşağıdaki üç şeyle özetleyebiliriz:\n"
+"\n"
+" #1) Diğer kişilerin özel hayatına saygı gösterin.\n"
+" #2) Bir yazmadan önce iki kere düşünün.\n"
+" #3) Büyük gücün büyük bir sorumluluk getirdiğini unutmayın.\n"
+"\n"
+
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
+#, c-format
+msgid "unknown uid: %u"
+msgstr "bilinmeyen uid: %u"
+
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
+#, c-format
+msgid "unknown user: %s"
+msgstr "bilinmeyen kullanıcı: %s"
+
+#: plugins/sudoers/def_data.c:27
+#, c-format
+msgid "Syslog facility if syslog is being used for logging: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:31
+#, c-format
+msgid "Syslog priority to use when user authenticates successfully: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:35
+#, c-format
+msgid "Syslog priority to use when user authenticates unsuccessfully: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:39
+msgid "Put OTP prompt on its own line"
+msgstr "OTP güdüsünü kendi satırına yerleştir"
+
+#: plugins/sudoers/def_data.c:43
+msgid "Ignore '.' in $PATH"
+msgstr "$PATH içindeki '.' ögesini yoksay"
+
+#: plugins/sudoers/def_data.c:47
+msgid "Always send mail when sudo is run"
+msgstr "Sudonun çalıştırıldığı her zaman e-posta gönder"
+
+#: plugins/sudoers/def_data.c:51
+msgid "Send mail if user authentication fails"
+msgstr "Kullanıcı kimlik doğrulaması başarısız olursa e-posta gönder"
+
+#: plugins/sudoers/def_data.c:55
+msgid "Send mail if the user is not in sudoers"
+msgstr "Kullanıcı sudoers içinde değilse e-posta gönder"
+
+#: plugins/sudoers/def_data.c:59
+msgid "Send mail if the user is not in sudoers for this host"
+msgstr "Kullanıcı bu makinedeki sudoers içinde değilse e-posta gönder"
+
+#: plugins/sudoers/def_data.c:63
+msgid "Send mail if the user is not allowed to run a command"
+msgstr "Kullanıcının bir komut çalıştırmasına izin verilmiyor ise e-posta gönder"
+
+#: plugins/sudoers/def_data.c:67
+msgid "Use a separate timestamp for each user/tty combo"
+msgstr "Her kullanıcı/tty birleşik girişi için ayrı bir zaman damgası kullan"
+
+#: plugins/sudoers/def_data.c:71
+msgid "Lecture user the first time they run sudo"
+msgstr "Sudoyu ilk defa çalıştırdıkları zaman kullanıcıya gerekli öğütleri ver"
+
+#: plugins/sudoers/def_data.c:75
+#, c-format
+msgid "File containing the sudo lecture: %s"
+msgstr "Dosya sudo öğüdü içeriyor: %s"
+
+#: plugins/sudoers/def_data.c:79
+msgid "Require users to authenticate by default"
+msgstr "Öntanımlı olarak kullanıcıların kimlik doğrulaması gerekmektedir"
+
+#: plugins/sudoers/def_data.c:83
+msgid "Root may run sudo"
+msgstr "Kök kullanıcı (root) sudoyu çalıştırabilir"
+
+#: plugins/sudoers/def_data.c:87
+msgid "Log the hostname in the (non-syslog) log file"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:91
+msgid "Log the year in the (non-syslog) log file"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:95
+msgid "If sudo is invoked with no arguments, start a shell"
+msgstr "Eğer sudo herhangi bir bağımsız değişkenle uyandırılmazsa, bir kabuk başlat"
+
+#: plugins/sudoers/def_data.c:99
+msgid "Set $HOME to the target user when starting a shell with -s"
+msgstr "Kabuğu -s ile başlatırken $HOME çevre değişkenini hedef kullanıcıya ata"
+
+#: plugins/sudoers/def_data.c:103
+msgid "Always set $HOME to the target user's home directory"
+msgstr "Her zaman $HOME çevre değişkenini hedef kullanıcının ev dizinine ata"
+
+#: plugins/sudoers/def_data.c:107
+msgid "Allow some information gathering to give useful error messages"
+msgstr "Yararlı hata iletilerinin verilmesi için bazı bilgilerin toplanmasına izin ver"
+
+#: plugins/sudoers/def_data.c:111
+msgid "Require fully-qualified hostnames in the sudoers file"
+msgstr "Sudoers dosyası içerisinde tam nitelikli ana makine adlarının olması gerekmektedir"
+
+#: plugins/sudoers/def_data.c:115
+msgid "Insult the user when they enter an incorrect password"
+msgstr "Hatalı parola girdikleri zaman kullanıcıyı aşağıla"
+
+#: plugins/sudoers/def_data.c:119
+msgid "Only allow the user to run sudo if they have a tty"
+msgstr "Ancak bir tty sahibi iseler kullanıcıya sudoyu çalıştırma izni ver"
+
+#: plugins/sudoers/def_data.c:123
+msgid "Visudo will honor the EDITOR environment variable"
+msgstr "Visudo EDITOR çevre değişkeninin gereğini şerefle yerine getirecektir."
+
+#: plugins/sudoers/def_data.c:127
+msgid "Prompt for root's password, not the users's"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:131
+msgid "Prompt for the runas_default user's password, not the users's"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:135
+msgid "Prompt for the target user's password, not the users's"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:139
+msgid "Apply defaults in the target user's login class if there is one"
+msgstr "Eğer bir tane varsa hedef kullanıcı oturum açma sınıfında öntanımlıları uygula"
+
+#: plugins/sudoers/def_data.c:143
+msgid "Set the LOGNAME and USER environment variables"
+msgstr "LOGNAME ve USER çevre değişkenlerini ata"
+
+#: plugins/sudoers/def_data.c:147
+msgid "Only set the effective uid to the target user, not the real uid"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:151
+msgid "Don't initialize the group vector to that of the target user"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:155
+#, c-format
+msgid "Length at which to wrap log file lines (0 for no wrap): %d"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:159
+#, c-format
+msgid "Authentication timestamp timeout: %.1f minutes"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:163
+#, c-format
+msgid "Password prompt timeout: %.1f minutes"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:167
+#, c-format
+msgid "Number of tries to enter a password: %d"
+msgstr "Bir parola girişinde deneme sayısı: %d"
+
+#: plugins/sudoers/def_data.c:171
+#, c-format
+msgid "Umask to use or 0777 to use user's: 0%o"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:175
+#, c-format
+msgid "Path to log file: %s"
+msgstr "Günlük kütüğü yolu: %s"
+
+#: plugins/sudoers/def_data.c:179
+#, c-format
+msgid "Path to mail program: %s"
+msgstr "E-posta programı yolu: %s"
+
+#: plugins/sudoers/def_data.c:183
+#, c-format
+msgid "Flags for mail program: %s"
+msgstr "E-posta programı için bayraklar: %s"
+
+#: plugins/sudoers/def_data.c:187
+#, c-format
+msgid "Address to send mail to: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:191
+#, c-format
+msgid "Address to send mail from: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:195
+#, c-format
+msgid "Subject line for mail messages: %s"
+msgstr "E-posta iletileri için konu satırı: %s"
+
+#: plugins/sudoers/def_data.c:199
+#, c-format
+msgid "Incorrect password message: %s"
+msgstr "Hatalı parola iletisi: %s"
+
+#: plugins/sudoers/def_data.c:203
+#, c-format
+msgid "Path to authentication timestamp dir: %s"
+msgstr "Kimlik doğrulama zaman damgası dizininin yolu: %s"
+
+#: plugins/sudoers/def_data.c:207
+#, c-format
+msgid "Owner of the authentication timestamp dir: %s"
+msgstr "Kimlik doğrulama zaman damgası dizininin sahibi: %s"
+
+#: plugins/sudoers/def_data.c:211
+#, c-format
+msgid "Users in this group are exempt from password and PATH requirements: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:215
+#, c-format
+msgid "Default password prompt: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:219
+msgid "If set, passprompt will override system prompt in all cases."
+msgstr ""
+
+#: plugins/sudoers/def_data.c:223
+#, c-format
+msgid "Default user to run commands as: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:227
+#, c-format
+msgid "Value to override user's $PATH with: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:231
+#, c-format
+msgid "Path to the editor for use by visudo: %s"
+msgstr "Visudo tarafından kullanılacak düzenleyici yolu: %s"
+
+#: plugins/sudoers/def_data.c:235
+#, c-format
+msgid "When to require a password for 'list' pseudocommand: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:239
+#, c-format
+msgid "When to require a password for 'verify' pseudocommand: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:243
+msgid "Preload the dummy exec functions contained in the sudo_noexec library"
+msgstr "Sudo_noexec kütüphanesinin içerdiği taklit exec işlevlerini önyükle"
+
+#: plugins/sudoers/def_data.c:247
+msgid "If LDAP directory is up, do we ignore local sudoers file"
+msgstr "LDAP dizini kullanılabilir durumda ise, yerel sudoers dosyalarını yok sayalım mı"
+
+#: plugins/sudoers/def_data.c:251
+#, c-format
+msgid "File descriptors >= %d will be closed before executing a command"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:255
+msgid "If set, users may override the value of `closefrom' with the -C option"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:259
+msgid "Allow users to set arbitrary environment variables"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:263
+msgid "Reset the environment to a default set of variables"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:267
+msgid "Environment variables to check for sanity:"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:271
+msgid "Environment variables to remove:"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:275
+msgid "Environment variables to preserve:"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:279
+#, c-format
+msgid "SELinux role to use in the new security context: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:283
+#, c-format
+msgid "SELinux type to use in the new security context: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:287
+#, c-format
+msgid "Path to the sudo-specific environment file: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:291
+#, c-format
+msgid "Locale to use while parsing sudoers: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:295
+msgid "Allow sudo to prompt for a password even if it would be visible"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:299
+msgid "Provide visual feedback at the password prompt when there is user input"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:303
+msgid "Use faster globbing that is less accurate but does not access the filesystem"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:307
+msgid "The umask specified in sudoers will override the user's, even if it is more permissive"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:311
+msgid "Log user's input for the command being run"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:315
+msgid "Log the output of the command being run"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:319
+msgid "Compress I/O logs using zlib"
+msgstr "I/O günlüklerini zlib kullanarak sıkıştır"
+
+#: plugins/sudoers/def_data.c:323
+msgid "Always run commands in a pseudo-tty"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:327
+#, c-format
+msgid "Plugin for non-Unix group support: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:331
+#, c-format
+msgid "Directory in which to store input/output logs: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:335
+#, c-format
+msgid "File in which to store the input/output log: %s"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:339
+msgid "Add an entry to the utmp/utmpx file when allocating a pty"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:343
+msgid "Set the user in utmp to the runas user, not the invoking user"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:347
+msgid "Set of permitted privileges"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:351
+msgid "Set of limit privileges"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr ""
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr ""
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
+#, c-format
+msgid "unknown defaults entry `%s'"
+msgstr ""
+
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
+#, c-format
+msgid "value `%s' is invalid for option `%s'"
+msgstr ""
+
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
+#, c-format
+msgid "no value specified for `%s'"
+msgstr ""
+
+#: plugins/sudoers/defaults.c:241
+#, c-format
+msgid "values for `%s' must start with a '/'"
+msgstr ""
+
+#: plugins/sudoers/defaults.c:303
+#, c-format
+msgid "option `%s' does not take a value"
+msgstr ""
+
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr ""
+
+#: plugins/sudoers/env.c:367
+#, c-format
+msgid "sudo_putenv: corrupted envp, length mismatch"
+msgstr ""
+
+#: plugins/sudoers/env.c:1012
+#, c-format
+msgid "sorry, you are not allowed to set the following environment variables: %s"
+msgstr ""
+
+#: plugins/sudoers/group_plugin.c:102
+#, c-format
+msgid "%s must be owned by uid %d"
+msgstr ""
+
+#: plugins/sudoers/group_plugin.c:106
+#, c-format
+msgid "%s must only be writable by owner"
+msgstr ""
+
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
+#, c-format
+msgid "unable to dlopen %s: %s"
+msgstr ""
+
+#: plugins/sudoers/group_plugin.c:118
+#, c-format
+msgid "unable to find symbol \"group_plugin\" in %s"
+msgstr ""
+
+#: plugins/sudoers/group_plugin.c:123
+#, c-format
+msgid "%s: incompatible group plugin major version %d, expected %d"
+msgstr ""
+
+#: plugins/sudoers/interfaces.c:119
+msgid "Local IP address and netmask pairs:\n"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
+#, c-format
+msgid "unable to read %s"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
+#, c-format
+msgid "unable to write to %s"
+msgstr ""
+
+#: plugins/sudoers/iolog.c:334
+#, c-format
+msgid "unable to create %s"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:385
+#, c-format
+msgid "sudo_ldap_conf_add_ports: port too large"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:408
+#, c-format
+msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:438
+#, c-format
+msgid "unsupported LDAP uri type: %s"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:467
+#, c-format
+msgid "invalid uri: %s"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:473
+#, c-format
+msgid "unable to mix ldap and ldaps URIs"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:477
+#, c-format
+msgid "unable to mix ldaps and starttls"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:496
+#, c-format
+msgid "sudo_ldap_parse_uri: out of space building hostbuf"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:570
+#, c-format
+msgid "unable to initialize SSL cert and key db: %s"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:573
+#, c-format
+msgid "you must set TLS_CERT in %s to use SSL"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1062
+#, c-format
+msgid "unable to get GMT time"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1068
+#, c-format
+msgid "unable to format timestamp"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1076
+#, c-format
+msgid "unable to build time filter"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1295
+#, c-format
+msgid "sudo_ldap_build_pass1 allocation mismatch"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1842
+#, c-format
+msgid ""
+"\n"
+"LDAP Role: %s\n"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1844
+#, c-format
+msgid ""
+"\n"
+"LDAP Role: UNKNOWN\n"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1891
+#, c-format
+msgid " Order: %s\n"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
+#, c-format
+msgid " Commands:\n"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:2321
+#, c-format
+msgid "unable to initialize LDAP: %s"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:2355
+#, c-format
+msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
+msgstr ""
+
+#: plugins/sudoers/ldap.c:2591
+#, c-format
+msgid "invalid sudoOrder attribute: %s"
+msgstr ""
+
+#: plugins/sudoers/linux_audit.c:57
+#, c-format
+msgid "unable to open audit system"
+msgstr ""
+
+#: plugins/sudoers/linux_audit.c:93
+#, c-format
+msgid "unable to send audit message"
+msgstr ""
+
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr ""
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr ""
+
+#: plugins/sudoers/logging.c:194
+#, c-format
+msgid "unable to open log file: %s: %s"
+msgstr "günlük kütüğü açılamadı: %s: %s"
+
+#: plugins/sudoers/logging.c:197
+#, c-format
+msgid "unable to lock log file: %s: %s"
+msgstr "günlük kütüğü kilitlenemedi: %s: %s"
+
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Kullanıcı veya ana makine yok"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "doğrulama başarısız"
+
+#: plugins/sudoers/logging.c:254
+msgid "user NOT in sudoers"
+msgstr "kullancı sudoers içinde DEĞİL"
+
+#: plugins/sudoers/logging.c:256
+msgid "user NOT authorized on host"
+msgstr "kullanıcı ana makine üzerinde yetkili DEĞİL"
+
+#: plugins/sudoers/logging.c:258
+msgid "command not allowed"
+msgstr "komuta izin verilmiyor"
+
+#: plugins/sudoers/logging.c:288
+#, c-format
+msgid "%s is not in the sudoers file. This incident will be reported.\n"
+msgstr "%s sudoers dosyası içinde değil. Bu olay rapor edilecek.\n"
+
+#: plugins/sudoers/logging.c:291
+#, c-format
+msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
+msgstr "%s, %s üzerinde sudoyu çalıştırma iznine sahip değil. Bu olay rapor edilecek.\n"
+
+#: plugins/sudoers/logging.c:295
+#, c-format
+msgid "Sorry, user %s may not run sudo on %s.\n"
+msgstr "Üzgünüm, %s kullanıcısı %s üzerinde sudoyu çalıştıramayabilir.\n"
+
+#: plugins/sudoers/logging.c:298
+#, c-format
+msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
+msgstr "Üzgünüm, %s kullanıcısı '%s%s%s' komutunu %s%s%s olarak %s üzerinde çalıştırma iznine sahip değil.\n"
+
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
+#, c-format
+msgid "%s: command not found"
+msgstr "%s: komut bulunamadı"
+
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
+#, c-format
+msgid ""
+"ignoring `%s' found in '.'\n"
+"Use `sudo ./%s' if this is the `%s' you wish to run."
+msgstr ""
+
+#: plugins/sudoers/logging.c:353
+msgid "authentication failure"
+msgstr ""
+
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr ""
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
+#, c-format
+msgid "%d incorrect password attempt"
+msgid_plural "%d incorrect password attempts"
+msgstr[0] ""
+msgstr[1] ""
+
+#: plugins/sudoers/logging.c:566
+#, c-format
+msgid "unable to fork"
+msgstr ""
+
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
+#, c-format
+msgid "unable to fork: %m"
+msgstr ""
+
+#: plugins/sudoers/logging.c:619
+#, c-format
+msgid "unable to open pipe: %m"
+msgstr ""
+
+#: plugins/sudoers/logging.c:644
+#, c-format
+msgid "unable to dup stdin: %m"
+msgstr ""
+
+#: plugins/sudoers/logging.c:680
+#, c-format
+msgid "unable to execute %s: %m"
+msgstr ""
+
+#: plugins/sudoers/logging.c:899
+#, c-format
+msgid "internal error: insufficient space for log line"
+msgstr ""
+
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr ""
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr ""
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr ""
+
+#: plugins/sudoers/parse.c:124
+#, c-format
+msgid "parse error in %s near line %d"
+msgstr ""
+
+#: plugins/sudoers/parse.c:127
+#, c-format
+msgid "parse error in %s"
+msgstr ""
+
+#: plugins/sudoers/parse.c:462
+#, c-format
+msgid ""
+"\n"
+"Sudoers entry:\n"
+msgstr ""
+
+#: plugins/sudoers/parse.c:463
+#, c-format
+msgid " RunAsUsers: "
+msgstr ""
+
+#: plugins/sudoers/parse.c:477
+#, c-format
+msgid " RunAsGroups: "
+msgstr ""
+
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr ""
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr ""
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:665
+#, c-format
+msgid ""
+"\n"
+"Sudoers path: %s\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:670
+#, c-format
+msgid "ldap.conf path: %s\n"
+msgstr ""
+
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:148
+#, c-format
+msgid "unable to cache uid %u, already exists"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:190
+#, c-format
+msgid "unable to cache user %s, already exists"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:374
+#, c-format
+msgid "unable to cache gid %u, already exists"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:410
+#, c-format
+msgid "unable to cache group %s, already exists"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr ""
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
+msgid "perm stack overflow"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
+msgid "perm stack underflow"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
+msgid "unable to change to runas gid"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
+msgid "unable to change to runas uid"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
+msgid "unable to change to sudoers gid"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
+msgid "too many processes"
+msgstr ""
+
+#: plugins/sudoers/set_perms.c:1583
+msgid "unable to set runas group vector"
+msgstr ""
+
+#: plugins/sudoers/sssd.c:257
+#, c-format
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr ""
+
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
+#, c-format
+msgid "unable to find symbol \"%s\" in %s"
+msgstr ""
+
+#: plugins/sudoers/sudo_nss.c:283
+#, c-format
+msgid "Matching Defaults entries for %s on this host:\n"
+msgstr ""
+
+#: plugins/sudoers/sudo_nss.c:296
+#, c-format
+msgid "Runas and Command-specific defaults for %s:\n"
+msgstr ""
+
+#: plugins/sudoers/sudo_nss.c:309
+#, c-format
+msgid "User %s may run the following commands on this host:\n"
+msgstr ""
+
+#: plugins/sudoers/sudo_nss.c:318
+#, c-format
+msgid "User %s is not allowed to run sudo on %s.\n"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
+msgid "problem with defaults entries"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:165
+#, c-format
+msgid "no valid sudoers sources found, quitting"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:227
+#, c-format
+msgid "sudoers specifies that root is not allowed to sudo"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:234
+#, c-format
+msgid "you are not permitted to use the -C option"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:315
+#, c-format
+msgid "timestamp owner (%s): No such user"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:329
+msgid "no tty"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:330
+#, c-format
+msgid "sorry, you must have a tty to run sudo"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:378
+msgid "command in current directory"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:395
+#, c-format
+msgid "sorry, you are not allowed to preserve the environment"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:726
+#, c-format
+msgid "%s is not a regular file"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:729 toke.l:913
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:733 toke.l:920
+#, c-format
+msgid "%s is world writable"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:736 toke.l:925
+#, c-format
+msgid "%s is owned by gid %u, should be %u"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:763
+#, c-format
+msgid "only root can use `-c %s'"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
+#, c-format
+msgid "unknown login class: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:814
+#, c-format
+msgid "unable to resolve host %s"
+msgstr ""
+
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
+#, c-format
+msgid "unknown group: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:292
+#, c-format
+msgid "invalid filter option: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:305
+#, c-format
+msgid "invalid max wait: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:311
+#, c-format
+msgid "invalid speed factor: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
+#, c-format
+msgid "%s version %s\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:339
+#, c-format
+msgid "%s/%.2s/%.2s/%.2s/timing: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:345
+#, c-format
+msgid "%s/%s/timing: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:363
+#, c-format
+msgid "Replaying sudo session: %s\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:369
+#, c-format
+msgid "Warning: your terminal is too small to properly replay the log.\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:370
+#, c-format
+msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:400
+#, c-format
+msgid "unable to set tty to raw mode"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:416
+#, c-format
+msgid "invalid timing file line: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:499
+#, c-format
+msgid "writing to standard output"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:528
+#, c-format
+msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
+#, c-format
+msgid "ambiguous expression \"%s\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:683
+#, c-format
+msgid "too many parenthesized expressions, max %d"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:694
+#, c-format
+msgid "unmatched ')' in expression"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:700
+#, c-format
+msgid "unknown search term \"%s\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:714
+#, c-format
+msgid "%s requires an argument"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
+#, c-format
+msgid "invalid regular expression: %s"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:724
+#, c-format
+msgid "could not parse date \"%s\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:737
+#, c-format
+msgid "unmatched '(' in expression"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:739
+#, c-format
+msgid "illegal trailing \"or\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:741
+#, c-format
+msgid "illegal trailing \"!\""
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1182
+#, c-format
+msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1185
+#, c-format
+msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1194
+#, c-format
+msgid ""
+"%s - replay sudo session logs\n"
+"\n"
+msgstr ""
+
+#: plugins/sudoers/sudoreplay.c:1196
+msgid ""
+"\n"
+"Options:\n"
+" -d directory specify directory for session logs\n"
+" -f filter specify which I/O type to display\n"
+" -h display help message and exit\n"
+" -l [expression] list available session IDs that match expression\n"
+" -m max_wait max number of seconds to wait between events\n"
+" -s speed_factor speed up or slow down output\n"
+" -V display version information and exit"
+msgstr ""
+
+#: plugins/sudoers/testsudoers.c:328
+msgid "\thost unmatched"
+msgstr ""
+
+#: plugins/sudoers/testsudoers.c:331
+msgid ""
+"\n"
+"Command allowed"
+msgstr ""
+
+#: plugins/sudoers/testsudoers.c:332
+msgid ""
+"\n"
+"Command denied"
+msgstr ""
+
+#: plugins/sudoers/testsudoers.c:332
+msgid ""
+"\n"
+"Command unmatched"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr ""
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr ""
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
+msgid "fill_args: buffer overflow"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:180
+#, c-format
+msgid "%s grammar version %d\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
+#, c-format
+msgid "press return to edit %s: "
+msgstr ""
+
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
+#, c-format
+msgid "write error"
+msgstr "yazma hatası"
+
+#: plugins/sudoers/visudo.c:414
+#, c-format
+msgid "unable to stat temporary file (%s), %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:419
+#, c-format
+msgid "zero length temporary file (%s), %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:425
+#, c-format
+msgid "editor (%s) failed, %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:448
+#, c-format
+msgid "%s unchanged"
+msgstr "%s değişmemiş"
+
+#: plugins/sudoers/visudo.c:477
+#, c-format
+msgid "unable to re-open temporary file (%s), %s unchanged."
+msgstr "geçici dosya (%s) yeniden açılamadı, %s değişmemiş."
+
+#: plugins/sudoers/visudo.c:487
+#, c-format
+msgid "unabled to parse temporary file (%s), unknown error"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:526
+#, c-format
+msgid "internal error, unable to find %s in list!"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
+#, c-format
+msgid "unable to set (uid, gid) of %s to (%u, %u)"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
+#, c-format
+msgid "unable to change mode of %s to 0%o"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:609
+#, c-format
+msgid "%s and %s not on the same file system, using mv to rename"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:623
+#, c-format
+msgid "command failed: '%s %s %s', %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:633
+#, c-format
+msgid "error renaming %s, %s unchanged"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:695
+msgid "What now? "
+msgstr ""
+
+#: plugins/sudoers/visudo.c:709
+msgid ""
+"Options are:\n"
+" (e)dit sudoers file again\n"
+" e(x)it without saving changes to sudoers file\n"
+" (Q)uit and save changes to sudoers file (DANGER!)\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:757
+#, c-format
+msgid "unable to run %s"
+msgstr "%s çalıştırılamadı"
+
+#: plugins/sudoers/visudo.c:783
+#, c-format
+msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:790
+#, c-format
+msgid "%s: bad permissions, should be mode 0%o\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:815
+#, c-format
+msgid "failed to parse %s file, unknown error"
+msgstr "%s dosyasının ayrıştırılması başarısız oldu, bilinmeyen hata"
+
+#: plugins/sudoers/visudo.c:831
+#, c-format
+msgid "parse error in %s near line %d\n"
+msgstr "%s içindeki %d satırı yakınında ayrıştırma hatası\n"
+
+#: plugins/sudoers/visudo.c:834
+#, c-format
+msgid "parse error in %s\n"
+msgstr "%s içinde ayrıştırma hatası\n"
+
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
+#, c-format
+msgid "%s: parsed OK\n"
+msgstr "%s: ayrıştırma TAMAM\n"
+
+#: plugins/sudoers/visudo.c:893
+#, c-format
+msgid "%s busy, try again later"
+msgstr "%s meşgul, daha sonra tekrar deneyin"
+
+#: plugins/sudoers/visudo.c:937
+#, c-format
+msgid "specified editor (%s) doesn't exist"
+msgstr "belirtilen düzenleyici (%s) yok"
+
+#: plugins/sudoers/visudo.c:960
+#, c-format
+msgid "unable to stat editor (%s)"
+msgstr "düzenleyici (%s) başlatılamadı"
+
+#: plugins/sudoers/visudo.c:1008
+#, c-format
+msgid "no editor found (editor path = %s)"
+msgstr "hiçbir düzenleyici bulunamadı (düzenleyici yolu = %s)"
+
+#: plugins/sudoers/visudo.c:1100
+#, c-format
+msgid "Error: cycle in %s_Alias `%s'"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1101
+#, c-format
+msgid "Warning: cycle in %s_Alias `%s'"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1104
+#, c-format
+msgid "Error: %s_Alias `%s' referenced but not defined"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1105
+#, c-format
+msgid "Warning: %s_Alias `%s' referenced but not defined"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1240
+#, c-format
+msgid "%s: unused %s_Alias %s"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1302
+#, c-format
+msgid ""
+"%s - safely edit the sudoers file\n"
+"\n"
+msgstr ""
+
+#: plugins/sudoers/visudo.c:1304
+msgid ""
+"\n"
+"Options:\n"
+" -c check-only mode\n"
+" -f sudoers specify sudoers file location\n"
+" -h display help message and exit\n"
+" -q less verbose (quiet) syntax error messages\n"
+" -s strict syntax checking\n"
+" -V display version information and exit"
+msgstr ""
+"\n"
+"Seçenekler:\n"
+" -c sadece denetim kipi\n"
+" -f sudoers sudoers dosyasının konumu\n"
+" -h yardım iletisini görüntüle ve çık\n"
+" -q daha az ayrıntılı (sessiz=quiet) sözdizim hata iletileri\n"
+" -s sıkı sözdizim denetimi\n"
+" -V sürüm bilgisini görüntüle ve çık"
+
+#: toke.l:886
+msgid "too many levels of includes"
+msgstr ""
# Ukrainian translation for sudoers.
# This file is put in the public domain.
#
-# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2012.
+# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2012, 2013.
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b4\n"
+"Project-Id-Version: sudoers 1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 21:39+0300\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-19 22:05+0300\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <translation-team-uk@lists.sourceforge.net>\n"
"Language: uk\n"
"Plural-Forms: nplurals=4; plural=n==1 ? 3 : n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
"X-Generator: Lokalize 1.5\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s поблизу рядка %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Пароль:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** Дані щодо ЗАХИСТУ %h ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Вибачте, повторіть спробу."
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "Замінник «%s» вже визначено"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "не вдалося отримати клас входу до системи для користувача %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "не вдалося розпочати розпізнавання за BSD"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "некоректний тип розпізнавання"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "не вдалося налаштувати розпізнавання"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "не вдалося прочитати налаштування fwtk"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "не вдалося встановити з’єднання з сервером розпізнавання"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "втрачено зв’язок з сервером розпізнавання"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"помилка сервера розпізнавання:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s: не вдалоÑ\81Ñ\8f зÑ\96бÑ\80аÑ\82и princ ('%s'): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: не вдалоÑ\81Ñ\8f пеÑ\80еÑ\82воÑ\80иÑ\82и Ñ\80еÑ\94Ñ\81Ñ\82Ñ\80аÑ\86Ñ\96йний запиÑ\81 на Ñ\80Ñ\8fдок («%s»): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s: не вдалося обробити «%s»: %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s: не вдалося визначити ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: не вдалося визначити кеш реєстраційних даних: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: не вдалося розмістити параметри: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: не вдалося отримати реєстраційні дані: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: не вдалося ініціалізувати ccache: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: не вдалося ініціалізувати кеш реєстраційних даних: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: не вдалося зберегти реєстраційні дані у ccache: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: не вдалося зберегти реєстраційні дані у кеші: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s: не вдалося отримати реєстраційний запис вузла: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s: спроба перевірки TGT зазнала невдачі! Ймовірно, вас атаковано: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr "не вдалося ініціалізувати PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "помилка під час спроби перевірки облікового запису. Ваш обліковий запис заблоковано?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "Строк дії облікового запису або пароля збіг, визначте новий пароль і повторіть спробу"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "не вдалося змінити пароль, строк дії якого завершився: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Строк дії пароля збіг, зверніться до адміністратора вашої системи щодо поновлення пароля"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "Строк дії облікового запису збіг або у файлі налаштувань PAM немає розділу \"account\" для sudo. Повідомте про це адміністратора вашої системи."
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
+msgid "PAM authentication error: %s"
+msgstr "Помилка розпізнавання PAM: %s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Пароль: "
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Пароль:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "не вдалося встановити реєстраційні дані: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "вас немає у базі даних %s"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "не вдалося ініціалізувати бібліотеку програмного інтерфейсу до ACE"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "не вдалося встановити зв’язок з сервером SecurID"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "Ідентифікатор користувача заблоковано для розпізнавання SecurID"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "некоректна довжина імені користувача для SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "некоректний дескриптор розпізнавання для SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "спроба обміну даними з SecurID зазнала невдачі"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "невідома помилка SecurID"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "некоректна довжина коду пароля для SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "не вдалося ініціалізувати сеанс SIA"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "sudo зібрано з підтримкою некоректних способів розпізнавання! Можливе змішування власних і зовнішніх способів розпізнавання."
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "некоректні способи розпізнавання"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "sudo зібрано з підтримкою некоректних способів розпізнавання! Не можна змішувати власні і зовнішні способи розпізнавання."
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "немає способів розпізнавання"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "sudo зібрано без можливостей з взаємодії з інструментами розпізнавання! Якщо ви хочете вимкнути розпізнавання, скористайтеся параметром налаштування --disable-authentication."
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Способи розпізнавання:"
msgid "Could not determine audit condition"
msgstr "Не вдалося визначити умови аудита"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
-msgstr "помилка getauid"
+msgid "getauid: failed"
+msgstr "getauid: помилка"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
#, c-format
msgid "unable to commit audit record"
msgstr "не вдалося надіслати запис аудита"
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid: помилка"
-
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text: помилка"
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "не вдалося відкрити %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "не вдалося виконати запис до %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "не вдалося створити каталог %s"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "внутрішня помилка, переповнення %s"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "шлях часового штампа є занадто довгим: %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s існує, але не є каталогом (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "власником %s є uid %u, має бути uid %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "не вдалося виконати stat для %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s існує, але не є звичайним файлом (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "занадто далекий часовий штамп у майбутньому: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "на вдалося вилучити %s (%s), час буде змінено відповідно до епохи"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "не вдалося встановити для %s час епохи"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Ми сподіваємося, що ви отримали належні настанови від адміністратора\n"
+"локальної системи. Зазвичай, подібні настанови зводяться до такого:\n"
+"\n"
+" #1) Поважайте конфіденційність даних інших користувачів.\n"
+" #2) Обдумайте свої дії, перш ніж виконувати їх.\n"
+" #3) Користування широкими правами розширює сферу відповідальності.\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "невідоме значення uid: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "невідомий користувач: %s"
msgid "Set of limit privileges"
msgstr "Набір обмежувальних прав доступу"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Виконувати команди у pty у фоновому режимі"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Створити сеанс PAM для виконання команди"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Максимальний номер у послідовності журналу введення-виведення"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "невідомий запис типових параметрів «%s»"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "значення «%s» є некоректним для параметра «%s»"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "не вказано значення для «%s»"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "значення для «%s» має починатися з «/»"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "параметру «%s» не потрібно передавати значення"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "внутрішня помилка, переповнення %s"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: помилкове значення envp, невідповідність довжин"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "не вдалося отримати потрібний об’єм пам’яті"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "вибачте, вам не дозволено встановлювати такі змінні середовища: %s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s має належати користувачеві з uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s має бути доступним до запису лише для власника"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "не вдалося виконати dlopen для %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "не вдалося знайти символ «group_plugin» у %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: несумісна основна версія додатка обробки груп %d, мало бути — %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Пари локальних IP-адрес і масок мережі:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s існує, але не є каталогом (0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "не вдалося створити каталог %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "не вдалося відкрити %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "не вдалося прочитати %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "некоректний номер у послідовності %s"
+msgid "unable to write to %s"
+msgstr "не вдалося виконати запис до %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "не вдалося створити %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "не вдалося встановити локаль у значення «%s», використовуємо локаль «C»"
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: занадто великий номер порту"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: вихід за межі розширеного буфера вузла"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "непідтримуваний тип адреси LDAP: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "некоректна адреса: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "не можна використовувати суміш з адрес ldap і ldaps"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "не можна використовувати суміш з ldaps і starttls"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: вихід за межі пам’яті під час побудови буфера вузла"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "не вдалося ініціалізувати базу даних сертифікатів і ключів SSL: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "щоб скористатися SSL, вам слід встановити для TLS_CERT значення %s"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "не вдалося отримати гринвіцький час"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "не вдалося виконати форматування часового штампа"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "не вдалося побудувати фільтр часу"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1: невідповідність розміщення"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"Роль LDAP: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"Роль у LDAP: НЕВІДОМА\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Порядок: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Команди:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "не вдалося ініціалізувати LDAP: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls вказано, але у бібліотеках LDAP не передбачено підтримки ldap_start_tls_s() або ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "некоректний атрибут sudoOrder: %s"
msgid "unable to send audit message"
msgstr "не вдалося надіслати повідомлення аудита"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (команда продовжується) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "не вдалося відкрити файл журналу: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "не вдалося заблокувати файл журналу: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Немає користувача або вузла"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "помилка під час спроби перевірки"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "користувача немає у списку sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "користувача не уповноважено на дії на вузлі"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "виконання команди заборонено"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s немає у файлі sudoers. Запис про подію додано до звіту.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s заборонено виконувати sudo на %s. Запис про подію додано до звіту.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Вибачте, користувач %s не має права виконувати sudo на %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "Вибачте, користувач %s не має права виконувати «%s%s%s» від імені %s%s%s на %s.\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Немає користувача або вузла"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "помилка під час спроби перевірки"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: команду не знайдено"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"пропущено «%s» знайдений у «.»\n"
"Скористайтеся командою «sudo ./%s», якщо вам потрібно виконати саме «%s»."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "помилка під час спроби розпізнавання"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "слід вказати пароль"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[2] "%d невдалих спроб введення пароля"
msgstr[3] "одна невдала спроба введення пароля"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "слід вказати пароль"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "не вдалося створити відгалуження"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "не вдалося створити відгалуження: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "не вдалося відкрити канал: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "не вдалося здублювати stdin: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "не вдалося виконати %s: %m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "внутрішня помилка: недостатньо місця для рядка журналу"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "непідтримуваний тип контрольної суми, %d, для %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: помилка читання"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "контрольну суму для %s (%s) подано не у формі %s"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "помилка обробки у %s поблизу рядка %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "помилка обробки у %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Запис sudoers:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " Користувачі для запуску: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " Групи для запуску: "
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Параметри: "
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "не вдалося виконати %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Додаток правил sudoers версії %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Граматична перевірка файла sudoers версії %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Команди:\n"
-"\t"
+"\n"
+"Шлях до sudoers: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "Шлях до nsswitch: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "не вдалоÑ\81Ñ\8f кеÑ\88Ñ\83ваÑ\82и uid %u (%s), запиÑ\81 вже Ñ\96Ñ\81нÑ\83Ñ\94"
+msgid "ldap.conf path: %s\n"
+msgstr "ШлÑ\8fÑ\85 до ldap.conf: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "Шлях до ldap.secret: %s\n"
+
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "не вдалося кешувати uid %u, запис вже існує"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "не вдалося кешувати користувача %s, запис вже існує"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "не вдалося кешувати gid %u (%s), запис вже існує"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "не вдалося кешувати gid %u, запис вже існує"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "не вдалося кешувати групу %s, запис вже існує"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "не вдалося кешувати список груп %s, запис вже існує"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "не вдалося обробити записи груп %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "переповнення стека доступу"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "вичерпання стека доступу"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "не вдалося змінити ідентифікатор групи (gid) root"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "не вдалося змінити gid на runas"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "не вдалося змінити uid на runas"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "не вдалося змінити gid на sudoers"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "забагато процесів"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "не вдалося встановити вектор групи виконання"
-#: plugins/sudoers/sssd.c:251
-#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr "Не вдалося виконати dlopen для %s: %s"
-
-#: plugins/sudoers/sssd.c:252
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr "Не вдалося ініціалізувати джерело SSS. Чи встановлено у вашій системі SSSD?"
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "не вдалося знайти символ «%s» у %s"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Відповідність записів Defaults для %s на цьому вузлі:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Типові значення для запуску від імені і команд для %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Користувач %s має право виконувати на цьому вузлі такі команди:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Користувач %s не має права виконувати sudo на %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "проблема з типовими записами"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "не знайдено коректних джерел даних sudoers, завершення роботи"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "не вдалося виконати %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers вказує, що sudo не можна користуватися для виконання команд від root"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "вам не дозволено використовувати параметр -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "власник часового штампа (%s): не знайдено користувача з таким іменем"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "немає tty"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "вибачте, для виконання sudo вашому користувачеві потрібен tty"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "команда у поточному каталозі"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "вибачте, вам не дозволено зберігати середовище"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "не вдалося виконати stat для %s"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s не є звичайним файлом"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s належить uid %u, має належати %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "Запис до «%s» можливий для довільного користувача"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s належить gid %u, має належати %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "використовувати «-c %s» може лише root"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "невідомий клас входу: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "не вдалося визначити адресу вузла %s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "невідома група: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Додаток правил sudoers версії %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Граматична перевірка файла sudoers версії %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Шлях до sudoers: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "Шлях до nsswitch: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "Шлях до ldap.conf: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "Шлях до ldap.secret: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "некоректний параметр фільтрування: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "некоректне значення макс. очікування: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "некоректний коефіцієнт швидкості: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s, версія %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/timing: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/timing: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Відтворення сеансу sudo: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Попередження: розміри вашого термінала є замалими для належного показу журналу.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Встановлено формат журналу %d x %d, тоді як формат термінала — %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "не вдалося перевести tty у режим без обробки даних"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "некоректний рядок у файлі timing: %s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "запис до стандартного виводу даних"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "неоднозначний вираз «%s»"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "забагато виразів у дужках, максимальна можлива кількість — %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "зайва дужка, «)», у виразі"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "невідомий ключ пошуку «%s»"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s потребує визначення аргументу"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "некоректний формальний вираз: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "не вдалося обробити дату «%s»"
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "зайва дужка, «(», у виразі"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "помилкове завершальне «or»"
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "помилкове завершальне «!»"
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "некоректний формальний вираз: %s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "використання: %s [-h] [-d каталог] [-m макс_очік] [-s коеф_швидкості] ідентифікатор\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "використання: %s [-h] [-d каталог] -l [вираз для пошуку]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s — відтворення журналів сеансів sudo\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s коеф_швидк коефіцієнт прискорення або сповільнення виводу даних\n"
" -V показати дані щодо версії і завершити роботу"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\tвідповідника вузла не знайдено"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Команду дозволено"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"Команду заборонено"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Не знайдено відповідника команди"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "шлях часового штампа є занадто довгим: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "власником %s є uid %u, має бути uid %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s існує, але не є звичайним файлом (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s доступний до запису невласником (0%o), має бути встановлено режим 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "занадто далекий часовий штамп у майбутньому: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "на вдалося вилучити %s, час буде змінено відповідно до епохи"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "не вдалося встановити для %s час епохи"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: переповнення буфера"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "Граматична перевірка %s, версія %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "натисніть Enter для редагування %s: "
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "помилка запису"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "не вдалося обробити stat файл тимчасових даних (%s), %s не змінено"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "файл тимчасових даних має нульовий об’єм (%s), %s не змінено"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "помилка редактора (%s), %s не змінено"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s не змінено"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "не вдалося повторно відкрити файл тимчасових даних (%s), %s не змінено."
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "не вдалося обробити файл тимчасових даних (%s), невідома помилка"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "внутрішня помилка, не вдалося знайти %s у списку!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "не вдалося встановити (uid, gid) %s у значення (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "не вдалося змінити режим доступу до %s на значення 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s і %s не перебувають у одній файловій системі, використовуємо mv для перейменування"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "помилка команди: «%s %s %s», %s не змінено"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "помилка перейменування %s, %s не змінено"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "А зараз що? "
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" (x) — вийти без внесення змін до файла sudoers\n"
" (Q) — вийти зі збереженням файла sudoers (НЕБЕЗПЕЧНО!)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "не вдалося виконати %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "не вдалося виконати %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: помилковий власник (uid, gid), має бути (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: помилкові права доступу, режим доступу має бути 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "не вдалося обробити файл %s, невідома помилка"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "помилка обробки у %s поблизу рядка %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "помилка обробки у %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: вдала обробка\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s зайнято, повторіть спробу пізніше"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "вказаного редактора (%s) не існує"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "не вдалося виконати stat для редактора (%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "не знайдено жодного редактора (шлях до редактора = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "Помилка: цикл у %s_Alias «%s»"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "Попередження: цикл у %s_Alias «%s»"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "Помилка: виявлено посилання %s_Alias «%s», яке не визначено"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "Попередження: виявлено посилання %s_Alias «%s», яке не визначено"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: невикористаний %s_Alias %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s — безпечне редагування файла sudoers\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s строга перевірка синтаксису\n"
" -V показати дані щодо версії і завершити роботу"
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr "занадто високий рівень вкладеності"
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok: %s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate: %s"
+
+#~ msgid "Password: "
+#~ msgstr "Пароль: "
+
+#~ msgid "getauid failed"
+#~ msgstr "помилка getauid"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "Не вдалося виконати dlopen для %s: %s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "некоректний формальний вираз: %s"
+
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s: %s поблизу рядка %d <<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "не вдалося отримати потрібний об’єм пам’яті"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s: %s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "не вдалося встановити локаль у значення «%s», використовуємо локаль «C»"
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " Команди:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "не вдалося кешувати uid %u (%s), запис вже існує"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "не вдалося кешувати gid %u (%s), запис вже існує"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "не вдалося виконати %s: %s"
+
#~ msgid "internal error, expand_prompt() overflow"
#~ msgstr "внутрішня помилка, переповнення expand_prompt()"
#~ msgid "set group on %s"
#~ msgstr "встановлено групу у %s"
-#~ msgid "unable to set group on %s"
-#~ msgstr "не вдалося встановити групу на %s"
-
#~ msgid "unable to fix mode on %s"
#~ msgstr "не вдалося виправити режим на %s"
# Vietnamese translation for sudo.
-# Copyright © 2012 Free Software Foundation, Inc.
-# This file is distributed under the same license as the sudo package.
-# Trần Ngọc Quân <vnwildman@gmail.com>, 2012.
+# This file is put in the public domain.
+# Trần Ngọc Quân <vnwildman@gmail.com>, 2012-2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers-1.8.6b4\n"
+"Project-Id-Version: sudoers-1.8.7b3\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-09-01 15:08+0700\n"
+"POT-Creation-Date: 2013-04-24 11:10-0400\n"
+"PO-Revision-Date: 2013-04-28 07:08+0700\n"
"Last-Translator: Trần Ngọc Quân <vnwildman@gmail.com>\n"
"Language-Team: Vietnamese <translation-team-vi@lists.sourceforge.net>\n"
"Language: vi\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"Language-Team-Website: <http://translationproject.org/team/vi.html>\n"
"Plural-Forms: nplurals=2; plural=1;\n"
"X-Poedit-SourceCharset: UTF-8\n"
+"X-Generator: Poedit 1.5.5\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s: %s gần dòng %d <<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "Mật khẩu:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** Thông tin AN NINH cho %h ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "Rất tiếc, hãy thử lại sau."
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
-msgstr "Bí danh `%s' đã được định nghĩa rồi"
+msgstr "Bí danh “%s” đã được định nghĩa rồi"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "không thể lấy lớp đăng nhập cho tài khoản %s"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "không thể khởi chạy xác thực kiểu bsd"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "kiểu xác thực sai"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "không thể cài đặt xác thực"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "không thể đọc cấu hình fwtk"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "không thể kết nối tới máy chủ xác thực"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "mất kết nối đến máy phục vụ xác thực"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"lỗi máy phục vụ xác thực:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s: không thể bỏ phân tích cú pháp princ ('%s'): %s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s: không thể chuyển đổi principal sang chuỗi (“%s”): %s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
-msgstr "%s: không thể phân tích '%s': %s"
+msgstr "%s: không thể phân tích “%s”: %s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s: không thể giải quyết ccache: %s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s: không thể phân giải bộ nhớ đệm “credential”: %s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s: không thể phân bổ các tùy chọn: %s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s: không thể lấy giấy ủy nhiệm: %s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s: không thể khởi tạo ccache: %s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s: không thể khởi tạo bộ nhớ đệm “credential”: %s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s: không thể lưu cred trong ccache: %s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s: không thể cất giữ “credential” trong bộ nhớ tạm: %s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s: không thể lấy tên máy chủ chính: %s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
-msgstr "%s: Không thể thẩm tra TGT! Có lẽ bị tấn công!: %s"
+msgstr "%s: Không thể thẩm tra TGT! Gần như chắc chắn là bị tấn công!: %s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr "không thể khởi tạo PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "xác thực tài khoản gặp lỗi nghiêm trọng, có phải tài khoản của bạn đã bị khóa?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
-msgstr "Mật khẩu hay tài khoản đã hết hạn sử dụng, đặt lại mật khẩu của bạn và thử lại"
+msgstr "Mật khẩu hay tài khoản đã hết hạn sử dụng, hãy đặt lại mật khẩu của bạn và thử lại"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok: %s"
+msgid "unable to change expired password: %s"
+msgstr "không thể thay đổi mật khẩu đã hết hạn: %s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "Mật khẩu đã hết hạn dùng, hãy liên lạc với quản trị hệ thống"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
-msgstr "Tài khoản hết hạn hoặc cấu hình PAM không có phiên \"tài khoản\" cho sudo, hãy liên hệ với người quản trị"
+msgstr "Tài khoản hết hạn hoặc cấu hình PAM không có phiên “tài khoản” cho sudo, hãy liên hệ với người quản trị"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate: %s"
+msgid "PAM authentication error: %s"
+msgstr "lỗi xác thực PAM: %s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "Mật khẩu: "
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "Mật khẩu:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "không thể thiết lập giấy ủy nhiệm: %s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "bạn không tồn tại trong cơ sở dữ liệu %s"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
-msgstr "gặp lỗi khi khởi tạo thư viện \"ACE API\""
+msgstr "gặp lỗi khi khởi tạo thư viện “ACE API”"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "không thể liên lạc được với máy chủ SecurID"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
-msgstr "ID người dùng bị khóa với \"SecurID Authentication\""
+msgstr "ID người dùng bị khóa với “SecurID Authentication”"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "sai chiều dài tên tài khoản cho SecurID"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "sai Bộ Tiếp Hợp Xác Thực cho SecurID"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "Truyền thông với SecurID gặp lỗi"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "không hiểu lỗi SecurID"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "sai chiều dài passcode cho SecurID"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "không thể khởi tạo phiên SIA"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "Sai phương thức xác thực được dịch vào trong sudo! Bạn có thể pha trộn kiểu xác thực giữa standalone và non-standalone"
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "Phương thức xác thực không hợp lệ"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "Phương thức xác thực không hợp lệ được biên dịch vào trong sudo! Bạn không thể pha trộn kiểu xác thực giữa standalone và non-standalone"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "chưa có phương thức xác"
+
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "Ở đây không có phương thức xác thực nào được dịch vào trong sudo! Nếu bạn muốn tắt xác thực, sử dụng tùy chọn cấu hình --disable-authentication"
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "Phương thức xác thực:"
-#: plugins/sudoers/bsm_audit.c:60 plugins/sudoers/bsm_audit.c:63
-#: plugins/sudoers/bsm_audit.c:112 plugins/sudoers/bsm_audit.c:116
-#: plugins/sudoers/bsm_audit.c:168 plugins/sudoers/bsm_audit.c:172
-#, c-format
-msgid "getaudit: failed"
-msgstr "getaudit: gặp lỗi"
-
#: plugins/sudoers/bsm_audit.c:90 plugins/sudoers/bsm_audit.c:153
-#, c-format
msgid "Could not determine audit condition"
msgstr "Không thể xác định điều kiện audit"
-#: plugins/sudoers/bsm_audit.c:101
-#, c-format
-msgid "getauid failed"
-msgstr "getauid gặp lỗi"
-
-#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
-#, c-format
-msgid "au_open: failed"
-msgstr "au_open: gặp lỗi"
-
-#: plugins/sudoers/bsm_audit.c:118 plugins/sudoers/bsm_audit.c:174
-#, c-format
-msgid "au_to_subject: failed"
-msgstr "au_to_subject: gặp lỗi"
-
-#: plugins/sudoers/bsm_audit.c:122 plugins/sudoers/bsm_audit.c:178
-#, c-format
-msgid "au_to_exec_args: failed"
-msgstr "au_to_exec_args: gặp lỗi"
-
-#: plugins/sudoers/bsm_audit.c:126 plugins/sudoers/bsm_audit.c:187
-#, c-format
-msgid "au_to_return32: failed"
-msgstr "au_to_return32: gặp lỗi"
-
#: plugins/sudoers/bsm_audit.c:129 plugins/sudoers/bsm_audit.c:190
-#, c-format
msgid "unable to commit audit record"
msgstr "không thể chuyển giao bản ghi audit"
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid: gặp lỗi"
-
-#: plugins/sudoers/bsm_audit.c:183
-#, c-format
-msgid "au_to_text: failed"
-msgstr "au_to_text: gặp lỗi"
-
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "không mở được %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "không thể ghi vào %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "không thể tạo thư mục mkdir '%s'"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "lỗi nội bộ, %s bị tràn"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "đường dẫn timestamp quá dài: %s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s tồn tại nhưng không phải là một thư mục (0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s được sở hữu bởi uid %u, nên là %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "không thể lấy trạng thái về %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s đã sẵn có nhưng không phải là một tập tin bình thường (0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "timestamp nằm quá xa ở tương lai: %20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "không thể gỡ bỏ %s (%s), sẽ đặt lại thành epoch"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "không thể đặt lại %s thành epoch"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"Chúng tôi tin rằng bạn đã nhận được bài giảng từ Quản trị Hệ thống\n"
+"nội bộ. Có thể tóm lược chúng lại thành một số điểm quan trọng sau:\n"
+"\n"
+" #1) Tôn trọng sự riêng tư của người khác.\n"
+" #2) Nghĩ trước khi gõ một lệnh.\n"
+" #3) Quyền lực lớn đi kèm với trách nhiệm lớn.\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "không biết UID: %u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "không hiểu người dùng: %s"
#: plugins/sudoers/def_data.c:43
msgid "Ignore '.' in $PATH"
-msgstr "Lờ đi '.' trong $PATH"
+msgstr "Lờ đi “.” trong $PATH"
#: plugins/sudoers/def_data.c:47
msgid "Always send mail when sudo is run"
#: plugins/sudoers/def_data.c:175
#, c-format
msgid "Path to log file: %s"
-msgstr "Đường dẫn tới tập tin nhật ký: '%s'"
+msgstr "Đường dẫn tới tập tin nhật ký: “%s”"
#: plugins/sudoers/def_data.c:179
#, c-format
#: plugins/sudoers/def_data.c:219
msgid "If set, passprompt will override system prompt in all cases."
-msgstr "Nếu được đặt, lời nhắc mật khẩu sẽ dè lên dấu nhắc hệ thống trong mọi trường hợp."
+msgstr "Nếu được đặt, lời nhắc mật khẩu sẽ đè lên dấu nhắc hệ thống trong mọi trường hợp."
#: plugins/sudoers/def_data.c:223
#, c-format
#: plugins/sudoers/def_data.c:235
#, c-format
msgid "When to require a password for 'list' pseudocommand: %s"
-msgstr "Khi được yêu cầu mật khẩu cho 'liệt kê' lệnh-giả: %s"
+msgstr "Khi được yêu cầu mật khẩu cho “liệt kê” lệnh-giả: %s"
#: plugins/sudoers/def_data.c:239
#, c-format
msgid "When to require a password for 'verify' pseudocommand: %s"
-msgstr "Khi được yêu cầu mật khẩu cho 'thẩm tra' lệnh-giả: %s"
+msgstr "Khi được yêu cầu mật khẩu cho “thẩm tra” lệnh-giả: %s"
#: plugins/sudoers/def_data.c:243
msgid "Preload the dummy exec functions contained in the sudo_noexec library"
#: plugins/sudoers/def_data.c:251
#, c-format
msgid "File descriptors >= %d will be closed before executing a command"
-msgstr "Các mô tả tập tin >= %d sẽ bị đóng trước khi chạy một lệnh"
+msgstr "Các bộ mô tả tập tin >= %d sẽ bị đóng trước khi chạy một lệnh"
#: plugins/sudoers/def_data.c:255
msgid "If set, users may override the value of `closefrom' with the -C option"
-msgstr "Nếu được đặt, người dùng có thể ghi đè lên giá trị của `closefrom' bằng tùy chọn -C"
+msgstr "Nếu được đặt, người dùng có thể ghi đè lên giá trị của “closefrom” bằng tùy chọn -C"
#: plugins/sudoers/def_data.c:259
msgid "Allow users to set arbitrary environment variables"
#: plugins/sudoers/def_data.c:347
msgid "Set of permitted privileges"
-msgstr "Đặt đặc quyền"
+msgstr "Tập hợp các đặc quyền được phép"
#: plugins/sudoers/def_data.c:351
msgid "Set of limit privileges"
-msgstr "Đặt các quyền bị giới hạn"
+msgstr "Tập hợp các quyền bị giới hạn"
+
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "Chạy các câu lệnh trên một pty trong nền hệ thống"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "Tạo một phiên PAM mới để lệnh chạy với nó"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "Số lượng nhật ký I/O đã đạt ngưỡng tối đa"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
-msgstr "không hiểu mục mặc định `%s'"
+msgstr "không hiểu mục mặc định “%s”"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
-msgstr "giá trị `%s' là không hợp lệ cho tùy chọn `%s'"
+msgstr "giá trị “%s” là không hợp lệ cho tùy chọn “%s”"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
-msgstr "chưa chỉ ra giá trị cho \"%s\""
+msgstr "chưa chỉ ra giá trị cho “%s”"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
-msgstr "giá trị cho `%s' phải bắt đầu bằng một '/'"
+msgstr "giá trị cho “%s” phải bắt đầu bằng một “/”"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
-msgstr "tùy chọn `%s' không chấp nhận giá trị"
+msgstr "tùy chọn “%s” không nhận giá trị"
-#: plugins/sudoers/env.c:367
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
#, c-format
+msgid "internal error, %s overflow"
+msgstr "lỗi nội bộ, %s bị tràn"
+
+#: plugins/sudoers/env.c:367
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv: envp sai hỏng, chiều dài không khớp"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "không thể cấp phát vùng nhớ"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "rất tiếc, bạn không được phép đặt các biến môi trường sau đây: %1s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s: %s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s: %s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s phải được sở hữu bởi uid %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s phải là những thứ chỉ có thể ghi bởi chủ sở hữu"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "không thể dlopen %s: %s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
-msgstr "không tìm thấy ký hiệu \"group_plugin\" trong %s"
+msgstr "không tìm thấy ký hiệu “group_plugin” trong %s"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s: phiên bản số lớn phần bổ xung nhóm không tương thích %d, mong đợi %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "Cặp địa chỉ IP và mặt nạ cục bộ:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
#, c-format
-msgid "unable to read %s"
-msgstr "không thể đọc %s"
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s tồn tại nhưng không phải là một thư mục (0%o)"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
#, c-format
-msgid "invalid sequence number %s"
-msgstr "sai số tạo dãy %s"
+msgid "unable to mkdir %s"
+msgstr "không thể tạo thư mục mkdir “%s”"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
#, c-format
-msgid "unable to create %s"
-msgstr "không thể tạo '%s'"
+msgid "unable to open %s"
+msgstr "không mở được %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
+#, c-format
+msgid "unable to read %s"
+msgstr "không thể đọc %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "không thể đặt địa phương thành \"%s\", sẽ dùng \"C\""
+msgid "unable to write to %s"
+msgstr "không thể ghi vào %s"
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/iolog.c:334
#, c-format
+msgid "unable to create %s"
+msgstr "không thể tạo “%s”"
+
+#: plugins/sudoers/ldap.c:385
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports: cổng quá lớn"
-#: plugins/sudoers/ldap.c:410
-#, c-format
+#: plugins/sudoers/ldap.c:408
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports: hết bộ nhớ để mở rộng hostbuf"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
-msgstr "không hỗ trợ kiểu \"LDAP uri\": %s"
+msgstr "không hỗ trợ kiểu “LDAP uri”: %s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "URI không hợp lệ: %s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "không thể trộn ldap và ldaps URIs"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "không thể trộn ldaps và starttls"
-#: plugins/sudoers/ldap.c:498
-#, c-format
+#: plugins/sudoers/ldap.c:496
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri: hết bộ nhớ để xây dựng hostbuf"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "không thể khởi tạo chứng nhận SSL và csdl khóa: %s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "bạn phải đặt TLS_CERT trong %s để sử dụng SSL"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "không thể lấy giờ quốc tế (GMT)"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "không thể định dạng dấu-vết-thời-gian"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "không thể xây dựng bộ lọc thời gian"
-#: plugins/sudoers/ldap.c:1225
-#, c-format
+#: plugins/sudoers/ldap.c:1295
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1 phân bổ không khớp"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"LDAP Role: %s\n"
msgstr ""
"\n"
-"LDAP Role: %s\n"
+"Vai trò LDAP: %s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"LDAP Role: UNKNOWN\n"
msgstr ""
"\n"
-"LDAP Role: KHÔNG HIỂU\n"
+"Vai trò LDAP: KHÔNG HIỂU\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " Thứ tự: %s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " Lệnh:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "không thể khởi tạo LDAP: %s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "start_tls được chỉ ra nhưng thư viện LDAP không hỗ trợ ldap_start_tls_s() hoặc ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "thuộc tính sudoOrder không hợp lệ: %s"
#: plugins/sudoers/linux_audit.c:57
-#, c-format
msgid "unable to open audit system"
msgstr "không thể mở hệ thống audit"
msgid "unable to send audit message"
msgstr "không thể gửi thông tin audit"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s : %s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s : (lệnh tiếp tục) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "không thể mở tập tin nhật ký: %s: %s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "không thể khóa tập tin nhật ký: %s: %s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "Không có tài khoản hay tên máy chủ"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "việc phê chuẩn thất bại"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "tài khoản KHÔNG có trong sudoers"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "tài khoản KHÔNG được cho phép sử dụng trên máy chủ"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "lệnh không được phép"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s không trong tập tin sudoers. Sự việc này sẽ được báo cáo.\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s không được phép chạy lệnh sudo trên %s. Sự việc này sẽ được báo cáo.\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "Rất tiếc, tài khoảnr %s không được chạy lệnh sudo trên %s.\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
-msgstr "Rất tiếc, tài khoản %s không được phép thi hành '%s%s%s' như là %s%s%s trên %s.\n"
-
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "Không có tài khoản hay tên máy chủ"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "việc phê chuẩn thất bại"
+msgstr "Rất tiếc, tài khoản %s không được phép thi hành “%s%s%s” như là %s%s%s trên %s.\n"
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s: không tìm thấy lệnh"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"Use `sudo ./%s' if this is the `%s' you wish to run."
msgstr ""
-"đang bỏ qua `%s' được tìm thấy trong '.'\n"
-"Sử dụng `sudo ./%s' nếu đây là `%s' bạn muốn chạy."
+"đang bỏ qua “%s” được tìm thấy trong “.”\n"
+"Sử dụng “sudo ./%s” nếu đây là “%s” bạn muốn chạy."
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
-msgstr "lỗi xác thực"
+msgstr "xác thực gặp lỗi nghiêm trọng"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "bắt buộc phải có mật khẩu"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] "đã sai mật khẩu %d lần"
msgstr[1] "đã sai mật khẩu %d lần"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "bắt buộc phải có mật khẩu"
-
-#: plugins/sudoers/logging.c:530
-#, c-format
+#: plugins/sudoers/logging.c:566
msgid "unable to fork"
msgstr "không thể tạo tiến trình con"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "không thể tạo tiến trình con: %m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
-msgstr "không thể mở ống: %m"
+msgstr "không thể mở ống dẫn lệnh: %m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
-msgstr "không thể dup stdin: %m"
+msgstr "không thể dup (nhân bản) stdin: %m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "không thể thực thi %s: %m"
-#: plugins/sudoers/logging.c:865
-#, c-format
+#: plugins/sudoers/logging.c:899
msgid "internal error: insufficient space for log line"
msgstr "lỗi nội bộ: thiếu khoảng trống cho dòng ghi nhật ký"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "không hỗ trợ kiểu tóm lược %d dành cho %s"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s: lỗi đọc"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "tóm lược cho %s (%s) không ở dạng thức %s"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "lỗi phân tích trong %s gần dòng %d"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "gặp lỗi phân tích trong %s"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Mục Sudoers:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " ChạyVớiTưCách: "
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
-msgstr " ChạyNhưMìnhỞNhóm: "
+msgstr " ChạyNhưỞNhóm: "
+
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " Tùy chọn:"
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "không thể thực thi %s"
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Phiên bạn phần bổ xung chính sách Sudoers %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Phiên bản ngữ pháp tập tin Sudoers %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" Lệnh:\n"
-"\t"
+"\n"
+"Đường dẫn Sudoers: %s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ": "
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "đường dẫn nsswitch: %s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "không thể lưu nhớ tạm uid %u (%s), đã có sẵn rồi"
+msgid "ldap.conf path: %s\n"
+msgstr "đường dẫn ldap.conf: %s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "đường dẫn ldap.secret: %s\n"
+
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "không thể lưu nhớ tạm uid %u, đã có sẵn rồi"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "không thể lưu nhớ tạm tài khoản %s, đã có sẵn rồi"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "không thể lưu nhớ tạm gid %u (%s), đã có sẵn rồi"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:386
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "không thể lưu nhớ tạm gid %u, đã có sẵn rồi"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:422
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "không thể lưu nhớ tạm nhóm %s, đã có sẵn rồi"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:578 plugins/sudoers/pwutil.c:600
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "không thể lưu nhớ tạm danh sách nhóm cho %s, đã có sẵn rồi"
+
+#: plugins/sudoers/pwutil.c:598
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "không thể phân tích nhóm cho %s"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
-msgstr "perm stack bị tràn"
+msgstr "stack perm bị tràn"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "perm stack tràn ngầm"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "không thể thay đổi chỉ số nhóm gid của siêu người dùng root"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "không thể thay đổi thành runas gid"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "không thể thay đổi thành runas uid"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "không thể thay đổi thành gid sudoers"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "quá nhiều tiến trình"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "không thể đặt véc-tơ nhóm runas"
-#: plugins/sudoers/sssd.c:251
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr "Không thể dlopen %s: %s"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
+msgstr "không thể khởi tạo nguồn SSS. SSSD đã được cài đặt trên máy của bạn chưa vậy?"
-#: plugins/sudoers/sssd.c:252
-#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
-msgstr "Không thể khởi tạo nguồn SSS. SSSD đã được cài đặt trên máy của bạn chưa vậy?"
-
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
-msgstr "không thể tìm thấy ký hiệu \"%s\" trong %s"
+msgstr "không thể tìm thấy ký hiệu “%s” trong %s"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "Các mục mặc định khớp cho %s trên máy này:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "Runas và Đặc-tả-lệnh mặc định cho %s:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "Người dùng %s có thể chạy những lệnh sau trên máy này:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "Tài khoản %s không được phép thi hành sudo trên %s.\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "trục trặc với các mục mặc định"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "không có người dùng hợp lệ nào được tìm thấy, đang thoát ra"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "không thể thực thi %s: %s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers đã ghi rõ là siêu người dùng (root) không được phép chạy sudo"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "bạn không được phép sử dụng tùy chọn -C"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "người sở hữu timestamp (%s): Không có người dùng nào như vậy"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "không có tty"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "rất tiếc, bạn phải có tty mới có thể chạy sudo"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "lệnh trong thư mục hiện hành"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "rất tiếc, bạn không được phép giữ lại môi trường"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "không thể lấy trạng thái về %s"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s không phải tập tin thường"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s được sở hữu bởi uid %u, nên là %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s ai ghi cũng được"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s được sở hữu bởi gid %u, nên là %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
-msgstr "chỉ có siêu người dùng (root) mới có thể sử dụng tùy chọn `-c %s'"
+msgstr "chỉ có siêu người dùng (root) mới có thể sử dụng tùy chọn “-c %s”"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "không rõ lớp đăng nhập: %s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "không thể phân giải địa chỉ của máy %s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "không nhận ra nhóm: %s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Phiên bạn phần bổ xung chính sách Sudoers %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Phiên bản ngữ pháp tập tin Sudoers %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Đường dẫn Sudoers: %s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "đường dẫn nsswitch: %s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "đường dẫn ldap.conf: %s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "đường dẫn ldap.secret: %s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "tùy chọn lọc không hợp lệ: %s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "thời gian chờ tối đa không hợp lệ: %s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "sai hệ số nhân tốc độ: %s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s phiên bản %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/thời-gian: %s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/thời-gian: %s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "Đang chạy lại phiên sudo: %s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "Cảnh báo: thiết bị cuối quá nhỏ để có thể chạy nhật ký một cách đúng đắn.\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "Định dạng của nhật ký là %d x %d, định dạng của thiết bị cuối là %d x %d."
-#: plugins/sudoers/sudoreplay.c:401
-#, c-format
+#: plugins/sudoers/sudoreplay.c:400
msgid "unable to set tty to raw mode"
msgstr "không thể đặt thiết bị tty chế độ raw (thô)"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "sai dòng ghi thời gian trong tập tin: %s"
-#: plugins/sudoers/sudoreplay.c:501
-#, c-format
+#: plugins/sudoers/sudoreplay.c:499
msgid "writing to standard output"
msgstr "ghi vào đầu ra tiêu chuẩn"
-#: plugins/sudoers/sudoreplay.c:530
-#, c-format
-msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
-msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
-
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
-msgstr "biểu thức không rõ ràng \"%s\""
+msgstr "biểu thức không rõ ràng “%s”"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "có quá nhiều biểu thức trong dấu ngoặc đơn, tối đa là %d"
-#: plugins/sudoers/sudoreplay.c:696
-#, c-format
+#: plugins/sudoers/sudoreplay.c:694
msgid "unmatched ')' in expression"
-msgstr "thiếu ')' trong biểu thức"
+msgstr "thiếu “)” trong biểu thức"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
-msgstr "không hiểu giới hạn tìm kiếm \"%s\""
+msgstr "không hiểu giới hạn tìm kiếm “%s”"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s yêu cầu một đối số"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "biểu thức chính quy không hợp lệ: %s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
-msgstr "không thể phân tích ngày tháng \"%s\""
+msgstr "không thể phân tích ngày tháng “%s”"
-#: plugins/sudoers/sudoreplay.c:739
-#, c-format
+#: plugins/sudoers/sudoreplay.c:737
msgid "unmatched '(' in expression"
-msgstr "thiếu '(' trong biểu thức"
+msgstr "thiếu “(” trong biểu thức"
-#: plugins/sudoers/sudoreplay.c:741
-#, c-format
+#: plugins/sudoers/sudoreplay.c:739
msgid "illegal trailing \"or\""
-msgstr "sai đuôi \"or\""
+msgstr "sai đuôi “or”"
-#: plugins/sudoers/sudoreplay.c:743
-#, c-format
+#: plugins/sudoers/sudoreplay.c:741
msgid "illegal trailing \"!\""
-msgstr "sai đuôi \"!\""
-
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "biểu thức chính quy không hợp lệ: %s"
+msgstr "sai đuôi “!”"
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "cách dùng: %s [-h] [-d thư-mục] [-m chờ-tối-đa] [-s hệ-số-tốc-độ] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "usage: %s [-h] [-d thư-mục] -l [biểu thức tìm kiếm]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - chạy lại nhật ký phiên sudo\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
msgstr ""
"\n"
"Tùy chọn:\n"
-" -d thư-mục chỉ định thư mục cho nhật ký phiên\n"
+" -d thư-mục chỉ định thư mục cho nhật ký phiên\n"
" -f filter chỉ định kiểu V/R để hiển thị\n"
" -h hiển thị thông tin trợ giúp rồi thoát\n"
-" -l [biểu thức] liệt kê ID phiên mà nó khớp với biểu thức\n"
+" -l [biểu thức] liệt kê ID phiên mà nó khớp với biểu thức\n"
" -m max_wait số giây tối đa sẽ chờ giữa hai sự kiện\n"
" -s speed_factor tăng hoặc giảm tốc kết xuất\n"
" -V hiển thị thông tin về phiên bản rồi thoát"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\tmáy chủ không khớp"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"Lệnh được phép"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
msgstr ""
"\n"
-"Lệnh không được phép"
+"Lệnh bị từ chối"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"Lệnh không khớp"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "đường dẫn timestamp quá dài: %s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s được sở hữu bởi uid %u, nên là %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s đã sẵn có nhưng không phải là một tập tin bình thường (0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s có thể được ghi bởi người không sở hữu nó (0%o), cần đặt chế độ 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "timestamp nằm quá xa ở tương lai: %20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "không thể gỡ bỏ %s, sẽ đặt lại thành epoch"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "không thể đặt lại %s thành epoch"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args: bộ đệm bị tràn"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s phiên bản ngữ pháp %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "bấm phím <Enter> để trở về chỉnh sửa %s:"
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
-#, c-format
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
msgid "write error"
msgstr "lỗi ghi"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
-msgstr "không thể lấy thống kê tập tin tạm (%s), %s không thay đổi."
+msgstr "không thể lấy thống kê tập tin tạm (%s), %s không thay đổi gì."
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
-msgstr "tệp tin (%s) có chiều dài bằng không, %s không thay đổi"
+msgstr "tệp tin tạm (%s) có chiều dài bằng không, %s không thay đổi gì"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
-msgstr "trình biên soạn (%s) gặp lỗi, %s không thay đổi"
+msgstr "trình biên soạn (%s) gặp lỗi, %s không thay đổi gì"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s không thay đổi"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
-msgstr "không thể mở lại tập tin tạm (%s), %s không thay đổi."
+msgstr "không thể mở lại tập tin tạm (%s), %s không thay đổi gì."
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "không thể phân tích tập tin tạm (%s), lỗi chưa được biết"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "lỗi hệ thống, không thể tìm thấy %s trong danh sách!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "không thể đặt (uid, gid) của %s thành (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "không thể chuyển đổi chế độ của %s thành 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s và %s không ở trên cùng một hệ thống tập tin, sử dụng lệnh mv để đổi tên"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
-msgstr "thực hiện lệnh gặp lỗi: '%s %s %s', %s không thay đổi"
+msgstr "thực hiện lệnh gặp lỗi: “%s %s %s”, %s không thay đổi"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "gặp lỗi khi đổi tên %s, %s không thay đổi"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
-msgstr "Vậy làm gì?"
+msgstr "Vậy làm gì bây giờ? "
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" e(x) thoát ra mà không ghi lại tập tin sudoerse\n"
" (Q)Thoát ra và ghi lại tập tin sudoers (NGUY HIỂM!)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "không thể thực thi %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "không thể chạy %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s: sai sở hữu (uid, gid) đáng lẽ là (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s: phân quyền sai, phải ở chế độ 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "gặp lỗi khi phân tích tập tin %s, không rõ bị lỗi gì"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "lỗi phân tích trong %s gần dòng %d\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "gặp lỗi phân tích trong %s\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s: kiểm duyệt OK\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s đang bận, hãy thử lại sau"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "trình biên soạn đã chỉ ra (%s) không tồn tại"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "không thể lấy thống kê trình biên soạn (%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "không tìm thấy trình biên soạn (đường dẫn của nó = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
-msgstr "Lỗi: cycle (vòng tròn) trong %s_Alias `%s'"
+msgstr "Lỗi: cycle (vòng tròn) trong %s_Alias “%s”"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
-msgstr "Cảnh báo: cycle (vòng tròn) trong %s_Alias `%s'"
+msgstr "Cảnh báo: cycle (vòng tròn) trong %s_Alias “%s”"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
-msgstr "Lỗi: %s_Bí_danh `%s' được tham chiếu nhưng chưa được định nghĩa"
+msgstr "Lỗi: %s_Bí_danh “%s” được tham chiếu nhưng chưa được định nghĩa"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
-msgstr "Cảnh báo: %s_Bí_danh `%s' được tham chiếu nhưng chưa được định nghĩa"
+msgstr "Cảnh báo: %s_Bí_danh “%s” được tham chiếu nhưng chưa được định nghĩa"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s: không dùng %s_Bí_danh %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - sửa tập tin sudoers một cách an toàn\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s kiểm tra cú pháp ngặt nghèo\n"
" -V hiển thị thông tin về phiên bản rổi thoát"
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr "quá nhiều cấp bao gồm (include)"
+
+#~ msgid "getaudit: failed"
+#~ msgstr "getaudit: gặp lỗi"
+
+#~ msgid "getauid: failed"
+#~ msgstr "getauid: gặp lỗi"
+
+#~ msgid "au_open: failed"
+#~ msgstr "au_open: gặp lỗi"
+
+#~ msgid "au_to_subject: failed"
+#~ msgstr "au_to_subject: gặp lỗi"
+
+#~ msgid "au_to_exec_args: failed"
+#~ msgstr "au_to_exec_args: gặp lỗi"
+
+#~ msgid "au_to_return32: failed"
+#~ msgstr "au_to_return32: gặp lỗi"
+
+#~ msgid "au_to_text: failed"
+#~ msgstr "au_to_text: gặp lỗi"
+
+#~ msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
+#~ msgstr "nanosleep: tv_sec %ld, tv_nsec %ld"
+
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok: %s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate: %s"
+
+#~ msgid "Password: "
+#~ msgstr "Mật khẩu: "
+
+#~ msgid "getauid failed"
+#~ msgstr "getauid gặp lỗi"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "Không thể dlopen %s: %s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "biểu thức chính quy không hợp lệ: %s"
+
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s: %s gần dòng %d <<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "không thể cấp phát bộ nhớ"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s: %s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "không thể đặt địa phương thành “%s”, sẽ dùng “C”"
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " Lệnh:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "không thể lưu nhớ tạm uid %u (%s), đã có sẵn rồi"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "không thể lưu nhớ tạm gid %u (%s), đã có sẵn rồi"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "không thể thực thi %s: %s"
# Chinese simplified translation for sudoers.
# This file is put in the public domain.
-# Wylmer Wang <wantinghard@gmail.com>, 2011, 2012.
+# Wylmer Wang <wantinghard@gmail.com>, 2011, 2012, 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudoers 1.8.6b4\n"
+"Project-Id-Version: sudoers 1.8.7b2\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-21 18:27+0800\n"
+"POT-Creation-Date: 2013-04-17 15:52-0400\n"
+"PO-Revision-Date: 2013-04-20 20:22+0800\n"
"Last-Translator: Wylmer Wang <wantinghard@gmail.com>\n"
"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
"Language: zh_CN\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: gram.y:112
-#, c-format
-msgid ">>> %s: %s near line %d <<<"
-msgstr ">>> %s:%s 在行 %d 附近<<<"
+#: confstr.sh:2
+msgid "Password:"
+msgstr "密码:"
+
+#: confstr.sh:3
+msgid "*** SECURITY information for %h ***"
+msgstr "*** %h 安全信息 ***"
+
+#: confstr.sh:4
+msgid "Sorry, try again."
+msgstr "对不起,请重试。"
-#: plugins/sudoers/alias.c:125
+#: plugins/sudoers/alias.c:124
#, c-format
msgid "Alias `%s' already defined"
msgstr "别名“%s”已定义"
-#: plugins/sudoers/auth/bsdauth.c:78
+#: plugins/sudoers/auth/bsdauth.c:77
#, c-format
msgid "unable to get login class for user %s"
msgstr "无法获取用户 %s 的登录类别(login class)"
-#: plugins/sudoers/auth/bsdauth.c:84
+#: plugins/sudoers/auth/bsdauth.c:83
msgid "unable to begin bsd authentication"
msgstr "无法开始 bsd 认证"
-#: plugins/sudoers/auth/bsdauth.c:92
+#: plugins/sudoers/auth/bsdauth.c:91
msgid "invalid authentication type"
msgstr "无效的认证类型"
-#: plugins/sudoers/auth/bsdauth.c:101
+#: plugins/sudoers/auth/bsdauth.c:100
msgid "unable to setup authentication"
msgstr "无法设置认证"
-#: plugins/sudoers/auth/fwtk.c:60
+#: plugins/sudoers/auth/fwtk.c:59
#, c-format
msgid "unable to read fwtk config"
msgstr "无法读取 fwtk 配置"
-#: plugins/sudoers/auth/fwtk.c:65
+#: plugins/sudoers/auth/fwtk.c:64
#, c-format
msgid "unable to connect to authentication server"
msgstr "无法连接到认证服务器"
-#: plugins/sudoers/auth/fwtk.c:71 plugins/sudoers/auth/fwtk.c:95
-#: plugins/sudoers/auth/fwtk.c:128
+#: plugins/sudoers/auth/fwtk.c:70 plugins/sudoers/auth/fwtk.c:94
+#: plugins/sudoers/auth/fwtk.c:127
#, c-format
msgid "lost connection to authentication server"
msgstr "丢失了到认证服务器的连接"
-#: plugins/sudoers/auth/fwtk.c:75
+#: plugins/sudoers/auth/fwtk.c:74
#, c-format
msgid ""
"authentication server error:\n"
"认证服务器错误:\n"
"%s"
-#: plugins/sudoers/auth/kerb5.c:117
+#: plugins/sudoers/auth/kerb5.c:116
#, c-format
-msgid "%s: unable to unparse princ ('%s'): %s"
-msgstr "%s:无法解析 princ(“%s”):%s"
+msgid "%s: unable to convert principal to string ('%s'): %s"
+msgstr "%s:无法将主体(principal)转换为字符串(“%s”):%s"
-#: plugins/sudoers/auth/kerb5.c:160
+#: plugins/sudoers/auth/kerb5.c:159
#, c-format
msgid "%s: unable to parse '%s': %s"
msgstr "%s:无法解析“%s”:%s"
-#: plugins/sudoers/auth/kerb5.c:170
+#: plugins/sudoers/auth/kerb5.c:169
#, c-format
-msgid "%s: unable to resolve ccache: %s"
-msgstr "%s:无法解析 ccache:%s"
+msgid "%s: unable to resolve credential cache: %s"
+msgstr "%s:无法解析凭据缓存:%s"
-#: plugins/sudoers/auth/kerb5.c:218
+#: plugins/sudoers/auth/kerb5.c:217
#, c-format
msgid "%s: unable to allocate options: %s"
msgstr "%s:无法分配选项:%s"
-#: plugins/sudoers/auth/kerb5.c:234
+#: plugins/sudoers/auth/kerb5.c:233
#, c-format
msgid "%s: unable to get credentials: %s"
msgstr "%s:无法获取凭据:%s"
-#: plugins/sudoers/auth/kerb5.c:247
+#: plugins/sudoers/auth/kerb5.c:246
#, c-format
-msgid "%s: unable to initialize ccache: %s"
-msgstr "%s:无法初始化 ccache:%s"
+msgid "%s: unable to initialize credential cache: %s"
+msgstr "%s:无法初始化凭据缓存:%s"
-#: plugins/sudoers/auth/kerb5.c:251
+#: plugins/sudoers/auth/kerb5.c:250
#, c-format
-msgid "%s: unable to store cred in ccache: %s"
-msgstr "%s:无法在 ccache 中储存凭据:%s"
+msgid "%s: unable to store credential in cache: %s"
+msgstr "%s:无法在缓存中储存凭据:%s"
-#: plugins/sudoers/auth/kerb5.c:316
+#: plugins/sudoers/auth/kerb5.c:315
#, c-format
msgid "%s: unable to get host principal: %s"
msgstr "%s:无法获取主机主体(principal):%s"
-#: plugins/sudoers/auth/kerb5.c:331
+#: plugins/sudoers/auth/kerb5.c:330
#, c-format
msgid "%s: Cannot verify TGT! Possible attack!: %s"
msgstr "%s:无法验证目标!可能遭到了攻击!:%s"
-#: plugins/sudoers/auth/pam.c:100
+#: plugins/sudoers/auth/pam.c:105
msgid "unable to initialize PAM"
msgstr "无法初始化 PAM"
-#: plugins/sudoers/auth/pam.c:144
+#: plugins/sudoers/auth/pam.c:150
msgid "account validation failure, is your account locked?"
msgstr "账户验证失败,您的账户是不是上锁了?"
-#: plugins/sudoers/auth/pam.c:148
+#: plugins/sudoers/auth/pam.c:154
msgid "Account or password is expired, reset your password and try again"
msgstr "账户或密码过期,重置您的密码并重试"
-#: plugins/sudoers/auth/pam.c:155
+#: plugins/sudoers/auth/pam.c:162
#, c-format
-msgid "pam_chauthtok: %s"
-msgstr "pam_chauthtok:%s"
+msgid "unable to change expired password: %s"
+msgstr "无法更改过期的密码:%s"
-#: plugins/sudoers/auth/pam.c:159
+#: plugins/sudoers/auth/pam.c:167
msgid "Password expired, contact your system administrator"
msgstr "密码过期,联系您的系统管理员"
-#: plugins/sudoers/auth/pam.c:163
+#: plugins/sudoers/auth/pam.c:171
msgid "Account expired or PAM config lacks an \"account\" section for sudo, contact your system administrator"
msgstr "账户过期,或 PAM 配置缺少 sudo 使用的“account”节,联系您的系统管理员"
-#: plugins/sudoers/auth/pam.c:180
+#: plugins/sudoers/auth/pam.c:188
#, c-format
-msgid "pam_authenticate: %s"
-msgstr "pam_authenticate:%s"
+msgid "PAM authentication error: %s"
+msgstr "PAM 认证出错:%s"
-#: plugins/sudoers/auth/pam.c:332
-msgid "Password: "
-msgstr "密码:"
-
-#: plugins/sudoers/auth/pam.c:333
-msgid "Password:"
-msgstr "密码:"
+#: plugins/sudoers/auth/pam.c:247
+#, c-format
+msgid "unable to establish credentials: %s"
+msgstr "无法建立凭据:%s"
-#: plugins/sudoers/auth/rfc1938.c:104 plugins/sudoers/visudo.c:220
+#: plugins/sudoers/auth/rfc1938.c:103 plugins/sudoers/visudo.c:212
#, c-format
msgid "you do not exist in the %s database"
msgstr "%s 数据库中没有您"
-#: plugins/sudoers/auth/securid5.c:81
+#: plugins/sudoers/auth/securid5.c:80
#, c-format
msgid "failed to initialise the ACE API library"
msgstr "初始化 ACE API 库失败"
-#: plugins/sudoers/auth/securid5.c:107
+#: plugins/sudoers/auth/securid5.c:106
#, c-format
msgid "unable to contact the SecurID server"
msgstr "无法联络 SecurID 服务器"
-#: plugins/sudoers/auth/securid5.c:116
+#: plugins/sudoers/auth/securid5.c:115
#, c-format
msgid "User ID locked for SecurID Authentication"
msgstr "为进行 SecurID 认证,已锁定用户 ID"
-#: plugins/sudoers/auth/securid5.c:120 plugins/sudoers/auth/securid5.c:171
+#: plugins/sudoers/auth/securid5.c:119 plugins/sudoers/auth/securid5.c:170
#, c-format
msgid "invalid username length for SecurID"
msgstr "SecurID 的用户名长度无效"
-#: plugins/sudoers/auth/securid5.c:124 plugins/sudoers/auth/securid5.c:176
+#: plugins/sudoers/auth/securid5.c:123 plugins/sudoers/auth/securid5.c:175
#, c-format
msgid "invalid Authentication Handle for SecurID"
msgstr "SecurID 的认证句柄无效"
-#: plugins/sudoers/auth/securid5.c:128
+#: plugins/sudoers/auth/securid5.c:127
#, c-format
msgid "SecurID communication failed"
msgstr "SecurID 通讯失败"
-#: plugins/sudoers/auth/securid5.c:132 plugins/sudoers/auth/securid5.c:215
+#: plugins/sudoers/auth/securid5.c:131 plugins/sudoers/auth/securid5.c:214
#, c-format
msgid "unknown SecurID error"
msgstr "未知的 SecurID 错误"
-#: plugins/sudoers/auth/securid5.c:166
+#: plugins/sudoers/auth/securid5.c:165
#, c-format
msgid "invalid passcode length for SecurID"
msgstr "无效的 SecurID 密码长度"
-#: plugins/sudoers/auth/sia.c:109
+#: plugins/sudoers/auth/sia.c:108
msgid "unable to initialize SIA session"
msgstr "无法初始化 SIA 会话"
-#: plugins/sudoers/auth/sudo_auth.c:121
-msgid "Invalid authentication methods compiled into sudo! You may mix standalone and non-standalone authentication."
-msgstr "编译进 sudo 的认证方法无效!您可能混用了独立和非独立认证。"
+#: plugins/sudoers/auth/sudo_auth.c:119
+msgid "invalid authentication methods"
+msgstr "无效的认证方法"
+
+#: plugins/sudoers/auth/sudo_auth.c:120
+msgid "Invalid authentication methods compiled into sudo! You may not mix standalone and non-standalone authentication."
+msgstr "编译进 sudo 的认证方法无效!您不能混用独立和非独立认证。"
+
+#: plugins/sudoers/auth/sudo_auth.c:203
+msgid "no authentication methods"
+msgstr "无认证方法"
-#: plugins/sudoers/auth/sudo_auth.c:206
+#: plugins/sudoers/auth/sudo_auth.c:205
msgid "There are no authentication methods compiled into sudo! If you want to turn off authentication, use the --disable-authentication configure option."
msgstr "sudo 编译时没有加入任何认证方法!如果您想关闭认证,使用 --disable-authentication 配置选项。"
-#: plugins/sudoers/auth/sudo_auth.c:374
+#: plugins/sudoers/auth/sudo_auth.c:389
msgid "Authentication methods:"
msgstr "认证方法:"
msgid "Could not determine audit condition"
msgstr "无法确定审核条件"
-#: plugins/sudoers/bsm_audit.c:101
+#: plugins/sudoers/bsm_audit.c:101 plugins/sudoers/bsm_audit.c:160
#, c-format
-msgid "getauid failed"
-msgstr "getauid 失败"
+msgid "getauid: failed"
+msgstr "getauid:失败"
#: plugins/sudoers/bsm_audit.c:103 plugins/sudoers/bsm_audit.c:162
#, c-format
msgid "unable to commit audit record"
msgstr "无法提交审核记录"
-#: plugins/sudoers/bsm_audit.c:160
-#, c-format
-msgid "getauid: failed"
-msgstr "getauid:失败"
-
#: plugins/sudoers/bsm_audit.c:183
#, c-format
msgid "au_to_text: failed"
msgstr "au_to_text:失败"
-#: plugins/sudoers/check.c:252 plugins/sudoers/iolog.c:172
-#: plugins/sudoers/sudoers.c:988 plugins/sudoers/sudoreplay.c:355
-#: plugins/sudoers/sudoreplay.c:817 plugins/sudoers/sudoreplay.c:974
-#: plugins/sudoers/visudo.c:818
-#, c-format
-msgid "unable to open %s"
-msgstr "无法打开 %s"
-
-#: plugins/sudoers/check.c:256 plugins/sudoers/iolog.c:229
-#, c-format
-msgid "unable to write to %s"
-msgstr "无法写入 %s"
-
-#: plugins/sudoers/check.c:264 plugins/sudoers/check.c:512
-#: plugins/sudoers/check.c:562 plugins/sudoers/iolog.c:123
-#: plugins/sudoers/iolog.c:156
-#, c-format
-msgid "unable to mkdir %s"
-msgstr "无法创建目录 %s"
-
-#: plugins/sudoers/check.c:399 plugins/sudoers/env.c:289
-#: plugins/sudoers/env.c:294 plugins/sudoers/env.c:395
-#: plugins/sudoers/env.c:447 plugins/sudoers/linux_audit.c:82
-#: plugins/sudoers/sudoers.c:670 plugins/sudoers/sudoers.c:677
-#: plugins/sudoers/sudoers.c:936 plugins/sudoers/testsudoers.c:253
-#, c-format
-msgid "internal error, %s overflow"
-msgstr "内部错误,%s 溢出"
-
-#: plugins/sudoers/check.c:460
-#, c-format
-msgid "timestamp path too long: %s"
-msgstr "时间戳路径过长:%s"
-
-#: plugins/sudoers/check.c:491 plugins/sudoers/check.c:535
-#: plugins/sudoers/iolog.c:158
-#, c-format
-msgid "%s exists but is not a directory (0%o)"
-msgstr "%s 存在,但不是目录(0%o)"
-
-#: plugins/sudoers/check.c:494 plugins/sudoers/check.c:538
-#: plugins/sudoers/check.c:583
-#, c-format
-msgid "%s owned by uid %u, should be uid %u"
-msgstr "%s 属于用户 ID %u,应为用户 ID %u"
-
-#: plugins/sudoers/check.c:499 plugins/sudoers/check.c:543
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0700"
-msgstr "%s 对非所有者可写(0%o),模式应该为 0700"
-
-#: plugins/sudoers/check.c:507 plugins/sudoers/check.c:551
-#: plugins/sudoers/check.c:619 plugins/sudoers/sudoers.c:1003
-#: plugins/sudoers/visudo.c:319 plugins/sudoers/visudo.c:584
-#, c-format
-msgid "unable to stat %s"
-msgstr "无法 stat %s"
-
-#: plugins/sudoers/check.c:577
-#, c-format
-msgid "%s exists but is not a regular file (0%o)"
-msgstr "%s 存在,但不是常规文件(0%o)"
-
-#: plugins/sudoers/check.c:589
-#, c-format
-msgid "%s writable by non-owner (0%o), should be mode 0600"
-msgstr "%s 对非所有者可写(0%o),模式应该为 0600"
-
-#: plugins/sudoers/check.c:643
-#, c-format
-msgid "timestamp too far in the future: %20.20s"
-msgstr "时间戳太超前:%20.20s"
-
-#: plugins/sudoers/check.c:690
-#, c-format
-msgid "unable to remove %s (%s), will reset to the epoch"
-msgstr "无法移除 %s (%s),将重设为戳记"
-
-#: plugins/sudoers/check.c:698
-#, c-format
-msgid "unable to reset %s to the epoch"
-msgstr "无法将 %s 重设为戳记"
+#: plugins/sudoers/check.c:189
+msgid ""
+"\n"
+"We trust you have received the usual lecture from the local System\n"
+"Administrator. It usually boils down to these three things:\n"
+"\n"
+" #1) Respect the privacy of others.\n"
+" #2) Think before you type.\n"
+" #3) With great power comes great responsibility.\n"
+"\n"
+msgstr ""
+"\n"
+"我们信任您已经从系统管理员那里了解了一般的注意事项。\n"
+"总结起来一般有三项:\n"
+"\n"
+" #1) 尊重别人的隐私。\n"
+" #2) 输入前要思考(后果和风险)。\n"
+" #3) 权力越大,风险越大。\n"
+"\n"
-#: plugins/sudoers/check.c:758 plugins/sudoers/check.c:764
-#: plugins/sudoers/sudoers.c:851 plugins/sudoers/sudoers.c:855
+#: plugins/sudoers/check.c:227 plugins/sudoers/check.c:233
+#: plugins/sudoers/sudoers.c:562 plugins/sudoers/sudoers.c:566
#, c-format
msgid "unknown uid: %u"
msgstr "未知的用户 ID:%u"
-#: plugins/sudoers/check.c:761 plugins/sudoers/sudoers.c:792
-#: plugins/sudoers/sudoers.c:1120 plugins/sudoers/testsudoers.c:225
-#: plugins/sudoers/testsudoers.c:369
+#: plugins/sudoers/check.c:230 plugins/sudoers/policy.c:635
+#: plugins/sudoers/sudoers.c:845 plugins/sudoers/testsudoers.c:215
+#: plugins/sudoers/testsudoers.c:359
#, c-format
msgid "unknown user: %s"
msgstr "未知用户:%s"
msgid "Set of limit privileges"
msgstr "限制权限的集合"
-#: plugins/sudoers/defaults.c:208
+#: plugins/sudoers/def_data.c:355
+msgid "Run commands on a pty in the background"
+msgstr "在后台的伪终端上运行命令"
+
+#: plugins/sudoers/def_data.c:359
+msgid "Create a new PAM session for the command to run in"
+msgstr "创建一个新的 PAM 会话来运行该命令"
+
+#: plugins/sudoers/def_data.c:363
+msgid "Maximum I/O log sequence number"
+msgstr "最大 I/O 日志序列号"
+
+#: plugins/sudoers/defaults.c:207 plugins/sudoers/defaults.c:587
#, c-format
msgid "unknown defaults entry `%s'"
msgstr "未知的默认条目“%s”"
-#: plugins/sudoers/defaults.c:216 plugins/sudoers/defaults.c:226
-#: plugins/sudoers/defaults.c:246 plugins/sudoers/defaults.c:259
-#: plugins/sudoers/defaults.c:272 plugins/sudoers/defaults.c:285
-#: plugins/sudoers/defaults.c:298 plugins/sudoers/defaults.c:318
-#: plugins/sudoers/defaults.c:328
+#: plugins/sudoers/defaults.c:215 plugins/sudoers/defaults.c:225
+#: plugins/sudoers/defaults.c:245 plugins/sudoers/defaults.c:258
+#: plugins/sudoers/defaults.c:271 plugins/sudoers/defaults.c:284
+#: plugins/sudoers/defaults.c:297 plugins/sudoers/defaults.c:317
+#: plugins/sudoers/defaults.c:327
#, c-format
msgid "value `%s' is invalid for option `%s'"
msgstr "值“%s”对选项“%s”无效"
-#: plugins/sudoers/defaults.c:219 plugins/sudoers/defaults.c:229
-#: plugins/sudoers/defaults.c:237 plugins/sudoers/defaults.c:254
-#: plugins/sudoers/defaults.c:267 plugins/sudoers/defaults.c:280
-#: plugins/sudoers/defaults.c:293 plugins/sudoers/defaults.c:313
-#: plugins/sudoers/defaults.c:324
+#: plugins/sudoers/defaults.c:218 plugins/sudoers/defaults.c:228
+#: plugins/sudoers/defaults.c:236 plugins/sudoers/defaults.c:253
+#: plugins/sudoers/defaults.c:266 plugins/sudoers/defaults.c:279
+#: plugins/sudoers/defaults.c:292 plugins/sudoers/defaults.c:312
+#: plugins/sudoers/defaults.c:323
#, c-format
msgid "no value specified for `%s'"
msgstr "没有给“%s”指定值"
-#: plugins/sudoers/defaults.c:242
+#: plugins/sudoers/defaults.c:241
#, c-format
msgid "values for `%s' must start with a '/'"
msgstr "“%s”的值必须以“/”开头"
-#: plugins/sudoers/defaults.c:304
+#: plugins/sudoers/defaults.c:303
#, c-format
msgid "option `%s' does not take a value"
msgstr "“%s”选项不带值"
+#: plugins/sudoers/env.c:288 plugins/sudoers/env.c:293
+#: plugins/sudoers/env.c:395 plugins/sudoers/linux_audit.c:82
+#: plugins/sudoers/policy.c:420 plugins/sudoers/policy.c:427
+#: plugins/sudoers/prompt.c:171 plugins/sudoers/sudoers.c:654
+#: plugins/sudoers/testsudoers.c:243
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "内部错误,%s 溢出"
+
#: plugins/sudoers/env.c:367
#, c-format
msgid "sudo_putenv: corrupted envp, length mismatch"
msgstr "sudo_putenv:envp 损坏,长度不符"
-#: plugins/sudoers/env.c:369 plugins/sudoers/env.c:448
-#: plugins/sudoers/toke_util.c:113 plugins/sudoers/toke_util.c:167
-#: plugins/sudoers/toke_util.c:207 toke.l:697 toke.l:827 toke.l:887 toke.l:983
-#, c-format
-msgid "unable to allocate memory"
-msgstr "无法分配内存"
-
-#: plugins/sudoers/env.c:992
+#: plugins/sudoers/env.c:1012
#, c-format
msgid "sorry, you are not allowed to set the following environment variables: %s"
msgstr "对不起,您无权设置以下环境变量:%s"
-#: plugins/sudoers/find_path.c:69 plugins/sudoers/find_path.c:108
-#: plugins/sudoers/find_path.c:123 plugins/sudoers/iolog.c:125
-#: plugins/sudoers/sudoers.c:945 toke.l:693 toke.l:883
-#, c-format
-msgid "%s: %s"
-msgstr "%s:%s"
-
-#: plugins/sudoers/group_plugin.c:91
-#, c-format
-msgid "%s%s: %s"
-msgstr "%s%s:%s"
-
-#: plugins/sudoers/group_plugin.c:103
+#: plugins/sudoers/group_plugin.c:102
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s 必须属于用户 ID %d"
-#: plugins/sudoers/group_plugin.c:107
+#: plugins/sudoers/group_plugin.c:106
#, c-format
msgid "%s must only be writable by owner"
msgstr "%s 必须只对所有者可写"
-#: plugins/sudoers/group_plugin.c:114
+#: plugins/sudoers/group_plugin.c:113 plugins/sudoers/sssd.c:256
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "无法执行 dlopen %s:%s"
-#: plugins/sudoers/group_plugin.c:119
+#: plugins/sudoers/group_plugin.c:118
#, c-format
msgid "unable to find symbol \"group_plugin\" in %s"
msgstr "无法在 %s 中找到符号“group_plugin”"
-#: plugins/sudoers/group_plugin.c:124
+#: plugins/sudoers/group_plugin.c:123
#, c-format
msgid "%s: incompatible group plugin major version %d, expected %d"
msgstr "%s:不兼容的组插件主版本号 %d,应为 %d"
-#: plugins/sudoers/interfaces.c:112
+#: plugins/sudoers/interfaces.c:119
msgid "Local IP address and netmask pairs:\n"
msgstr "本地 IP 地址和网络掩码对:\n"
-#: plugins/sudoers/iolog.c:205 plugins/sudoers/sudoers.c:991
+#: plugins/sudoers/iolog.c:131 plugins/sudoers/iolog.c:144
+#: plugins/sudoers/timestamp.c:200 plugins/sudoers/timestamp.c:244
+#, c-format
+msgid "%s exists but is not a directory (0%o)"
+msgstr "%s 存在,但不是目录(0%o)"
+
+#: plugins/sudoers/iolog.c:141 plugins/sudoers/iolog.c:155
+#: plugins/sudoers/iolog.c:159 plugins/sudoers/timestamp.c:165
+#: plugins/sudoers/timestamp.c:221 plugins/sudoers/timestamp.c:271
+#, c-format
+msgid "unable to mkdir %s"
+msgstr "无法创建目录 %s"
+
+#: plugins/sudoers/iolog.c:217 plugins/sudoers/sudoers.c:708
+#: plugins/sudoers/sudoreplay.c:354 plugins/sudoers/sudoreplay.c:815
+#: plugins/sudoers/sudoreplay.c:978 plugins/sudoers/timestamp.c:155
+#: plugins/sudoers/visudo.c:809
+#, c-format
+msgid "unable to open %s"
+msgstr "无法打开 %s"
+
+#: plugins/sudoers/iolog.c:250 plugins/sudoers/sudoers.c:711
#, c-format
msgid "unable to read %s"
msgstr "无法读取 %s"
-#: plugins/sudoers/iolog.c:208
+#: plugins/sudoers/iolog.c:274 plugins/sudoers/timestamp.c:159
#, c-format
-msgid "invalid sequence number %s"
-msgstr "æ\97 æ\95\88ç\9a\84åº\8få\88\97å\8f·ï¼\9a%s"
+msgid "unable to write to %s"
+msgstr "æ\97 æ³\95å\86\99å\85¥ %s"
-#: plugins/sudoers/iolog.c:258 plugins/sudoers/iolog.c:261
-#: plugins/sudoers/iolog.c:526 plugins/sudoers/iolog.c:531
-#: plugins/sudoers/iolog.c:537 plugins/sudoers/iolog.c:545
-#: plugins/sudoers/iolog.c:553 plugins/sudoers/iolog.c:561
-#: plugins/sudoers/iolog.c:569
+#: plugins/sudoers/iolog.c:334
#, c-format
msgid "unable to create %s"
msgstr "无法创建 %s"
-#: plugins/sudoers/iolog_path.c:263 plugins/sudoers/sudoers.c:382
-#, c-format
-msgid "unable to set locale to \"%s\", using \"C\""
-msgstr "无法将区域设置为“%s”,将使用“C”"
-
-#: plugins/sudoers/ldap.c:387
+#: plugins/sudoers/ldap.c:385
#, c-format
msgid "sudo_ldap_conf_add_ports: port too large"
msgstr "sudo_ldap_conf_add_ports:端口太大"
-#: plugins/sudoers/ldap.c:410
+#: plugins/sudoers/ldap.c:408
#, c-format
msgid "sudo_ldap_conf_add_ports: out of space expanding hostbuf"
msgstr "sudo_ldap_conf_add_ports:扩展主机缓存时空间不足"
-#: plugins/sudoers/ldap.c:440
+#: plugins/sudoers/ldap.c:438
#, c-format
msgid "unsupported LDAP uri type: %s"
msgstr "不支持的 LDAP URI 类型:%s"
-#: plugins/sudoers/ldap.c:469
+#: plugins/sudoers/ldap.c:467
#, c-format
msgid "invalid uri: %s"
msgstr "无效的 URI:%s"
-#: plugins/sudoers/ldap.c:475
+#: plugins/sudoers/ldap.c:473
#, c-format
msgid "unable to mix ldap and ldaps URIs"
msgstr "无法混合 ldap 和 ldaps URI"
-#: plugins/sudoers/ldap.c:479
+#: plugins/sudoers/ldap.c:477
#, c-format
msgid "unable to mix ldaps and starttls"
msgstr "无法混合 ldaps 和 starttls"
-#: plugins/sudoers/ldap.c:498
+#: plugins/sudoers/ldap.c:496
#, c-format
msgid "sudo_ldap_parse_uri: out of space building hostbuf"
msgstr "sudo_ldap_parse_uri:构建主机缓存时空间不足"
-#: plugins/sudoers/ldap.c:572
+#: plugins/sudoers/ldap.c:570
#, c-format
msgid "unable to initialize SSL cert and key db: %s"
msgstr "无法初始化 SSL 证书和密钥数据库:%s"
-#: plugins/sudoers/ldap.c:575
+#: plugins/sudoers/ldap.c:573
#, c-format
msgid "you must set TLS_CERT in %s to use SSL"
msgstr "要使用 SSL,您必须在 %s 中设置 TLS_CERT"
-#: plugins/sudoers/ldap.c:992
+#: plugins/sudoers/ldap.c:1062
#, c-format
msgid "unable to get GMT time"
msgstr "无法获取 GMT 时间"
-#: plugins/sudoers/ldap.c:998
+#: plugins/sudoers/ldap.c:1068
#, c-format
msgid "unable to format timestamp"
msgstr "无法格式化时间戳"
-#: plugins/sudoers/ldap.c:1006
+#: plugins/sudoers/ldap.c:1076
#, c-format
msgid "unable to build time filter"
msgstr "无法构建时间过滤器"
-#: plugins/sudoers/ldap.c:1225
+#: plugins/sudoers/ldap.c:1295
#, c-format
msgid "sudo_ldap_build_pass1 allocation mismatch"
msgstr "sudo_ldap_build_pass1 分配不匹配"
-#: plugins/sudoers/ldap.c:1761
+#: plugins/sudoers/ldap.c:1842
#, c-format
msgid ""
"\n"
"\n"
"LDAP 角色:%s\n"
-#: plugins/sudoers/ldap.c:1763
+#: plugins/sudoers/ldap.c:1844
#, c-format
msgid ""
"\n"
"\n"
"LDAP 角色:未知\n"
-#: plugins/sudoers/ldap.c:1810
+#: plugins/sudoers/ldap.c:1891
#, c-format
msgid " Order: %s\n"
msgstr " 顺序:%s\n"
-#: plugins/sudoers/ldap.c:1818 plugins/sudoers/sssd.c:1168
+#: plugins/sudoers/ldap.c:1899 plugins/sudoers/parse.c:515
+#: plugins/sudoers/sssd.c:1242
#, c-format
msgid " Commands:\n"
msgstr " 命令:\n"
-#: plugins/sudoers/ldap.c:2240
+#: plugins/sudoers/ldap.c:2321
#, c-format
msgid "unable to initialize LDAP: %s"
msgstr "无法初始化 LDAP:%s"
-#: plugins/sudoers/ldap.c:2274
+#: plugins/sudoers/ldap.c:2355
#, c-format
msgid "start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()"
msgstr "指定了 start_tls,但 LDAP 库不支持 ldap_start_tls_s() 或 ldap_start_tls_s_np()"
-#: plugins/sudoers/ldap.c:2510
+#: plugins/sudoers/ldap.c:2591
#, c-format
msgid "invalid sudoOrder attribute: %s"
msgstr "无效的 sudoOrder 属性:%s"
msgid "unable to send audit message"
msgstr "无法发送审核消息"
-#: plugins/sudoers/logging.c:202
+#: plugins/sudoers/logging.c:140
+#, c-format
+msgid "%8s : %s"
+msgstr "%8s:%s"
+
+#: plugins/sudoers/logging.c:168
+#, c-format
+msgid "%8s : (command continued) %s"
+msgstr "%8s:(命令继续执行) %s"
+
+#: plugins/sudoers/logging.c:194
#, c-format
msgid "unable to open log file: %s: %s"
msgstr "无法打开日志文件:%s:%s"
-#: plugins/sudoers/logging.c:205
+#: plugins/sudoers/logging.c:197
#, c-format
msgid "unable to lock log file: %s: %s"
msgstr "无法锁定日志文件:%s:%s"
-#: plugins/sudoers/logging.c:260
+#: plugins/sudoers/logging.c:245
+msgid "No user or host"
+msgstr "无用户或主机"
+
+#: plugins/sudoers/logging.c:247
+msgid "validation failure"
+msgstr "校验失败"
+
+#: plugins/sudoers/logging.c:254
msgid "user NOT in sudoers"
msgstr "用户不在 sudoers 中"
-#: plugins/sudoers/logging.c:262
+#: plugins/sudoers/logging.c:256
msgid "user NOT authorized on host"
msgstr "用户未获得此主机上的授权"
-#: plugins/sudoers/logging.c:264
+#: plugins/sudoers/logging.c:258
msgid "command not allowed"
msgstr "命令禁止使用"
-#: plugins/sudoers/logging.c:274
+#: plugins/sudoers/logging.c:288
#, c-format
msgid "%s is not in the sudoers file. This incident will be reported.\n"
msgstr "%s 不在 sudoers 文件中。此事将被报告。\n"
-#: plugins/sudoers/logging.c:277
+#: plugins/sudoers/logging.c:291
#, c-format
msgid "%s is not allowed to run sudo on %s. This incident will be reported.\n"
msgstr "%s 无权在 %s 上运行 sudo。此事将被报告。\n"
-#: plugins/sudoers/logging.c:281
+#: plugins/sudoers/logging.c:295
#, c-format
msgid "Sorry, user %s may not run sudo on %s.\n"
msgstr "对不起,用户 %s 不能在 %s 上运行 sudo。\n"
-#: plugins/sudoers/logging.c:284
+#: plugins/sudoers/logging.c:298
#, c-format
msgid "Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n"
msgstr "对不起,用户 %1$s 无权以 %5$s%6$s%7$s 的身份在 %8$s 上执行 %2$s%3$s%4$s。\n"
-#: plugins/sudoers/logging.c:317
-msgid "No user or host"
-msgstr "无用户或主机"
-
-#: plugins/sudoers/logging.c:319
-msgid "validation failure"
-msgstr "校验失败"
-
-#: plugins/sudoers/logging.c:336 plugins/sudoers/sudoers.c:502
-#: plugins/sudoers/sudoers.c:503 plugins/sudoers/sudoers.c:1539
-#: plugins/sudoers/sudoers.c:1540
+#: plugins/sudoers/logging.c:335 plugins/sudoers/sudoers.c:383
+#: plugins/sudoers/sudoers.c:384 plugins/sudoers/sudoers.c:386
+#: plugins/sudoers/sudoers.c:387 plugins/sudoers/sudoers.c:1001
+#: plugins/sudoers/sudoers.c:1002
#, c-format
msgid "%s: command not found"
msgstr "%s:找不到命令"
-#: plugins/sudoers/logging.c:338 plugins/sudoers/sudoers.c:499
+#: plugins/sudoers/logging.c:337 plugins/sudoers/sudoers.c:379
#, c-format
msgid ""
"ignoring `%s' found in '.'\n"
"忽略在“.”中找到的“%s”\n"
"请使用“sudo ./%s”,如果这是您想运行的“%s”。"
-#: plugins/sudoers/logging.c:352
+#: plugins/sudoers/logging.c:353
msgid "authentication failure"
msgstr "认证失败"
-#: plugins/sudoers/logging.c:376
+#: plugins/sudoers/logging.c:379
+msgid "a password is required"
+msgstr "需要密码"
+
+#: plugins/sudoers/logging.c:443 plugins/sudoers/logging.c:487
#, c-format
msgid "%d incorrect password attempt"
msgid_plural "%d incorrect password attempts"
msgstr[0] "%d 次错误密码尝试"
-#: plugins/sudoers/logging.c:379
-msgid "a password is required"
-msgstr "需要密码"
-
-#: plugins/sudoers/logging.c:530
+#: plugins/sudoers/logging.c:566
#, c-format
msgid "unable to fork"
msgstr "无法执行 fork"
-#: plugins/sudoers/logging.c:537 plugins/sudoers/logging.c:599
+#: plugins/sudoers/logging.c:573 plugins/sudoers/logging.c:629
#, c-format
msgid "unable to fork: %m"
msgstr "无法执行 fork:%m"
-#: plugins/sudoers/logging.c:589
+#: plugins/sudoers/logging.c:619
#, c-format
msgid "unable to open pipe: %m"
msgstr "无法打开管道:%m"
-#: plugins/sudoers/logging.c:614
+#: plugins/sudoers/logging.c:644
#, c-format
msgid "unable to dup stdin: %m"
msgstr "无法 dup stdin:%m"
-#: plugins/sudoers/logging.c:650
+#: plugins/sudoers/logging.c:680
#, c-format
msgid "unable to execute %s: %m"
msgstr "无法执行 %s:%m"
-#: plugins/sudoers/logging.c:865
+#: plugins/sudoers/logging.c:899
#, c-format
msgid "internal error: insufficient space for log line"
msgstr "内部错误:没有足够的空间存放日志行"
-#: plugins/sudoers/parse.c:123
+#: plugins/sudoers/match.c:631
+#, c-format
+msgid "unsupported digest type %d for %s"
+msgstr "%2$s 的摘要类型 %1$d 不支持"
+
+#: plugins/sudoers/match.c:661
+#, c-format
+msgid "%s: read error"
+msgstr "%s:写错误"
+
+#: plugins/sudoers/match.c:670
+#, c-format
+msgid "digest for %s (%s) is not in %s form"
+msgstr "%s(%s) 的摘要不是 %s 形式"
+
+#: plugins/sudoers/parse.c:124
#, c-format
msgid "parse error in %s near line %d"
msgstr "%s 中第 %d 行附近有解析错误"
-#: plugins/sudoers/parse.c:126
+#: plugins/sudoers/parse.c:127
#, c-format
msgid "parse error in %s"
msgstr "%s 中出现解析错误"
-#: plugins/sudoers/parse.c:414
+#: plugins/sudoers/parse.c:462
#, c-format
msgid ""
"\n"
"\n"
"Sudoers 条目:\n"
-#: plugins/sudoers/parse.c:416
+#: plugins/sudoers/parse.c:463
#, c-format
msgid " RunAsUsers: "
msgstr " RunAs 用户:"
-#: plugins/sudoers/parse.c:431
+#: plugins/sudoers/parse.c:477
#, c-format
msgid " RunAsGroups: "
msgstr " RunAs 组:"
-#: plugins/sudoers/parse.c:440
+#: plugins/sudoers/parse.c:486
+#, c-format
+msgid " Options: "
+msgstr " 选项:"
+
+#: plugins/sudoers/policy.c:517 plugins/sudoers/visudo.c:750
+#, c-format
+msgid "unable to execute %s"
+msgstr "无法执行 %s"
+
+#: plugins/sudoers/policy.c:659
+#, c-format
+msgid "Sudoers policy plugin version %s\n"
+msgstr "Sudoers 策略插件版本 %s\n"
+
+#: plugins/sudoers/policy.c:661
+#, c-format
+msgid "Sudoers file grammar version %d\n"
+msgstr "Sudoers 文件语法版本 %d\n"
+
+#: plugins/sudoers/policy.c:665
#, c-format
msgid ""
-" Commands:\n"
-"\t"
+"\n"
+"Sudoers path: %s\n"
msgstr ""
-" 命令:\n"
-"\t"
+"\n"
+"Sudoers 路径:%s\n"
-#: plugins/sudoers/plugin_error.c:100 plugins/sudoers/plugin_error.c:105
-msgid ": "
-msgstr ":"
+#: plugins/sudoers/policy.c:668
+#, c-format
+msgid "nsswitch path: %s\n"
+msgstr "nsswitch 路径:%s\n"
-#: plugins/sudoers/pwutil.c:278
+#: plugins/sudoers/policy.c:670
#, c-format
-msgid "unable to cache uid %u (%s), already exists"
-msgstr "无法缓存用户 ID %u(%s),已存在"
+msgid "ldap.conf path: %s\n"
+msgstr "ldap.conf 路径:%s\n"
-#: plugins/sudoers/pwutil.c:286
+#: plugins/sudoers/policy.c:671
+#, c-format
+msgid "ldap.secret path: %s\n"
+msgstr "ldap.secret 路径:%s\n"
+
+#: plugins/sudoers/pwutil.c:148
#, c-format
msgid "unable to cache uid %u, already exists"
msgstr "无法缓存用户 ID %u,已存在"
-#: plugins/sudoers/pwutil.c:322 plugins/sudoers/pwutil.c:331
+#: plugins/sudoers/pwutil.c:190
#, c-format
msgid "unable to cache user %s, already exists"
msgstr "无法缓存用户 %s,已存在"
-#: plugins/sudoers/pwutil.c:668
-#, c-format
-msgid "unable to cache gid %u (%s), already exists"
-msgstr "无法缓存组 ID %u(%s),已存在"
-
-#: plugins/sudoers/pwutil.c:676
+#: plugins/sudoers/pwutil.c:374
#, c-format
msgid "unable to cache gid %u, already exists"
msgstr "无法缓存组 ID %u,已存在"
-#: plugins/sudoers/pwutil.c:706 plugins/sudoers/pwutil.c:715
+#: plugins/sudoers/pwutil.c:410
#, c-format
msgid "unable to cache group %s, already exists"
msgstr "无法缓存组 %s,已存在"
-#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:436
-#: plugins/sudoers/set_perms.c:828 plugins/sudoers/set_perms.c:1114
-#: plugins/sudoers/set_perms.c:1396
+#: plugins/sudoers/pwutil.c:564 plugins/sudoers/pwutil.c:586
+#, c-format
+msgid "unable to cache group list for %s, already exists"
+msgstr "无法缓存组列表 %s,已存在"
+
+#: plugins/sudoers/pwutil.c:584
+#, c-format
+msgid "unable to parse groups for %s"
+msgstr "无法对 %s 解析组"
+
+#: plugins/sudoers/set_perms.c:122 plugins/sudoers/set_perms.c:445
+#: plugins/sudoers/set_perms.c:846 plugins/sudoers/set_perms.c:1141
+#: plugins/sudoers/set_perms.c:1431
msgid "perm stack overflow"
msgstr "权限堆栈上溢"
-#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:444
-#: plugins/sudoers/set_perms.c:836 plugins/sudoers/set_perms.c:1122
-#: plugins/sudoers/set_perms.c:1404
+#: plugins/sudoers/set_perms.c:130 plugins/sudoers/set_perms.c:453
+#: plugins/sudoers/set_perms.c:854 plugins/sudoers/set_perms.c:1149
+#: plugins/sudoers/set_perms.c:1439
msgid "perm stack underflow"
msgstr "权限堆栈下溢"
-#: plugins/sudoers/set_perms.c:270 plugins/sudoers/set_perms.c:580
-#: plugins/sudoers/set_perms.c:957 plugins/sudoers/set_perms.c:1243
+#: plugins/sudoers/set_perms.c:189 plugins/sudoers/set_perms.c:500
+#: plugins/sudoers/set_perms.c:1200 plugins/sudoers/set_perms.c:1471
+msgid "unable to change to root gid"
+msgstr "无法切换为 root 组 ID"
+
+#: plugins/sudoers/set_perms.c:278 plugins/sudoers/set_perms.c:597
+#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1277
msgid "unable to change to runas gid"
msgstr "无法切换为 runas 组 ID"
-#: plugins/sudoers/set_perms.c:282 plugins/sudoers/set_perms.c:592
-#: plugins/sudoers/set_perms.c:967 plugins/sudoers/set_perms.c:1253
+#: plugins/sudoers/set_perms.c:290 plugins/sudoers/set_perms.c:609
+#: plugins/sudoers/set_perms.c:993 plugins/sudoers/set_perms.c:1287
msgid "unable to change to runas uid"
msgstr "无法切换为 runas 用户 ID"
-#: plugins/sudoers/set_perms.c:300 plugins/sudoers/set_perms.c:610
-#: plugins/sudoers/set_perms.c:983 plugins/sudoers/set_perms.c:1269
+#: plugins/sudoers/set_perms.c:308 plugins/sudoers/set_perms.c:627
+#: plugins/sudoers/set_perms.c:1009 plugins/sudoers/set_perms.c:1303
msgid "unable to change to sudoers gid"
msgstr "无法切换为 sudoers 组 ID"
-#: plugins/sudoers/set_perms.c:353 plugins/sudoers/set_perms.c:681
-#: plugins/sudoers/set_perms.c:1029 plugins/sudoers/set_perms.c:1315
-#: plugins/sudoers/set_perms.c:1474
+#: plugins/sudoers/set_perms.c:361 plugins/sudoers/set_perms.c:698
+#: plugins/sudoers/set_perms.c:1055 plugins/sudoers/set_perms.c:1349
+#: plugins/sudoers/set_perms.c:1515
msgid "too many processes"
msgstr "进程过多"
-#: plugins/sudoers/set_perms.c:1542
+#: plugins/sudoers/set_perms.c:1583
msgid "unable to set runas group vector"
msgstr "无法设置 runas 组向量"
-#: plugins/sudoers/sssd.c:251
+#: plugins/sudoers/sssd.c:257
#, c-format
-msgid "Unable to dlopen %s: %s"
-msgstr "无法执行 dlopen %s:%s"
-
-#: plugins/sudoers/sssd.c:252
-#, c-format
-msgid "Unable to initialize SSS source. Is SSSD installed on your machine?"
+msgid "unable to initialize SSS source. Is SSSD installed on your machine?"
msgstr "无法初始化 SSS 资源。您的计算机上安装 SSSD 了吗?"
-#: plugins/sudoers/sssd.c:258 plugins/sudoers/sssd.c:266
-#: plugins/sudoers/sssd.c:273 plugins/sudoers/sssd.c:280
-#: plugins/sudoers/sssd.c:287
+#: plugins/sudoers/sssd.c:263 plugins/sudoers/sssd.c:271
+#: plugins/sudoers/sssd.c:278 plugins/sudoers/sssd.c:285
+#: plugins/sudoers/sssd.c:292
#, c-format
msgid "unable to find symbol \"%s\" in %s"
msgstr "无法在 %s 中找到符号“%s”"
-#: plugins/sudoers/sudo_nss.c:267
+#: plugins/sudoers/sudo_nss.c:283
#, c-format
msgid "Matching Defaults entries for %s on this host:\n"
msgstr "匹配此主机上 %s 的默认条目:\n"
-#: plugins/sudoers/sudo_nss.c:280
+#: plugins/sudoers/sudo_nss.c:296
#, c-format
msgid "Runas and Command-specific defaults for %s:\n"
msgstr "%s Runas 和命令特定的默认值:\n"
-#: plugins/sudoers/sudo_nss.c:293
+#: plugins/sudoers/sudo_nss.c:309
#, c-format
msgid "User %s may run the following commands on this host:\n"
msgstr "用户 %s 可以在该主机上运行以下命令:\n"
-#: plugins/sudoers/sudo_nss.c:302
+#: plugins/sudoers/sudo_nss.c:318
#, c-format
msgid "User %s is not allowed to run sudo on %s.\n"
msgstr "用户 %s 无权在 %s 上运行 sudo。\n"
-#: plugins/sudoers/sudoers.c:210 plugins/sudoers/sudoers.c:243
-#: plugins/sudoers/sudoers.c:953
+#: plugins/sudoers/sudoers.c:159 plugins/sudoers/sudoers.c:193
+#: plugins/sudoers/sudoers.c:673
msgid "problem with defaults entries"
msgstr "默认条目有问题"
-#: plugins/sudoers/sudoers.c:216
+#: plugins/sudoers/sudoers.c:165
#, c-format
msgid "no valid sudoers sources found, quitting"
msgstr "没有找到有效的 sudoers 资源,退出"
-#: plugins/sudoers/sudoers.c:268
-#, c-format
-msgid "unable to execute %s: %s"
-msgstr "无法执行 %s:%s"
-
-#: plugins/sudoers/sudoers.c:335
+#: plugins/sudoers/sudoers.c:227
#, c-format
msgid "sudoers specifies that root is not allowed to sudo"
msgstr "sudoers 指定 root 不允许执行 sudo"
-#: plugins/sudoers/sudoers.c:342
+#: plugins/sudoers/sudoers.c:234
#, c-format
msgid "you are not permitted to use the -C option"
msgstr "您无权使用 -C 选项"
-#: plugins/sudoers/sudoers.c:431
+#: plugins/sudoers/sudoers.c:315
#, c-format
msgid "timestamp owner (%s): No such user"
msgstr "时间戳所有者(%s):无此用户"
-#: plugins/sudoers/sudoers.c:447
+#: plugins/sudoers/sudoers.c:329
msgid "no tty"
msgstr "无终端"
-#: plugins/sudoers/sudoers.c:448
+#: plugins/sudoers/sudoers.c:330
#, c-format
msgid "sorry, you must have a tty to run sudo"
msgstr "抱歉,您必须拥有一个终端来执行 sudo"
-#: plugins/sudoers/sudoers.c:498
+#: plugins/sudoers/sudoers.c:378
msgid "command in current directory"
msgstr "当前目录中的命令"
-#: plugins/sudoers/sudoers.c:510
+#: plugins/sudoers/sudoers.c:395
#, c-format
msgid "sorry, you are not allowed to preserve the environment"
msgstr "抱歉,您无权保留环境"
-#: plugins/sudoers/sudoers.c:1006
+#: plugins/sudoers/sudoers.c:723 plugins/sudoers/timestamp.c:216
+#: plugins/sudoers/timestamp.c:260 plugins/sudoers/timestamp.c:328
+#: plugins/sudoers/visudo.c:310 plugins/sudoers/visudo.c:576
+#, c-format
+msgid "unable to stat %s"
+msgstr "无法 stat %s"
+
+#: plugins/sudoers/sudoers.c:726
#, c-format
msgid "%s is not a regular file"
msgstr "%s 不是常规文件"
-#: plugins/sudoers/sudoers.c:1009 toke.l:846
+#: plugins/sudoers/sudoers.c:729 toke.l:913
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s 属于用户 ID %u,应为 %u"
-#: plugins/sudoers/sudoers.c:1013 toke.l:853
+#: plugins/sudoers/sudoers.c:733 toke.l:920
#, c-format
msgid "%s is world writable"
msgstr "%s 可被任何人写"
-#: plugins/sudoers/sudoers.c:1016 toke.l:858
+#: plugins/sudoers/sudoers.c:736 toke.l:925
#, c-format
msgid "%s is owned by gid %u, should be %u"
msgstr "%s 属于组 ID %u,应为 %u"
-#: plugins/sudoers/sudoers.c:1043
+#: plugins/sudoers/sudoers.c:763
#, c-format
msgid "only root can use `-c %s'"
msgstr "只有 root 才能使用“-c %s”"
-#: plugins/sudoers/sudoers.c:1060 plugins/sudoers/sudoers.c:1062
+#: plugins/sudoers/sudoers.c:780 plugins/sudoers/sudoers.c:782
#, c-format
msgid "unknown login class: %s"
msgstr "未知的登录类别:%s"
-#: plugins/sudoers/sudoers.c:1089
+#: plugins/sudoers/sudoers.c:814
#, c-format
msgid "unable to resolve host %s"
msgstr "无法解析主机:%s"
-#: plugins/sudoers/sudoers.c:1141 plugins/sudoers/testsudoers.c:387
+#: plugins/sudoers/sudoers.c:866 plugins/sudoers/testsudoers.c:377
#, c-format
msgid "unknown group: %s"
msgstr "未知组:%s"
-#: plugins/sudoers/sudoers.c:1190
-#, c-format
-msgid "Sudoers policy plugin version %s\n"
-msgstr "Sudoers 策略插件版本 %s\n"
-
-#: plugins/sudoers/sudoers.c:1192
-#, c-format
-msgid "Sudoers file grammar version %d\n"
-msgstr "Sudoers 文件语法版本 %d\n"
-
-#: plugins/sudoers/sudoers.c:1196
-#, c-format
-msgid ""
-"\n"
-"Sudoers path: %s\n"
-msgstr ""
-"\n"
-"Sudoers 路径:%s\n"
-
-#: plugins/sudoers/sudoers.c:1199
-#, c-format
-msgid "nsswitch path: %s\n"
-msgstr "nsswitch 路径:%s\n"
-
-#: plugins/sudoers/sudoers.c:1201
-#, c-format
-msgid "ldap.conf path: %s\n"
-msgstr "ldap.conf 路径:%s\n"
-
-#: plugins/sudoers/sudoers.c:1202
-#, c-format
-msgid "ldap.secret path: %s\n"
-msgstr "ldap.secret 路径:%s\n"
-
-#: plugins/sudoers/sudoreplay.c:293
+#: plugins/sudoers/sudoreplay.c:292
#, c-format
msgid "invalid filter option: %s"
msgstr "无效的过滤器选项:%s"
-#: plugins/sudoers/sudoreplay.c:306
+#: plugins/sudoers/sudoreplay.c:305
#, c-format
msgid "invalid max wait: %s"
msgstr "无效的最大等待:%s"
-#: plugins/sudoers/sudoreplay.c:312
+#: plugins/sudoers/sudoreplay.c:311
#, c-format
msgid "invalid speed factor: %s"
msgstr "无法的速度系数:%s"
-#: plugins/sudoers/sudoreplay.c:315 plugins/sudoers/visudo.c:187
+#: plugins/sudoers/sudoreplay.c:314 plugins/sudoers/visudo.c:179
#, c-format
msgid "%s version %s\n"
msgstr "%s 版本 %s\n"
-#: plugins/sudoers/sudoreplay.c:340
+#: plugins/sudoers/sudoreplay.c:339
#, c-format
msgid "%s/%.2s/%.2s/%.2s/timing: %s"
msgstr "%s/%.2s/%.2s/%.2s/时序:%s"
-#: plugins/sudoers/sudoreplay.c:346
+#: plugins/sudoers/sudoreplay.c:345
#, c-format
msgid "%s/%s/timing: %s"
msgstr "%s/%s/时序:%s"
-#: plugins/sudoers/sudoreplay.c:364
+#: plugins/sudoers/sudoreplay.c:363
#, c-format
msgid "Replaying sudo session: %s\n"
msgstr "回放 sudo 会话:%s\n"
-#: plugins/sudoers/sudoreplay.c:370
+#: plugins/sudoers/sudoreplay.c:369
#, c-format
msgid "Warning: your terminal is too small to properly replay the log.\n"
msgstr "警告:您的终端尺寸太小,不能正常地回放日志。\n"
-#: plugins/sudoers/sudoreplay.c:371
+#: plugins/sudoers/sudoreplay.c:370
#, c-format
msgid "Log geometry is %d x %d, your terminal's geometry is %d x %d."
msgstr "日志的几何尺寸为 %dx%d,您终端的几何尺寸为 %dx%d。"
-#: plugins/sudoers/sudoreplay.c:401
+#: plugins/sudoers/sudoreplay.c:400
#, c-format
msgid "unable to set tty to raw mode"
msgstr "无法将终端设为原始模式"
-#: plugins/sudoers/sudoreplay.c:418
+#: plugins/sudoers/sudoreplay.c:416
#, c-format
msgid "invalid timing file line: %s"
msgstr "无效的时序文件行:%s"
-#: plugins/sudoers/sudoreplay.c:501
+#: plugins/sudoers/sudoreplay.c:499
#, c-format
msgid "writing to standard output"
msgstr "写入标准输出"
-#: plugins/sudoers/sudoreplay.c:530
+#: plugins/sudoers/sudoreplay.c:528
#, c-format
msgid "nanosleep: tv_sec %ld, tv_nsec %ld"
msgstr "nanosleep:tv_sec %ld,tv_nsec %ld"
-#: plugins/sudoers/sudoreplay.c:643 plugins/sudoers/sudoreplay.c:668
+#: plugins/sudoers/sudoreplay.c:641 plugins/sudoers/sudoreplay.c:666
#, c-format
msgid "ambiguous expression \"%s\""
msgstr "有歧义的表达式“%s”"
-#: plugins/sudoers/sudoreplay.c:685
+#: plugins/sudoers/sudoreplay.c:683
#, c-format
msgid "too many parenthesized expressions, max %d"
msgstr "括号表达式过多,最多 %d"
-#: plugins/sudoers/sudoreplay.c:696
+#: plugins/sudoers/sudoreplay.c:694
#, c-format
msgid "unmatched ')' in expression"
msgstr "表达式中的“)”不匹配"
-#: plugins/sudoers/sudoreplay.c:702
+#: plugins/sudoers/sudoreplay.c:700
#, c-format
msgid "unknown search term \"%s\""
msgstr "未知的搜索词“%s”"
-#: plugins/sudoers/sudoreplay.c:716
+#: plugins/sudoers/sudoreplay.c:714
#, c-format
msgid "%s requires an argument"
msgstr "%s 需要参数"
-#: plugins/sudoers/sudoreplay.c:720
+#: plugins/sudoers/sudoreplay.c:718 plugins/sudoers/sudoreplay.c:1058
#, c-format
msgid "invalid regular expression: %s"
msgstr "无效的正则表达式:%s"
-#: plugins/sudoers/sudoreplay.c:726
+#: plugins/sudoers/sudoreplay.c:724
#, c-format
msgid "could not parse date \"%s\""
msgstr "无法解析日期“%s”"
-#: plugins/sudoers/sudoreplay.c:739
+#: plugins/sudoers/sudoreplay.c:737
#, c-format
msgid "unmatched '(' in expression"
msgstr "表达式中的“(”不匹配"
-#: plugins/sudoers/sudoreplay.c:741
+#: plugins/sudoers/sudoreplay.c:739
#, c-format
msgid "illegal trailing \"or\""
msgstr "非法的结尾字符“or”"
-#: plugins/sudoers/sudoreplay.c:743
+#: plugins/sudoers/sudoreplay.c:741
#, c-format
msgid "illegal trailing \"!\""
msgstr "非法的结尾字符“!”"
-#: plugins/sudoers/sudoreplay.c:1050
-#, c-format
-msgid "invalid regex: %s"
-msgstr "无效的正则表达式:%s"
-
-#: plugins/sudoers/sudoreplay.c:1174
+#: plugins/sudoers/sudoreplay.c:1182
#, c-format
msgid "usage: %s [-h] [-d directory] [-m max_wait] [-s speed_factor] ID\n"
msgstr "用法:%s [-h] [-d 目录] [-m 最长等待] [-s 速度系数] ID\n"
-#: plugins/sudoers/sudoreplay.c:1177
+#: plugins/sudoers/sudoreplay.c:1185
#, c-format
msgid "usage: %s [-h] [-d directory] -l [search expression]\n"
msgstr "用法:%s [-h] [-d 目录] -l [搜索表达式]\n"
-#: plugins/sudoers/sudoreplay.c:1186
+#: plugins/sudoers/sudoreplay.c:1194
#, c-format
msgid ""
"%s - replay sudo session logs\n"
"%s - 回放 sudo 会话记录\n"
"\n"
-#: plugins/sudoers/sudoreplay.c:1188
+#: plugins/sudoers/sudoreplay.c:1196
msgid ""
"\n"
"Options:\n"
" -s 速度系数 加速或减慢输出\n"
" -V 显示版本信息并退出"
-#: plugins/sudoers/testsudoers.c:338
+#: plugins/sudoers/testsudoers.c:328
msgid "\thost unmatched"
msgstr "\t主机不匹配"
-#: plugins/sudoers/testsudoers.c:341
+#: plugins/sudoers/testsudoers.c:331
msgid ""
"\n"
"Command allowed"
"\n"
"命令允许"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command denied"
"\n"
"命令被拒"
-#: plugins/sudoers/testsudoers.c:342
+#: plugins/sudoers/testsudoers.c:332
msgid ""
"\n"
"Command unmatched"
"\n"
"命令不匹配"
-#: plugins/sudoers/toke_util.c:218
+#: plugins/sudoers/timestamp.c:129
+#, c-format
+msgid "timestamp path too long: %s"
+msgstr "时间戳路径过长:%s"
+
+#: plugins/sudoers/timestamp.c:203 plugins/sudoers/timestamp.c:247
+#: plugins/sudoers/timestamp.c:292
+#, c-format
+msgid "%s owned by uid %u, should be uid %u"
+msgstr "%s 属于用户 ID %u,应为用户 ID %u"
+
+#: plugins/sudoers/timestamp.c:208 plugins/sudoers/timestamp.c:252
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0700"
+msgstr "%s 对非所有者可写(0%o),模式应该为 0700"
+
+#: plugins/sudoers/timestamp.c:286
+#, c-format
+msgid "%s exists but is not a regular file (0%o)"
+msgstr "%s 存在,但不是常规文件(0%o)"
+
+#: plugins/sudoers/timestamp.c:298
+#, c-format
+msgid "%s writable by non-owner (0%o), should be mode 0600"
+msgstr "%s 对非所有者可写(0%o),模式应该为 0600"
+
+#: plugins/sudoers/timestamp.c:353
+#, c-format
+msgid "timestamp too far in the future: %20.20s"
+msgstr "时间戳太超前:%20.20s"
+
+#: plugins/sudoers/timestamp.c:407
+#, c-format
+msgid "unable to remove %s, will reset to the epoch"
+msgstr "无法移除 %s ,将重设为戳记"
+
+#: plugins/sudoers/timestamp.c:414
+#, c-format
+msgid "unable to reset %s to the epoch"
+msgstr "无法将 %s 重设为戳记"
+
+#: plugins/sudoers/toke_util.c:176
+#, c-format
msgid "fill_args: buffer overflow"
msgstr "fill_args:缓存溢出"
-#: plugins/sudoers/visudo.c:188
+#: plugins/sudoers/visudo.c:180
#, c-format
msgid "%s grammar version %d\n"
msgstr "%s 语法版本 %d\n"
-#: plugins/sudoers/visudo.c:252 plugins/sudoers/visudo.c:541
+#: plugins/sudoers/visudo.c:243 plugins/sudoers/visudo.c:533
#, c-format
msgid "press return to edit %s: "
msgstr "按回车键编辑 %s:"
-#: plugins/sudoers/visudo.c:335 plugins/sudoers/visudo.c:341
+#: plugins/sudoers/visudo.c:326 plugins/sudoers/visudo.c:332
#, c-format
msgid "write error"
msgstr "写错误"
-#: plugins/sudoers/visudo.c:423
+#: plugins/sudoers/visudo.c:414
#, c-format
msgid "unable to stat temporary file (%s), %s unchanged"
msgstr "无法 stat 临时文件(%s),%s 未更改"
-#: plugins/sudoers/visudo.c:428
+#: plugins/sudoers/visudo.c:419
#, c-format
msgid "zero length temporary file (%s), %s unchanged"
msgstr "零长度的临时文件(%s),%s 未更改"
-#: plugins/sudoers/visudo.c:434
+#: plugins/sudoers/visudo.c:425
#, c-format
msgid "editor (%s) failed, %s unchanged"
msgstr "编辑器(%s)失败,%s 未更改"
-#: plugins/sudoers/visudo.c:457
+#: plugins/sudoers/visudo.c:448
#, c-format
msgid "%s unchanged"
msgstr "%s 未更改"
-#: plugins/sudoers/visudo.c:486
+#: plugins/sudoers/visudo.c:477
#, c-format
msgid "unable to re-open temporary file (%s), %s unchanged."
msgstr "无法重新打开临时文件(%s),%s 未更改"
-#: plugins/sudoers/visudo.c:496
+#: plugins/sudoers/visudo.c:487
#, c-format
msgid "unabled to parse temporary file (%s), unknown error"
msgstr "无法解析临时文件(%s),未知错误"
-#: plugins/sudoers/visudo.c:534
+#: plugins/sudoers/visudo.c:526
#, c-format
msgid "internal error, unable to find %s in list!"
msgstr "内部错误,在列表中找不到 %s!"
-#: plugins/sudoers/visudo.c:586 plugins/sudoers/visudo.c:595
+#: plugins/sudoers/visudo.c:578 plugins/sudoers/visudo.c:587
#, c-format
msgid "unable to set (uid, gid) of %s to (%u, %u)"
msgstr "无法将 %s 的 (uid, gid) 设为 (%u, %u)"
-#: plugins/sudoers/visudo.c:590 plugins/sudoers/visudo.c:600
+#: plugins/sudoers/visudo.c:582 plugins/sudoers/visudo.c:592
#, c-format
msgid "unable to change mode of %s to 0%o"
msgstr "无法将 %s 的模式更改为 0%o"
-#: plugins/sudoers/visudo.c:617
+#: plugins/sudoers/visudo.c:609
#, c-format
msgid "%s and %s not on the same file system, using mv to rename"
msgstr "%s 和 %s 不在同一个文件系统,使用 mv 进行重命名"
-#: plugins/sudoers/visudo.c:631
+#: plugins/sudoers/visudo.c:623
#, c-format
msgid "command failed: '%s %s %s', %s unchanged"
msgstr "命令失败:“%s %s %s”,%s 未更改"
-#: plugins/sudoers/visudo.c:641
+#: plugins/sudoers/visudo.c:633
#, c-format
msgid "error renaming %s, %s unchanged"
msgstr "重命名 %s 出错,%s 未更改"
-#: plugins/sudoers/visudo.c:704
+#: plugins/sudoers/visudo.c:695
msgid "What now? "
msgstr "现在做什么?"
-#: plugins/sudoers/visudo.c:718
+#: plugins/sudoers/visudo.c:709
msgid ""
"Options are:\n"
" (e)dit sudoers file again\n"
" 退出,不保存对 sudoers 文件的更改(x)\n"
" 退出并将更改保存到 sudoers 文件(危险!)(Q)\n"
-#: plugins/sudoers/visudo.c:759
-#, c-format
-msgid "unable to execute %s"
-msgstr "无法执行 %s"
-
-#: plugins/sudoers/visudo.c:766
+#: plugins/sudoers/visudo.c:757
#, c-format
msgid "unable to run %s"
msgstr "无法运行 %s"
-#: plugins/sudoers/visudo.c:792
+#: plugins/sudoers/visudo.c:783
#, c-format
msgid "%s: wrong owner (uid, gid) should be (%u, %u)\n"
msgstr "%s:错误的所有者(uid, gid),应为 (%u, %u)\n"
-#: plugins/sudoers/visudo.c:799
+#: plugins/sudoers/visudo.c:790
#, c-format
msgid "%s: bad permissions, should be mode 0%o\n"
msgstr "%s:权限不正确,模式应该是 0%o\n"
-#: plugins/sudoers/visudo.c:824
+#: plugins/sudoers/visudo.c:815
#, c-format
msgid "failed to parse %s file, unknown error"
msgstr "解析 %s 文件失败,未知错误"
-#: plugins/sudoers/visudo.c:837
+#: plugins/sudoers/visudo.c:831
#, c-format
msgid "parse error in %s near line %d\n"
msgstr "%s 中第 %d 行附近出现解析错误\n"
-#: plugins/sudoers/visudo.c:840
+#: plugins/sudoers/visudo.c:834
#, c-format
msgid "parse error in %s\n"
msgstr "%s 中出现解析错误\n"
-#: plugins/sudoers/visudo.c:847 plugins/sudoers/visudo.c:852
+#: plugins/sudoers/visudo.c:841 plugins/sudoers/visudo.c:846
#, c-format
msgid "%s: parsed OK\n"
msgstr "%s:解析正确\n"
-#: plugins/sudoers/visudo.c:899
+#: plugins/sudoers/visudo.c:893
#, c-format
msgid "%s busy, try again later"
msgstr "%s 忙,请稍后重试"
-#: plugins/sudoers/visudo.c:943
+#: plugins/sudoers/visudo.c:937
#, c-format
msgid "specified editor (%s) doesn't exist"
msgstr "指定的编辑器(%s)不存在"
-#: plugins/sudoers/visudo.c:966
+#: plugins/sudoers/visudo.c:960
#, c-format
msgid "unable to stat editor (%s)"
msgstr "无法 stat 编辑器(%s)"
-#: plugins/sudoers/visudo.c:1014
+#: plugins/sudoers/visudo.c:1008
#, c-format
msgid "no editor found (editor path = %s)"
msgstr "未找到编辑器(编辑器路径 = %s)"
-#: plugins/sudoers/visudo.c:1108
+#: plugins/sudoers/visudo.c:1100
#, c-format
msgid "Error: cycle in %s_Alias `%s'"
msgstr "错误:在 %s_Alias “%s”中循环"
-#: plugins/sudoers/visudo.c:1109
+#: plugins/sudoers/visudo.c:1101
#, c-format
msgid "Warning: cycle in %s_Alias `%s'"
msgstr "警告:在 %s_Alias “%s”中循环"
-#: plugins/sudoers/visudo.c:1112
+#: plugins/sudoers/visudo.c:1104
#, c-format
msgid "Error: %s_Alias `%s' referenced but not defined"
msgstr "错误:引用了 %s_Alias “%s”但尚未定义"
-#: plugins/sudoers/visudo.c:1113
+#: plugins/sudoers/visudo.c:1105
#, c-format
msgid "Warning: %s_Alias `%s' referenced but not defined"
msgstr "警告:引用了 %s_Alias “%s”但尚未定义"
-#: plugins/sudoers/visudo.c:1248
+#: plugins/sudoers/visudo.c:1240
#, c-format
msgid "%s: unused %s_Alias %s"
msgstr "%s:未使用的 %s_Alias %s"
-#: plugins/sudoers/visudo.c:1304
+#: plugins/sudoers/visudo.c:1302
#, c-format
msgid ""
"%s - safely edit the sudoers file\n"
"%s - 安全地编辑 sudoers 文件\n"
"\n"
-#: plugins/sudoers/visudo.c:1306
+#: plugins/sudoers/visudo.c:1304
msgid ""
"\n"
"Options:\n"
" -s 严格语法检查\n"
" -V 显示版本信息并退出"
-#: toke.l:820
+#: toke.l:886
msgid "too many levels of includes"
msgstr "include 嵌套层数过多"
+#~ msgid "pam_chauthtok: %s"
+#~ msgstr "pam_chauthtok:%s"
+
+#~ msgid "pam_authenticate: %s"
+#~ msgstr "pam_authenticate:%s"
+
+#~ msgid "Password: "
+#~ msgstr "密码:"
+
+#~ msgid "getauid failed"
+#~ msgstr "getauid 失败"
+
+#~ msgid "Unable to dlopen %s: %s"
+#~ msgstr "无法执行 dlopen %s:%s"
+
+#~ msgid "invalid regex: %s"
+#~ msgstr "无效的正则表达式:%s"
+
+#~ msgid ">>> %s: %s near line %d <<<"
+#~ msgstr ">>> %s:%s 在行 %d 附近<<<"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "无法分配内存"
+
+#~ msgid "%s%s: %s"
+#~ msgstr "%s%s:%s"
+
+#~ msgid "unable to set locale to \"%s\", using \"C\""
+#~ msgstr "无法将区域设置为“%s”,将使用“C”"
+
+#~ msgid ""
+#~ " Commands:\n"
+#~ "\t"
+#~ msgstr ""
+#~ " 命令:\n"
+#~ "\t"
+
+#~ msgid ": "
+#~ msgstr ":"
+
+#~ msgid "unable to cache uid %u (%s), already exists"
+#~ msgstr "无法缓存用户 ID %u(%s),已存在"
+
+#~ msgid "unable to cache gid %u (%s), already exists"
+#~ msgstr "无法缓存组 ID %u(%s),已存在"
+
+#~ msgid "unable to execute %s: %s"
+#~ msgstr "无法执行 %s:%s"
+
#~ msgid "internal error, expand_prompt() overflow"
#~ msgstr "内部错误,expand_prompt() 溢出"
#~ msgid "set group on %s"
#~ msgstr "对 %s 设置组"
-#~ msgid "unable to set group on %s"
-#~ msgstr "无法对 %s 设置组"
-
#~ msgid "unable to fix mode on %s"
#~ msgstr "无法对 %s 修正模式"
--- /dev/null
+/*
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <netinet/in.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+
+#include "sudoers.h"
+#include "sudoers_version.h"
+#include "interfaces.h"
+
+/*
+ * Info passed in from the sudo front-end.
+ */
+struct sudoers_policy_open_info {
+ char * const *settings;
+ char * const *user_info;
+ char * const *plugin_args;
+};
+
+/*
+ * Command execution args to be filled in: argv, envp and command info.
+ */
+struct sudoers_exec_args {
+ char ***argv;
+ char ***envp;
+ char ***info;
+};
+
+static int sudo_version;
+static const char *interfaces_string;
+sudo_conv_t sudo_conv;
+const char *path_ldap_conf = _PATH_LDAP_CONF;
+const char *path_ldap_secret = _PATH_LDAP_SECRET;
+
+extern __dso_public struct policy_plugin sudoers_policy;
+
+#ifdef HAVE_BSD_AUTH_H
+extern char *login_style;
+#endif /* HAVE_BSD_AUTH_H */
+
+/*
+ * Deserialize args, settings and user_info arrays.
+ * Fills in struct sudo_user and other common sudoers state.
+ */
+int
+sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group)
+{
+ struct sudoers_policy_open_info *info = v;
+ char * const *cur;
+ const char *p, *groups = NULL;
+ const char *debug_flags = NULL;
+ int flags = 0;
+ debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN)
+
+#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0)
+
+ /* Parse sudo.conf plugin args. */
+ if (info->plugin_args != NULL) {
+ for (cur = info->plugin_args; *cur != NULL; cur++) {
+ if (MATCHES(*cur, "sudoers_file=")) {
+ sudoers_file = *cur + sizeof("sudoers_file=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "sudoers_uid=")) {
+ sudoers_uid = (uid_t) atoi(*cur + sizeof("sudoers_uid=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "sudoers_gid=")) {
+ sudoers_gid = (gid_t) atoi(*cur + sizeof("sudoers_gid=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "sudoers_mode=")) {
+ sudoers_mode = (mode_t) strtol(*cur + sizeof("sudoers_mode=") - 1,
+ NULL, 8);
+ continue;
+ }
+ if (MATCHES(*cur, "ldap_conf=")) {
+ path_ldap_conf = *cur + sizeof("ldap_conf=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "ldap_secret=")) {
+ path_ldap_secret = *cur + sizeof("ldap_secret=") - 1;
+ continue;
+ }
+ }
+ }
+
+ /* Parse command line settings. */
+ user_closefrom = -1;
+ sudo_user.max_groups = -1;
+ for (cur = info->settings; *cur != NULL; cur++) {
+ if (MATCHES(*cur, "closefrom=")) {
+ user_closefrom = atoi(*cur + sizeof("closefrom=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "debug_flags=")) {
+ debug_flags = *cur + sizeof("debug_flags=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "runas_user=")) {
+ *runas_user = *cur + sizeof("runas_user=") - 1;
+ sudo_user.flags |= RUNAS_USER_SPECIFIED;
+ continue;
+ }
+ if (MATCHES(*cur, "runas_group=")) {
+ *runas_group = *cur + sizeof("runas_group=") - 1;
+ sudo_user.flags |= RUNAS_GROUP_SPECIFIED;
+ continue;
+ }
+ if (MATCHES(*cur, "prompt=")) {
+ user_prompt = *cur + sizeof("prompt=") - 1;
+ def_passprompt_override = true;
+ continue;
+ }
+ if (MATCHES(*cur, "set_home=")) {
+ if (atobool(*cur + sizeof("set_home=") - 1) == true)
+ SET(flags, MODE_RESET_HOME);
+ continue;
+ }
+ if (MATCHES(*cur, "preserve_environment=")) {
+ if (atobool(*cur + sizeof("preserve_environment=") - 1) == true)
+ SET(flags, MODE_PRESERVE_ENV);
+ continue;
+ }
+ if (MATCHES(*cur, "run_shell=")) {
+ if (atobool(*cur + sizeof("run_shell=") - 1) == true)
+ SET(flags, MODE_SHELL);
+ continue;
+ }
+ if (MATCHES(*cur, "login_shell=")) {
+ if (atobool(*cur + sizeof("login_shell=") - 1) == true) {
+ SET(flags, MODE_LOGIN_SHELL);
+ def_env_reset = true;
+ }
+ continue;
+ }
+ if (MATCHES(*cur, "implied_shell=")) {
+ if (atobool(*cur + sizeof("implied_shell=") - 1) == true)
+ SET(flags, MODE_IMPLIED_SHELL);
+ continue;
+ }
+ if (MATCHES(*cur, "preserve_groups=")) {
+ if (atobool(*cur + sizeof("preserve_groups=") - 1) == true)
+ SET(flags, MODE_PRESERVE_GROUPS);
+ continue;
+ }
+ if (MATCHES(*cur, "ignore_ticket=")) {
+ if (atobool(*cur + sizeof("ignore_ticket=") - 1) == true)
+ SET(flags, MODE_IGNORE_TICKET);
+ continue;
+ }
+ if (MATCHES(*cur, "noninteractive=")) {
+ if (atobool(*cur + sizeof("noninteractive=") - 1) == true)
+ SET(flags, MODE_NONINTERACTIVE);
+ continue;
+ }
+ if (MATCHES(*cur, "sudoedit=")) {
+ if (atobool(*cur + sizeof("sudoedit=") - 1) == true)
+ SET(flags, MODE_EDIT);
+ continue;
+ }
+ if (MATCHES(*cur, "login_class=")) {
+ login_class = *cur + sizeof("login_class=") - 1;
+ def_use_loginclass = true;
+ continue;
+ }
+#ifdef HAVE_PRIV_SET
+ if (MATCHES(*cur, "runas_privs=")) {
+ def_privs = *cur + sizeof("runas_privs=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "runas_limitprivs=")) {
+ def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1;
+ continue;
+ }
+#endif /* HAVE_PRIV_SET */
+#ifdef HAVE_SELINUX
+ if (MATCHES(*cur, "selinux_role=")) {
+ user_role = *cur + sizeof("selinux_role=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "selinux_type=")) {
+ user_type = *cur + sizeof("selinux_type=") - 1;
+ continue;
+ }
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_BSD_AUTH_H
+ if (MATCHES(*cur, "bsdauth_type=")) {
+ login_style = *cur + sizeof("bsdauth_type=") - 1;
+ continue;
+ }
+#endif /* HAVE_BSD_AUTH_H */
+#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
+ if (MATCHES(*cur, "progname=")) {
+ setprogname(*cur + sizeof("progname=") - 1);
+ continue;
+ }
+#endif
+ if (MATCHES(*cur, "network_addrs=")) {
+ interfaces_string = *cur + sizeof("network_addrs=") - 1;
+ set_interfaces(interfaces_string);
+ continue;
+ }
+ if (MATCHES(*cur, "max_groups=")) {
+ sudo_user.max_groups = atoi(*cur + sizeof("max_groups=") - 1);
+ continue;
+ }
+ }
+
+ for (cur = info->user_info; *cur != NULL; cur++) {
+ if (MATCHES(*cur, "user=")) {
+ user_name = estrdup(*cur + sizeof("user=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "uid=")) {
+ user_uid = (uid_t) atoi(*cur + sizeof("uid=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "gid=")) {
+ p = *cur + sizeof("gid=") - 1;
+ user_gid = (gid_t) atoi(p);
+ continue;
+ }
+ if (MATCHES(*cur, "groups=")) {
+ groups = *cur + sizeof("groups=") - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "cwd=")) {
+ user_cwd = estrdup(*cur + sizeof("cwd=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "tty=")) {
+ user_tty = user_ttypath = estrdup(*cur + sizeof("tty=") - 1);
+ if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+ user_tty += sizeof(_PATH_DEV) - 1;
+ continue;
+ }
+ if (MATCHES(*cur, "host=")) {
+ user_host = user_shost = estrdup(*cur + sizeof("host=") - 1);
+ if ((p = strchr(user_host, '.')))
+ user_shost = estrndup(user_host, (size_t)(p - user_host));
+ continue;
+ }
+ if (MATCHES(*cur, "lines=")) {
+ sudo_user.lines = atoi(*cur + sizeof("lines=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "cols=")) {
+ sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
+ continue;
+ }
+ if (MATCHES(*cur, "sid=")) {
+ sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
+ continue;
+ }
+ }
+ if (user_cwd == NULL)
+ user_cwd = "unknown";
+ if (user_tty == NULL)
+ user_tty = "unknown"; /* user_ttypath remains NULL */
+
+ if (groups != NULL && groups[0] != '\0') {
+ const char *cp;
+ GETGROUPS_T *gids;
+ int ngids;
+
+ /* Count number of groups, including passwd gid. */
+ ngids = 2;
+ for (cp = groups; *cp != '\0'; cp++) {
+ if (*cp == ',')
+ ngids++;
+ }
+
+ /* The first gid in the list is the passwd group gid. */
+ gids = emalloc2(ngids, sizeof(GETGROUPS_T));
+ gids[0] = user_gid;
+ ngids = 1;
+ cp = groups;
+ for (;;) {
+ gids[ngids] = atoi(cp);
+ if (gids[0] != gids[ngids])
+ ngids++;
+ cp = strchr(cp, ',');
+ if (cp == NULL)
+ break;
+ cp++; /* skip over comma */
+ }
+ user_gids = gids;
+ user_ngids = ngids;
+ }
+
+ /* Stash initial umask for later use. */
+ user_umask = umask(SUDO_UMASK);
+ umask(user_umask);
+
+ /* Setup debugging if indicated. */
+ if (debug_flags != NULL) {
+ sudo_debug_init(NULL, debug_flags);
+ for (cur = info->settings; *cur != NULL; cur++)
+ sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);
+ for (cur = info->user_info; *cur != NULL; cur++)
+ sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur);
+ }
+
+#undef MATCHES
+ debug_return_int(flags);
+}
+
+/*
+ * Setup the execution environment.
+ * Builds up the command_info list and sets argv and envp.
+ * Returns 1 on success and -1 on error.
+ */
+int
+sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
+ char *iolog_path, void *v)
+{
+ struct sudoers_exec_args *exec_args = v;
+ char **command_info;
+ int info_len = 0;
+ debug_decl(sudoers_policy_exec_setup, SUDO_DEBUG_PLUGIN)
+
+ /* Increase the length of command_info as needed, it is *not* checked. */
+ command_info = ecalloc(32, sizeof(char **));
+
+ command_info[info_len++] = fmt_string("command", safe_cmnd);
+ if (def_log_input || def_log_output) {
+ if (iolog_path)
+ command_info[info_len++] = iolog_path;
+ if (def_log_input) {
+ command_info[info_len++] = estrdup("iolog_stdin=true");
+ command_info[info_len++] = estrdup("iolog_ttyin=true");
+ }
+ if (def_log_output) {
+ command_info[info_len++] = estrdup("iolog_stdout=true");
+ command_info[info_len++] = estrdup("iolog_stderr=true");
+ command_info[info_len++] = estrdup("iolog_ttyout=true");
+ }
+ if (def_compress_io) {
+ command_info[info_len++] = estrdup("iolog_compress=true");
+ }
+ if (def_maxseq) {
+ easprintf(&command_info[info_len++], "maxseq=%u", def_maxseq);
+ }
+ }
+ if (ISSET(sudo_mode, MODE_EDIT))
+ command_info[info_len++] = estrdup("sudoedit=true");
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+ /* Set cwd to run user's homedir. */
+ command_info[info_len++] = fmt_string("cwd", runas_pw->pw_dir);
+ }
+ if (def_stay_setuid) {
+ easprintf(&command_info[info_len++], "runas_uid=%u",
+ (unsigned int)user_uid);
+ easprintf(&command_info[info_len++], "runas_gid=%u",
+ (unsigned int)user_gid);
+ easprintf(&command_info[info_len++], "runas_euid=%u",
+ (unsigned int)runas_pw->pw_uid);
+ easprintf(&command_info[info_len++], "runas_egid=%u",
+ runas_gr ? (unsigned int)runas_gr->gr_gid :
+ (unsigned int)runas_pw->pw_gid);
+ } else {
+ easprintf(&command_info[info_len++], "runas_uid=%u",
+ (unsigned int)runas_pw->pw_uid);
+ easprintf(&command_info[info_len++], "runas_gid=%u",
+ runas_gr ? (unsigned int)runas_gr->gr_gid :
+ (unsigned int)runas_pw->pw_gid);
+ }
+ if (def_preserve_groups) {
+ command_info[info_len++] = "preserve_groups=true";
+ } else {
+ int i, len;
+ gid_t egid;
+ size_t glsize;
+ char *cp, *gid_list;
+ struct group_list *grlist = sudo_get_grlist(runas_pw);
+
+ /* We reserve an extra spot in the list for the effective gid. */
+ glsize = sizeof("runas_groups=") - 1 +
+ ((grlist->ngids + 1) * (MAX_UID_T_LEN + 1));
+ gid_list = emalloc(glsize);
+ memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1);
+ cp = gid_list + sizeof("runas_groups=") - 1;
+
+ /* On BSD systems the effective gid is the first group in the list. */
+ egid = runas_gr ? (unsigned int)runas_gr->gr_gid :
+ (unsigned int)runas_pw->pw_gid;
+ len = snprintf(cp, glsize - (cp - gid_list), "%u", egid);
+ if (len < 0 || len >= glsize - (cp - gid_list))
+ fatalx(_("internal error, %s overflow"), "runas_groups");
+ cp += len;
+ for (i = 0; i < grlist->ngids; i++) {
+ if (grlist->gids[i] != egid) {
+ len = snprintf(cp, glsize - (cp - gid_list), ",%u",
+ (unsigned int) grlist->gids[i]);
+ if (len < 0 || len >= glsize - (cp - gid_list))
+ fatalx(_("internal error, %s overflow"), "runas_groups");
+ cp += len;
+ }
+ }
+ command_info[info_len++] = gid_list;
+ sudo_grlist_delref(grlist);
+ }
+ if (def_closefrom >= 0)
+ easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom);
+ if (def_noexec)
+ command_info[info_len++] = estrdup("noexec=true");
+ if (def_exec_background)
+ command_info[info_len++] = estrdup("exec_background=true");
+ if (def_set_utmp)
+ command_info[info_len++] = estrdup("set_utmp=true");
+ if (def_use_pty)
+ command_info[info_len++] = estrdup("use_pty=true");
+ if (def_utmp_runas)
+ command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name);
+ if (cmnd_umask != 0777)
+ easprintf(&command_info[info_len++], "umask=0%o", (unsigned int)cmnd_umask);
+#ifdef HAVE_LOGIN_CAP_H
+ if (def_use_loginclass)
+ command_info[info_len++] = fmt_string("login_class", login_class);
+#endif /* HAVE_LOGIN_CAP_H */
+#ifdef HAVE_SELINUX
+ if (user_role != NULL)
+ command_info[info_len++] = fmt_string("selinux_role", user_role);
+ if (user_type != NULL)
+ command_info[info_len++] = fmt_string("selinux_type", user_type);
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_PRIV_SET
+ if (runas_privs != NULL)
+ command_info[info_len++] = fmt_string("runas_privs", runas_privs);
+ if (runas_limitprivs != NULL)
+ command_info[info_len++] = fmt_string("runas_limitprivs", runas_limitprivs);
+#endif /* HAVE_SELINUX */
+
+ /* Fill in exec environment info */
+ *(exec_args->argv) = argv;
+ *(exec_args->envp) = envp;
+ *(exec_args->info) = command_info;
+
+ debug_return_bool(true);
+}
+
+static int
+sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
+ sudo_printf_t plugin_printf, char * const settings[],
+ char * const user_info[], char * const envp[], char * const args[])
+{
+ struct sudoers_policy_open_info info;
+ debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN)
+
+ sudo_version = version;
+ sudo_conv = conversation;
+ sudo_printf = plugin_printf;
+
+ /* Plugin args are only specified for API version 1.2 and higher. */
+ if (sudo_version < SUDO_API_MKVERSION(1, 2))
+ args = NULL;
+
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
+ rewind_perms();
+ fatal_disable_setjmp();
+ debug_return_bool(-1);
+ }
+
+ /* Call the sudoers init function. */
+ info.settings = settings;
+ info.user_info = user_info;
+ info.plugin_args = args;
+ debug_return_bool(sudoers_policy_init(&info, envp));
+}
+
+static void
+sudoers_policy_close(int exit_status, int error_code)
+{
+ debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN)
+
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
+ fatal_disable_setjmp();
+ debug_return;
+ }
+
+ /* We do not currently log the exit status. */
+ if (error_code) {
+ errno = error_code;
+ warning(_("unable to execute %s"), safe_cmnd);
+ }
+
+ /* Close the session we opened in sudoers_policy_init_session(). */
+ if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT))
+ (void)sudo_auth_end_session(runas_pw);
+
+ /* Free remaining references to password and group entries. */
+ /* XXX - move cleanup to function in sudoers.c */
+ sudo_pw_delref(sudo_user.pw);
+ sudo_user.pw = NULL;
+ sudo_pw_delref(runas_pw);
+ runas_pw = NULL;
+ if (runas_gr != NULL) {
+ sudo_gr_delref(runas_gr);
+ runas_gr = NULL;
+ }
+ if (user_group_list != NULL) {
+ sudo_grlist_delref(user_group_list);
+ user_group_list = NULL;
+ }
+ efree(user_gids);
+ user_gids = NULL;
+
+ debug_return;
+}
+
+/*
+ * The init_session function is called before executing the command
+ * and before uid/gid changes occur.
+ * Returns 1 on success, 0 on failure and -1 on error.
+ */
+static int
+sudoers_policy_init_session(struct passwd *pwd, char **user_env[])
+{
+ debug_decl(sudoers_policy_init_session, SUDO_DEBUG_PLUGIN)
+
+ /* user_env is only specified for API version 1.2 and higher. */
+ if (sudo_version < SUDO_API_MKVERSION(1, 2))
+ user_env = NULL;
+
+ if (fatal_setjmp() != 0) {
+ /* called via fatal(), fatalx() or log_fatal() */
+ fatal_disable_setjmp();
+ debug_return_bool(-1);
+ }
+
+ debug_return_bool(sudo_auth_begin_session(pwd, user_env));
+}
+
+static int
+sudoers_policy_check(int argc, char * const argv[], char *env_add[],
+ char **command_infop[], char **argv_out[], char **user_env_out[])
+{
+ struct sudoers_exec_args exec_args;
+ int rval;
+ debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN)
+
+ if (!ISSET(sudo_mode, MODE_EDIT))
+ SET(sudo_mode, MODE_RUN);
+
+ exec_args.argv = argv_out;
+ exec_args.envp = user_env_out;
+ exec_args.info = command_infop;
+
+ rval = sudoers_policy_main(argc, argv, 0, env_add, &exec_args);
+ if (rval == true && sudo_version >= SUDO_API_MKVERSION(1, 3)) {
+ /* Unset close function if we don't need it to avoid extra process. */
+ if (!def_log_input && !def_log_output && !def_use_pty &&
+ !sudo_auth_needs_end_session())
+ sudoers_policy.close = NULL;
+ }
+ debug_return_bool(rval);
+}
+
+static int
+sudoers_policy_validate(void)
+{
+ debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN)
+
+ user_cmnd = "validate";
+ SET(sudo_mode, MODE_VALIDATE);
+
+ debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL));
+}
+
+static void
+sudoers_policy_invalidate(int remove)
+{
+ debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN)
+
+ user_cmnd = "kill";
+ if (fatal_setjmp() == 0) {
+ remove_timestamp(remove);
+ sudoers_cleanup();
+ }
+ fatal_disable_setjmp();
+
+ debug_return;
+}
+
+static int
+sudoers_policy_list(int argc, char * const argv[], int verbose,
+ const char *list_user)
+{
+ int rval;
+ debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN)
+
+ user_cmnd = "list";
+ if (argc)
+ SET(sudo_mode, MODE_CHECK);
+ else
+ SET(sudo_mode, MODE_LIST);
+ if (verbose)
+ long_list = 1;
+ if (list_user) {
+ list_pw = sudo_getpwnam(list_user);
+ if (list_pw == NULL) {
+ warningx(_("unknown user: %s"), list_user);
+ debug_return_bool(-1);
+ }
+ }
+ rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL);
+ if (list_user) {
+ sudo_pw_delref(list_pw);
+ list_pw = NULL;
+ }
+
+ debug_return_bool(rval);
+}
+
+static int
+sudoers_policy_version(int verbose)
+{
+ debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN)
+
+ if (fatal_setjmp() != 0) {
+ /* error recovery via fatal(), fatalx() or log_fatal() */
+ fatal_disable_setjmp();
+ debug_return_bool(-1);
+ }
+
+ sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"),
+ PACKAGE_VERSION);
+ sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers file grammar version %d\n"),
+ SUDOERS_GRAMMAR_VERSION);
+
+ if (verbose) {
+ sudo_printf(SUDO_CONV_INFO_MSG, _("\nSudoers path: %s\n"), sudoers_file);
+#ifdef HAVE_LDAP
+# ifdef _PATH_NSSWITCH_CONF
+ sudo_printf(SUDO_CONV_INFO_MSG, _("nsswitch path: %s\n"), _PATH_NSSWITCH_CONF);
+# endif
+ sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.conf path: %s\n"), path_ldap_conf);
+ sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.secret path: %s\n"), path_ldap_secret);
+#endif
+ dump_auth_methods();
+ dump_defaults();
+ sudo_printf(SUDO_CONV_INFO_MSG, "\n");
+ if (interfaces_string != NULL) {
+ dump_interfaces(interfaces_string);
+ sudo_printf(SUDO_CONV_INFO_MSG, "\n");
+ }
+ }
+ debug_return_bool(true);
+}
+
+static void
+sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook *hook))
+{
+ struct sudo_hook hook;
+
+ memset(&hook, 0, sizeof(hook));
+ hook.hook_version = SUDO_HOOK_VERSION;
+
+ hook.hook_type = SUDO_HOOK_SETENV;
+ hook.hook_fn = sudoers_hook_setenv;
+ register_hook(&hook);
+
+ hook.hook_type = SUDO_HOOK_UNSETENV;
+ hook.hook_fn = sudoers_hook_unsetenv;
+ register_hook(&hook);
+
+ hook.hook_type = SUDO_HOOK_GETENV;
+ hook.hook_fn = sudoers_hook_getenv;
+ register_hook(&hook);
+
+ hook.hook_type = SUDO_HOOK_PUTENV;
+ hook.hook_fn = sudoers_hook_putenv;
+ register_hook(&hook);
+}
+
+__dso_public struct policy_plugin sudoers_policy = {
+ SUDO_POLICY_PLUGIN,
+ SUDO_API_VERSION,
+ sudoers_policy_open,
+ sudoers_policy_close,
+ sudoers_policy_version,
+ sudoers_policy_check,
+ sudoers_policy_list,
+ sudoers_policy_validate,
+ sudoers_policy_invalidate,
+ sudoers_policy_init_session,
+ sudoers_policy_register_hooks
+};
--- /dev/null
+/*
+ * Copyright (c) 1993-1996,1998-2005, 2007-2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudoers.h"
+
+/*
+ * Expand %h and %u escapes in the prompt and pass back the dynamically
+ * allocated result. Returns the same string if there are no escapes.
+ */
+char *
+expand_prompt(const char *old_prompt, const char *user, const char *host)
+{
+ size_t len, n;
+ int subst;
+ const char *p;
+ char *np, *new_prompt, *endp;
+ debug_decl(expand_prompt, SUDO_DEBUG_AUTH)
+
+ /* How much space do we need to malloc for the prompt? */
+ subst = 0;
+ for (p = old_prompt, len = strlen(old_prompt); *p; p++) {
+ if (p[0] =='%') {
+ switch (p[1]) {
+ case 'h':
+ p++;
+ len += strlen(user_shost) - 2;
+ subst = 1;
+ break;
+ case 'H':
+ p++;
+ len += strlen(user_host) - 2;
+ subst = 1;
+ break;
+ case 'p':
+ p++;
+ if (def_rootpw)
+ len += 2;
+ else if (def_targetpw || def_runaspw)
+ len += strlen(runas_pw->pw_name) - 2;
+ else
+ len += strlen(user_name) - 2;
+ subst = 1;
+ break;
+ case 'u':
+ p++;
+ len += strlen(user_name) - 2;
+ subst = 1;
+ break;
+ case 'U':
+ p++;
+ len += strlen(runas_pw->pw_name) - 2;
+ subst = 1;
+ break;
+ case '%':
+ p++;
+ len--;
+ subst = 1;
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ if (subst) {
+ new_prompt = emalloc(++len);
+ endp = new_prompt + len;
+ for (p = old_prompt, np = new_prompt; *p; p++) {
+ if (p[0] =='%') {
+ switch (p[1]) {
+ case 'h':
+ p++;
+ n = strlcpy(np, user_shost, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'H':
+ p++;
+ n = strlcpy(np, user_host, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'p':
+ p++;
+ if (def_rootpw)
+ n = strlcpy(np, "root", np - endp);
+ else if (def_targetpw || def_runaspw)
+ n = strlcpy(np, runas_pw->pw_name, np - endp);
+ else
+ n = strlcpy(np, user_name, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'u':
+ p++;
+ n = strlcpy(np, user_name, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case 'U':
+ p++;
+ n = strlcpy(np, runas_pw->pw_name, np - endp);
+ if (n >= np - endp)
+ goto oflow;
+ np += n;
+ continue;
+ case '%':
+ /* convert %% -> % */
+ p++;
+ break;
+ default:
+ /* no conversion */
+ break;
+ }
+ }
+ *np++ = *p;
+ if (np >= endp)
+ goto oflow;
+ }
+ *np = '\0';
+ } else
+ new_prompt = estrdup(old_prompt);
+
+ debug_return_str(new_prompt);
+
+oflow:
+ /* We pre-allocate enough space, so this should never happen. */
+ fatalx(_("internal error, %s overflow"), "expand_prompt()");
+}
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#ifdef HAVE_SETAUTHDB
# include <usersec.h>
#endif /* HAVE_SETAUTHDB */
-#ifdef HAVE_UTMPX_H
-# include <utmpx.h>
-#else
-# include <utmp.h>
-#endif /* HAVE_UTMPX_H */
-#include <limits.h>
#include <pwd.h>
#include <grp.h>
#include "sudoers.h"
#include "redblack.h"
+#include "pwutil.h"
/*
* The passwd and group caches.
#define cmp_grnam cmp_pwnam
-#define ptr_to_item(p) ((struct cache_item *)((char *)p - offsetof(struct cache_item_##p, p)))
-
-/*
- * Generic cache element.
- */
-struct cache_item {
- unsigned int refcnt;
- /* key */
- union {
- uid_t uid;
- gid_t gid;
- char *name;
- } k;
- /* datum */
- union {
- struct passwd *pw;
- struct group *gr;
- struct group_list *grlist;
- } d;
-};
-
-/*
- * Container structs to simpify size and offset calculations and guarantee
- * proper aligment of struct passwd, group and group_list.
- */
-struct cache_item_pw {
- struct cache_item cache;
- struct passwd pw;
-};
-
-struct cache_item_gr {
- struct cache_item cache;
- struct group gr;
-};
-
-struct cache_item_grlist {
- struct cache_item cache;
- struct group_list grlist;
- /* actually bigger */
-};
-
/*
* Compare by uid.
*/
return strcmp(ci1->k.name, ci2->k.name);
}
-#define FIELD_SIZE(src, name, size) \
-do { \
- if (src->name) { \
- size = strlen(src->name) + 1; \
- total += size; \
- } \
-} while (0)
-
-#define FIELD_COPY(src, dst, name, size) \
-do { \
- if (src->name) { \
- memcpy(cp, src->name, size); \
- dst->name = cp; \
- cp += size; \
- } \
-} while (0)
-
-/*
- * Dynamically allocate space for a struct item plus the key and data
- * elements. If name is non-NULL it is used as the key, else the
- * uid is the key. Fills in datum from struct password.
- */
-static struct cache_item *
-make_pwitem(const struct passwd *pw, const char *name)
-{
- char *cp;
- const char *pw_shell;
- size_t nsize, psize, csize, gsize, dsize, ssize, total;
- struct cache_item_pw *pwitem;
- struct passwd *newpw;
- debug_decl(make_pwitem, SUDO_DEBUG_NSS)
-
- /* If shell field is empty, expand to _PATH_BSHELL. */
- pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
- ? _PATH_BSHELL : pw->pw_shell;
-
- /* Allocate in one big chunk for easy freeing. */
- nsize = psize = csize = gsize = dsize = ssize = 0;
- total = sizeof(*pwitem);
- FIELD_SIZE(pw, pw_name, nsize);
- FIELD_SIZE(pw, pw_passwd, psize);
-#ifdef HAVE_LOGIN_CAP_H
- FIELD_SIZE(pw, pw_class, csize);
-#endif
- FIELD_SIZE(pw, pw_gecos, gsize);
- FIELD_SIZE(pw, pw_dir, dsize);
- /* Treat shell specially since we expand "" -> _PATH_BSHELL */
- ssize = strlen(pw_shell) + 1;
- total += ssize;
- if (name != NULL)
- total += strlen(name) + 1;
-
- /* Allocate space for struct item, struct passwd and the strings. */
- pwitem = ecalloc(1, total);
- newpw = &pwitem->pw;
-
- /*
- * Copy in passwd contents and make strings relative to space
- * at the end of the struct.
- */
- memcpy(newpw, pw, sizeof(*pw));
- cp = (char *)(pwitem + 1);
- FIELD_COPY(pw, newpw, pw_name, nsize);
- FIELD_COPY(pw, newpw, pw_passwd, psize);
-#ifdef HAVE_LOGIN_CAP_H
- FIELD_COPY(pw, newpw, pw_class, csize);
-#endif
- FIELD_COPY(pw, newpw, pw_gecos, gsize);
- FIELD_COPY(pw, newpw, pw_dir, dsize);
- /* Treat shell specially since we expand "" -> _PATH_BSHELL */
- memcpy(cp, pw_shell, ssize);
- newpw->pw_shell = cp;
- cp += ssize;
-
- /* Set key and datum. */
- if (name != NULL) {
- memcpy(cp, name, strlen(name) + 1);
- pwitem->cache.k.name = cp;
- } else {
- pwitem->cache.k.uid = pw->pw_uid;
- }
- pwitem->cache.d.pw = newpw;
- pwitem->cache.refcnt = 1;
-
- debug_return_ptr(&pwitem->cache);
-}
-
void
sudo_pw_addref(struct passwd *pw)
{
#ifdef HAVE_SETAUTHDB
aix_setauthdb(IDtouser(uid));
#endif
- if ((key.d.pw = getpwuid(uid)) != NULL) {
- item = make_pwitem(key.d.pw, NULL);
- if (rbinsert(pwcache_byuid, item) != NULL)
- errorx(1, _("unable to cache uid %u (%s), already exists"),
- (unsigned int) uid, item->d.pw->pw_name);
- } else {
+ item = sudo_make_pwitem(uid, NULL);
+ if (item == NULL) {
item = ecalloc(1, sizeof(*item));
item->refcnt = 1;
item->k.uid = uid;
/* item->d.pw = NULL; */
- if (rbinsert(pwcache_byuid, item) != NULL)
- errorx(1, _("unable to cache uid %u, already exists"),
- (unsigned int) uid);
}
+ if (rbinsert(pwcache_byuid, item) != NULL)
+ fatalx(_("unable to cache uid %u, already exists"),
+ (unsigned int) uid);
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
#ifdef HAVE_SETAUTHDB
aix_setauthdb((char *) name);
#endif
- if ((key.d.pw = getpwnam(name)) != NULL) {
- item = make_pwitem(key.d.pw, name);
- if (rbinsert(pwcache_byname, item) != NULL)
- errorx(1, _("unable to cache user %s, already exists"), name);
- } else {
+ item = sudo_make_pwitem((uid_t)-1, name);
+ if (item == NULL) {
len = strlen(name) + 1;
item = ecalloc(1, sizeof(*item) + len);
item->refcnt = 1;
item->k.name = (char *) item + sizeof(*item);
memcpy(item->k.name, name, len);
/* item->d.pw = NULL; */
- if (rbinsert(pwcache_byname, item) != NULL)
- errorx(1, _("unable to cache user %s, already exists"), name);
}
+ if (rbinsert(pwcache_byname, item) != NULL)
+ fatalx(_("unable to cache user %s, already exists"), name);
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
}
/*
- * Take a user, uid and gid and return a faked up passwd struct.
+ * Take a user, uid, gid, home and shell and return a faked up passwd struct.
+ * If home or shell are NULL default values will be used.
*/
struct passwd *
-sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid)
+sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home,
+ const char *shell)
{
struct cache_item_pw *pwitem;
struct passwd *pw;
struct rbnode *node;
- size_t len, namelen;
+ size_t len, name_len, home_len, shell_len;
int i;
- debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS)
-
- namelen = strlen(user);
- len = sizeof(*pwitem) + namelen + 1 /* pw_name */ +
+ debug_decl(sudo_mkpwent, SUDO_DEBUG_NSS)
+
+ /* Optional arguments. */
+ if (home == NULL)
+ home = "/";
+ if (shell == NULL)
+ shell = _PATH_BSHELL;
+
+ name_len = strlen(user);
+ home_len = strlen(home);
+ shell_len = strlen(shell);
+ len = sizeof(*pwitem) + name_len + 1 /* pw_name */ +
sizeof("*") /* pw_passwd */ + sizeof("") /* pw_gecos */ +
- sizeof("/") /* pw_dir */ + sizeof(_PATH_BSHELL);
+ home_len + 1 /* pw_dir */ + shell_len + 1 /* pw_shell */;
for (i = 0; i < 2; i++) {
pwitem = ecalloc(1, len);
pw->pw_uid = uid;
pw->pw_gid = gid;
pw->pw_name = (char *)(pwitem + 1);
- memcpy(pw->pw_name, user, namelen + 1);
- pw->pw_passwd = pw->pw_name + namelen + 1;
+ memcpy(pw->pw_name, user, name_len + 1);
+ pw->pw_passwd = pw->pw_name + name_len + 1;
memcpy(pw->pw_passwd, "*", 2);
pw->pw_gecos = pw->pw_passwd + 2;
pw->pw_gecos[0] = '\0';
pw->pw_dir = pw->pw_gecos + 1;
- memcpy(pw->pw_dir, "/", 2);
- pw->pw_shell = pw->pw_dir + 2;
- memcpy(pw->pw_shell, _PATH_BSHELL, sizeof(_PATH_BSHELL));
+ memcpy(pw->pw_dir, home, home_len + 1);
+ pw->pw_shell = pw->pw_dir + home_len + 1;
+ memcpy(pw->pw_shell, shell, shell_len + 1);
pwitem->cache.refcnt = 1;
pwitem->cache.d.pw = pw;
if (i == 0) {
- /* Store by uid, overwriting cached version. */
+ /* Store by uid if it doesn't already exist. */
pwitem->cache.k.uid = pw->pw_uid;
if ((node = rbinsert(pwcache_byuid, &pwitem->cache)) != NULL) {
- sudo_pw_delref_item(node->data);
- node->data = &pwitem->cache;
+ /* Already exists, free the item we created. */
+ efree(pwitem);
+ pwitem = (struct cache_item_pw *) node->data;
}
} else {
- /* Store by name, overwriting cached version. */
+ /* Store by name if it doesn't already exist. */
pwitem->cache.k.name = pw->pw_name;
if ((node = rbinsert(pwcache_byname, &pwitem->cache)) != NULL) {
- sudo_pw_delref_item(node->data);
- node->data = &pwitem->cache;
+ /* Already exists, free the item we created. */
+ efree(pwitem);
+ pwitem = (struct cache_item_pw *) node->data;
}
}
}
pwitem->cache.refcnt++;
- debug_return_ptr(pw);
+ debug_return_ptr(&pwitem->pw);
}
/*
uid_t uid;
uid = (uid_t) atoi(user + 1);
- return sudo_fakepwnamid(user, uid, gid);
+ return sudo_mkpwent(user, uid, gid, NULL, NULL);
}
void
return ci1->k.gid - ci2->k.gid;
}
-/*
- * Dynamically allocate space for a struct item plus the key and data
- * elements. If name is non-NULL it is used as the key, else the
- * gid is the key. Fills in datum from struct group.
- */
-static struct cache_item *
-make_gritem(const struct group *gr, const char *name)
-{
- char *cp;
- size_t nsize, psize, nmem, total, len;
- struct cache_item_gr *gritem;
- struct group *newgr;
- debug_decl(make_gritem, SUDO_DEBUG_NSS)
-
- /* Allocate in one big chunk for easy freeing. */
- nsize = psize = nmem = 0;
- total = sizeof(*gritem);
- FIELD_SIZE(gr, gr_name, nsize);
- FIELD_SIZE(gr, gr_passwd, psize);
- if (gr->gr_mem) {
- for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++)
- total += strlen(gr->gr_mem[nmem]) + 1;
- nmem++;
- total += sizeof(char *) * nmem;
- }
- if (name != NULL)
- total += strlen(name) + 1;
-
- gritem = ecalloc(1, total);
-
- /*
- * Copy in group contents and make strings relative to space
- * at the end of the buffer. Note that gr_mem must come
- * immediately after struct group to guarantee proper alignment.
- */
- newgr = &gritem->gr;
- memcpy(newgr, gr, sizeof(*gr));
- cp = (char *)(gritem + 1);
- if (gr->gr_mem) {
- newgr->gr_mem = (char **)cp;
- cp += sizeof(char *) * nmem;
- for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) {
- len = strlen(gr->gr_mem[nmem]) + 1;
- memcpy(cp, gr->gr_mem[nmem], len);
- newgr->gr_mem[nmem] = cp;
- cp += len;
- }
- newgr->gr_mem[nmem] = NULL;
- }
- FIELD_COPY(gr, newgr, gr_passwd, psize);
- FIELD_COPY(gr, newgr, gr_name, nsize);
-
- /* Set key and datum. */
- if (name != NULL) {
- memcpy(cp, name, strlen(name) + 1);
- gritem->cache.k.name = cp;
- } else {
- gritem->cache.k.gid = gr->gr_gid;
- }
- gritem->cache.d.gr = newgr;
- gritem->cache.refcnt = 1;
-
- debug_return_ptr(&gritem->cache);
-}
-
-#ifdef HAVE_UTMPX_H
-# define GROUPNAME_LEN (sizeof((struct utmpx *)0)->ut_user + 1)
-#else
-# ifdef HAVE_STRUCT_UTMP_UT_USER
-# define GROUPNAME_LEN (sizeof((struct utmp *)0)->ut_user + 1)
-# else
-# define GROUPNAME_LEN (sizeof((struct utmp *)0)->ut_name + 1)
-# endif
-#endif /* HAVE_UTMPX_H */
-
-/*
- * Dynamically allocate space for a struct item plus the key and data
- * elements. Fills in datum from the groups and gids arrays.
- */
-static struct cache_item *
-make_grlist_item(const char *user, GETGROUPS_T *gids, int ngids)
-{
- char *cp;
- size_t i, nsize, ngroups, total, len;
- struct cache_item_grlist *grlitem;
- struct group_list *grlist;
- struct group *grp;
- debug_decl(make_grlist_item, SUDO_DEBUG_NSS)
-
-#ifdef HAVE_SETAUTHDB
- aix_setauthdb((char *) user);
-#endif
-
- /* Allocate in one big chunk for easy freeing. */
- nsize = strlen(user) + 1;
- total = sizeof(*grlitem) + nsize;
- total += sizeof(char *) * ngids;
- total += sizeof(gid_t *) * ngids;
- total += GROUPNAME_LEN * ngids;
-
-again:
- grlitem = ecalloc(1, total);
-
- /*
- * Copy in group list and make pointers relative to space
- * at the end of the buffer. Note that the groups array must come
- * immediately after struct group to guarantee proper alignment.
- */
- grlist = &grlitem->grlist;
- cp = (char *)(grlitem + 1);
- grlist->groups = (char **)cp;
- cp += sizeof(char *) * ngids;
- grlist->gids = (gid_t *)cp;
- cp += sizeof(gid_t) * ngids;
-
- /* Set key and datum. */
- memcpy(cp, user, nsize);
- grlitem->cache.k.name = cp;
- grlitem->cache.d.grlist = grlist;
- grlitem->cache.refcnt = 1;
- cp += nsize;
-
- /*
- * Store group IDs.
- */
- for (i = 0; i < ngids; i++)
- grlist->gids[i] = gids[i];
- grlist->ngids = ngids;
-
- /*
- * Resolve and store group names by ID.
- */
- ngroups = 0;
- for (i = 0; i < ngids; i++) {
- if ((grp = sudo_getgrgid(gids[i])) != NULL) {
- len = strlen(grp->gr_name) + 1;
- if (cp - (char *)grlitem + len > total) {
- total += len + GROUPNAME_LEN;
- efree(grlitem);
- sudo_gr_delref(grp);
- goto again;
- }
- memcpy(cp, grp->gr_name, len);
- grlist->groups[ngroups++] = cp;
- cp += len;
- sudo_gr_delref(grp);
- }
- }
- grlist->ngroups = ngroups;
-
-#ifdef HAVE_SETAUTHDB
- aix_restoreauthdb();
-#endif
-
- debug_return_ptr(&grlitem->cache);
-}
-
void
sudo_gr_addref(struct group *gr)
{
/*
* Cache group db entry if it exists or a negative response if not.
*/
- if ((key.d.gr = getgrgid(gid)) != NULL) {
- item = make_gritem(key.d.gr, NULL);
- if (rbinsert(grcache_bygid, item) != NULL)
- errorx(1, _("unable to cache gid %u (%s), already exists"),
- (unsigned int) gid, key.d.gr->gr_name);
- } else {
+ item = sudo_make_gritem(gid, NULL);
+ if (item == NULL) {
item = ecalloc(1, sizeof(*item));
item->refcnt = 1;
item->k.gid = gid;
/* item->d.gr = NULL; */
- if (rbinsert(grcache_bygid, item) != NULL)
- errorx(1, _("unable to cache gid %u, already exists"),
- (unsigned int) gid);
}
+ if (rbinsert(grcache_bygid, item) != NULL)
+ fatalx(_("unable to cache gid %u, already exists"),
+ (unsigned int) gid);
done:
item->refcnt++;
debug_return_ptr(item->d.gr);
/*
* Cache group db entry if it exists or a negative response if not.
*/
- if ((key.d.gr = getgrnam(name)) != NULL) {
- item = make_gritem(key.d.gr, name);
- if (rbinsert(grcache_byname, item) != NULL)
- errorx(1, _("unable to cache group %s, already exists"), name);
- } else {
+ item = sudo_make_gritem((gid_t)-1, name);
+ if (item == NULL) {
len = strlen(name) + 1;
item = ecalloc(1, sizeof(*item) + len);
item->refcnt = 1;
item->k.name = (char *) item + sizeof(*item);
memcpy(item->k.name, name, len);
/* item->d.gr = NULL; */
- if (rbinsert(grcache_byname, item) != NULL)
- errorx(1, _("unable to cache group %s, already exists"), name);
}
+ if (rbinsert(grcache_byname, item) != NULL)
+ fatalx(_("unable to cache group %s, already exists"), name);
done:
item->refcnt++;
debug_return_ptr(item->d.gr);
struct cache_item_gr *gritem;
struct group *gr;
struct rbnode *node;
- size_t len, namelen;
+ size_t len, name_len;
int i;
debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS)
- namelen = strlen(group);
- len = sizeof(*gritem) + namelen + 1;
+ name_len = strlen(group);
+ len = sizeof(*gritem) + name_len + 1;
for (i = 0; i < 2; i++) {
gritem = ecalloc(1, len);
gr = &gritem->gr;
gr->gr_gid = (gid_t) atoi(group + 1);
gr->gr_name = (char *)(gritem + 1);
- memcpy(gr->gr_name, group, namelen + 1);
+ memcpy(gr->gr_name, group, name_len + 1);
gritem->cache.refcnt = 1;
gritem->cache.d.gr = gr;
if (i == 0) {
- /* Store by gid, overwriting cached version. */
+ /* Store by gid if it doesn't already exist. */
gritem->cache.k.gid = gr->gr_gid;
if ((node = rbinsert(grcache_bygid, &gritem->cache)) != NULL) {
- sudo_gr_delref_item(node->data);
- node->data = &gritem->cache;
+ /* Already exists, free the item we created. */
+ efree(gritem);
+ gritem = (struct cache_item_gr *) node->data;
}
} else {
/* Store by name, overwriting cached version. */
gritem->cache.k.name = gr->gr_name;
if ((node = rbinsert(grcache_byname, &gritem->cache)) != NULL) {
- sudo_gr_delref_item(node->data);
- node->data = &gritem->cache;
+ /* Already exists, free the item we created. */
+ efree(gritem);
+ gritem = (struct cache_item_gr *) node->data;
}
}
}
gritem->cache.refcnt++;
- debug_return_ptr(gr);
+ debug_return_ptr(&gritem->gr);
}
void
struct cache_item key, *item;
struct rbnode *node;
size_t len;
- GETGROUPS_T *gids;
- int ngids;
debug_decl(sudo_get_grlist, SUDO_DEBUG_NSS)
key.k.name = pw->pw_name;
}
/*
* Cache group db entry if it exists or a negative response if not.
- * Use gids list from front-end if possible, otherwise getgrouplist().
*/
- if (pw == sudo_user.pw && sudo_user.gids != NULL) {
- gids = user_gids;
- ngids = user_ngids;
- user_gids = NULL;
- user_ngids = 0;
- } else {
-#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
- ngids = (int)sysconf(_SC_NGROUPS_MAX) * 2;
- if (ngids < 0)
-#endif
- ngids = NGROUPS_MAX * 2;
- gids = emalloc2(ngids, sizeof(GETGROUPS_T));
- if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) {
- efree(gids);
- gids = emalloc2(ngids, sizeof(GETGROUPS_T));
- if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) {
- efree(gids);
- debug_return_ptr(NULL);
- }
- }
- }
- if (ngids > 0) {
- if ((item = make_grlist_item(pw->pw_name, gids, ngids)) == NULL)
- errorx(1, "unable to parse group list for %s", pw->pw_name);
- efree(gids);
- if (rbinsert(grlist_cache, item) != NULL)
- errorx(1, "unable to cache group list for %s, already exists",
- pw->pw_name);
- } else {
+ item = sudo_make_grlist_item(pw, NULL, NULL);
+ if (item == NULL) {
/* Should not happen. */
len = strlen(pw->pw_name) + 1;
item = ecalloc(1, sizeof(*item) + len);
item->k.name = (char *) item + sizeof(*item);
memcpy(item->k.name, pw->pw_name, len);
/* item->d.grlist = NULL; */
- if (rbinsert(grlist_cache, item) != NULL)
- errorx(1, "unable to cache group list for %s, already exists",
- pw->pw_name);
}
+ if (rbinsert(grlist_cache, item) != NULL)
+ fatalx(_("unable to cache group list for %s, already exists"),
+ pw->pw_name);
done:
item->refcnt++;
debug_return_ptr(item->d.grlist);
}
+void
+sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids)
+{
+ struct cache_item key, *item;
+ struct rbnode *node;
+ debug_decl(sudo_set_grlist, SUDO_DEBUG_NSS)
+
+ /*
+ * Cache group db entry if it doesn't already exist
+ */
+ key.k.name = pw->pw_name;
+ if ((node = rbfind(grlist_cache, &key)) == NULL) {
+ if ((item = sudo_make_grlist_item(pw, groups, gids)) == NULL)
+ fatalx(_("unable to parse groups for %s"), pw->pw_name);
+ if (rbinsert(grlist_cache, item) != NULL)
+ fatalx(_("unable to cache group list for %s, already exists"),
+ pw->pw_name);
+ }
+ debug_return;
+}
+
bool
user_in_group(struct passwd *pw, const char *group)
{
--- /dev/null
+/*
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDOERS_PWUTIL_H
+#define _SUDOERS_PWUTIL_H
+
+#define ptr_to_item(p) ((struct cache_item *)((char *)p - offsetof(struct cache_item_##p, p)))
+
+/*
+ * Generic cache element.
+ */
+struct cache_item {
+ unsigned int refcnt;
+ /* key */
+ union {
+ uid_t uid;
+ gid_t gid;
+ char *name;
+ } k;
+ /* datum */
+ union {
+ struct passwd *pw;
+ struct group *gr;
+ struct group_list *grlist;
+ } d;
+};
+
+/*
+ * Container structs to simpify size and offset calculations and guarantee
+ * proper aligment of struct passwd, group and group_list.
+ */
+struct cache_item_pw {
+ struct cache_item cache;
+ struct passwd pw;
+};
+
+struct cache_item_gr {
+ struct cache_item cache;
+ struct group gr;
+};
+
+struct cache_item_grlist {
+ struct cache_item cache;
+ struct group_list grlist;
+ /* actually bigger */
+};
+
+struct cache_item *sudo_make_gritem(gid_t gid, const char *group);
+struct cache_item *sudo_make_grlist_item(struct passwd *pw, char * const *groups, char * const *gids);
+struct cache_item *sudo_make_pwitem(uid_t uid, const char *user);
+
+#endif /* _SUDOERS_PWUTIL_H */
--- /dev/null
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <limits.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudoers.h"
+#include "pwutil.h"
+
+#ifndef LOGIN_NAME_MAX
+# ifdef _POSIX_LOGIN_NAME_MAX
+# define LOGIN_NAME_MAX _POSIX_LOGIN_NAME_MAX
+# else
+# define LOGIN_NAME_MAX 9
+# endif
+#endif /* LOGIN_NAME_MAX */
+
+#define FIELD_SIZE(src, name, size) \
+do { \
+ if (src->name) { \
+ size = strlen(src->name) + 1; \
+ total += size; \
+ } \
+} while (0)
+
+#define FIELD_COPY(src, dst, name, size) \
+do { \
+ if (src->name) { \
+ memcpy(cp, src->name, size); \
+ dst->name = cp; \
+ cp += size; \
+ } \
+} while (0)
+
+/*
+ * Dynamically allocate space for a struct item plus the key and data
+ * elements. If name is non-NULL it is used as the key, else the
+ * uid is the key. Fills in datum from struct password.
+ */
+struct cache_item *
+sudo_make_pwitem(uid_t uid, const char *name)
+{
+ char *cp;
+ const char *pw_shell;
+ size_t nsize, psize, csize, gsize, dsize, ssize, total;
+ struct cache_item_pw *pwitem;
+ struct passwd *pw, *newpw;
+ debug_decl(sudo_make_pwitem, SUDO_DEBUG_NSS)
+
+ /* Look up by name or uid. */
+ pw = name ? getpwnam(name) : getpwuid(uid);
+ if (pw == NULL)
+ debug_return_ptr(NULL);
+
+ /* If shell field is empty, expand to _PATH_BSHELL. */
+ pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
+ ? _PATH_BSHELL : pw->pw_shell;
+
+ /* Allocate in one big chunk for easy freeing. */
+ nsize = psize = csize = gsize = dsize = ssize = 0;
+ total = sizeof(*pwitem);
+ FIELD_SIZE(pw, pw_name, nsize);
+ FIELD_SIZE(pw, pw_passwd, psize);
+#ifdef HAVE_LOGIN_CAP_H
+ FIELD_SIZE(pw, pw_class, csize);
+#endif
+ FIELD_SIZE(pw, pw_gecos, gsize);
+ FIELD_SIZE(pw, pw_dir, dsize);
+ /* Treat shell specially since we expand "" -> _PATH_BSHELL */
+ ssize = strlen(pw_shell) + 1;
+ total += ssize;
+ if (name != NULL)
+ total += strlen(name) + 1;
+
+ /* Allocate space for struct item, struct passwd and the strings. */
+ pwitem = ecalloc(1, total);
+ newpw = &pwitem->pw;
+
+ /*
+ * Copy in passwd contents and make strings relative to space
+ * at the end of the struct.
+ */
+ memcpy(newpw, pw, sizeof(*pw));
+ cp = (char *)(pwitem + 1);
+ FIELD_COPY(pw, newpw, pw_name, nsize);
+ FIELD_COPY(pw, newpw, pw_passwd, psize);
+#ifdef HAVE_LOGIN_CAP_H
+ FIELD_COPY(pw, newpw, pw_class, csize);
+#endif
+ FIELD_COPY(pw, newpw, pw_gecos, gsize);
+ FIELD_COPY(pw, newpw, pw_dir, dsize);
+ /* Treat shell specially since we expand "" -> _PATH_BSHELL */
+ memcpy(cp, pw_shell, ssize);
+ newpw->pw_shell = cp;
+ cp += ssize;
+
+ /* Set key and datum. */
+ if (name != NULL) {
+ memcpy(cp, name, strlen(name) + 1);
+ pwitem->cache.k.name = cp;
+ } else {
+ pwitem->cache.k.uid = pw->pw_uid;
+ }
+ pwitem->cache.d.pw = newpw;
+ pwitem->cache.refcnt = 1;
+
+ debug_return_ptr(&pwitem->cache);
+}
+
+/*
+ * Dynamically allocate space for a struct item plus the key and data
+ * elements. If name is non-NULL it is used as the key, else the
+ * gid is the key. Fills in datum from struct group.
+ */
+struct cache_item *
+sudo_make_gritem(gid_t gid, const char *name)
+{
+ char *cp;
+ size_t nsize, psize, nmem, total, len;
+ struct cache_item_gr *gritem;
+ struct group *gr, *newgr;
+ debug_decl(sudo_make_gritem, SUDO_DEBUG_NSS)
+
+ /* Look up by name or gid. */
+ gr = name ? getgrnam(name) : getgrgid(gid);
+ if (gr == NULL)
+ debug_return_ptr(NULL);
+
+ /* Allocate in one big chunk for easy freeing. */
+ nsize = psize = nmem = 0;
+ total = sizeof(*gritem);
+ FIELD_SIZE(gr, gr_name, nsize);
+ FIELD_SIZE(gr, gr_passwd, psize);
+ if (gr->gr_mem) {
+ for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++)
+ total += strlen(gr->gr_mem[nmem]) + 1;
+ nmem++;
+ total += sizeof(char *) * nmem;
+ }
+ if (name != NULL)
+ total += strlen(name) + 1;
+
+ gritem = ecalloc(1, total);
+
+ /*
+ * Copy in group contents and make strings relative to space
+ * at the end of the buffer. Note that gr_mem must come
+ * immediately after struct group to guarantee proper alignment.
+ */
+ newgr = &gritem->gr;
+ memcpy(newgr, gr, sizeof(*gr));
+ cp = (char *)(gritem + 1);
+ if (gr->gr_mem) {
+ newgr->gr_mem = (char **)cp;
+ cp += sizeof(char *) * nmem;
+ for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) {
+ len = strlen(gr->gr_mem[nmem]) + 1;
+ memcpy(cp, gr->gr_mem[nmem], len);
+ newgr->gr_mem[nmem] = cp;
+ cp += len;
+ }
+ newgr->gr_mem[nmem] = NULL;
+ }
+ FIELD_COPY(gr, newgr, gr_passwd, psize);
+ FIELD_COPY(gr, newgr, gr_name, nsize);
+
+ /* Set key and datum. */
+ if (name != NULL) {
+ memcpy(cp, name, strlen(name) + 1);
+ gritem->cache.k.name = cp;
+ } else {
+ gritem->cache.k.gid = gr->gr_gid;
+ }
+ gritem->cache.d.gr = newgr;
+ gritem->cache.refcnt = 1;
+
+ debug_return_ptr(&gritem->cache);
+}
+
+/*
+ * Dynamically allocate space for a struct item plus the key and data
+ * elements. Fills in datum from user_gids or from getgrouplist(3).
+ */
+struct cache_item *
+sudo_make_grlist_item(struct passwd *pw, char * const *unused1,
+ char * const *unused2)
+{
+ char *cp;
+ size_t i, nsize, ngroups, total, len;
+ struct cache_item_grlist *grlitem;
+ struct group_list *grlist;
+ GETGROUPS_T *gids;
+ struct group *grp;
+ int ngids, groupname_len;
+ debug_decl(sudo_make_grlist_item, SUDO_DEBUG_NSS)
+
+ if (pw == sudo_user.pw && sudo_user.gids != NULL) {
+ gids = user_gids;
+ ngids = user_ngids;
+ user_gids = NULL;
+ user_ngids = 0;
+ } else {
+ if (sudo_user.max_groups != -1) {
+ ngids = sudo_user.max_groups;
+ gids = emalloc2(ngids, sizeof(GETGROUPS_T));
+ (void)getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids);
+ } else {
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+ ngids = (int)sysconf(_SC_NGROUPS_MAX) * 2;
+ if (ngids < 0)
+#endif
+ ngids = NGROUPS_MAX * 2;
+ gids = emalloc2(ngids, sizeof(GETGROUPS_T));
+ if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1) {
+ efree(gids);
+ gids = emalloc2(ngids, sizeof(GETGROUPS_T));
+ if (getgrouplist(pw->pw_name, pw->pw_gid, gids, &ngids) == -1)
+ ngids = -1;
+ }
+ }
+ }
+ if (ngids <= 0) {
+ efree(gids);
+ debug_return_ptr(NULL);
+ }
+
+#ifdef HAVE_SETAUTHDB
+ aix_setauthdb((char *) pw->pw_name);
+#endif
+
+#if defined(HAVE_SYSCONF) && defined(_SC_LOGIN_NAME_MAX)
+ groupname_len = MAX((int)sysconf(_SC_LOGIN_NAME_MAX), 32);
+#else
+ groupname_len = MAX(LOGIN_NAME_MAX, 32);
+#endif
+
+ /* Allocate in one big chunk for easy freeing. */
+ nsize = strlen(pw->pw_name) + 1;
+ total = sizeof(*grlitem) + nsize;
+ total += sizeof(char *) * ngids;
+ total += sizeof(gid_t *) * ngids;
+ total += groupname_len * ngids;
+
+again:
+ grlitem = ecalloc(1, total);
+
+ /*
+ * Copy in group list and make pointers relative to space
+ * at the end of the buffer. Note that the groups array must come
+ * immediately after struct group to guarantee proper alignment.
+ */
+ grlist = &grlitem->grlist;
+ cp = (char *)(grlitem + 1);
+ grlist->groups = (char **)cp;
+ cp += sizeof(char *) * ngids;
+ grlist->gids = (gid_t *)cp;
+ cp += sizeof(gid_t) * ngids;
+
+ /* Set key and datum. */
+ memcpy(cp, pw->pw_name, nsize);
+ grlitem->cache.k.name = cp;
+ grlitem->cache.d.grlist = grlist;
+ grlitem->cache.refcnt = 1;
+ cp += nsize;
+
+ /*
+ * Store group IDs.
+ */
+ for (i = 0; i < ngids; i++)
+ grlist->gids[i] = gids[i];
+ grlist->ngids = ngids;
+
+ /*
+ * Resolve and store group names by ID.
+ */
+ ngroups = 0;
+ for (i = 0; i < ngids; i++) {
+ if ((grp = sudo_getgrgid(gids[i])) != NULL) {
+ len = strlen(grp->gr_name) + 1;
+ if (cp - (char *)grlitem + len > total) {
+ total += len + groupname_len;
+ efree(grlitem);
+ sudo_gr_delref(grp);
+ goto again;
+ }
+ memcpy(cp, grp->gr_name, len);
+ grlist->groups[ngroups++] = cp;
+ cp += len;
+ sudo_gr_delref(grp);
+ }
+ }
+ grlist->ngroups = ngroups;
+ efree(gids);
+
+#ifdef HAVE_SETAUTHDB
+ aix_restoreauthdb();
+#endif
+
+ debug_return_ptr(&grlitem->cache);
+}
/*
- * Copyright (c) 2004-2005, 2007, 2009-2011
+ * Copyright (c) 2004-2005, 2007, 2009-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
/*
- * Copyright (c) 2004, 2007, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004, 2007, 2010, 2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_REDBLACK_H
-#define _SUDO_REDBLACK_H
+#ifndef _SUDOERS_REDBLACK_H
+#define _SUDOERS_REDBLACK_H
enum rbcolor {
red,
struct rbtree *rbcreate(int (*)(const void *, const void *));
void rbdestroy(struct rbtree *, void (*)(void *));
-#endif /* _SUDO_REDBLACK_H */
+#endif /* _SUDOERS_REDBLACK_H */
/*
- * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2012-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
# define LINE_MAX 2048
#endif
+__dso_public int main(int argc, char *argv[]);
+
static void
usage(void)
{
handle = dlopen(plugin_path, RTLD_LAZY|RTLD_GLOBAL);
if (handle == NULL)
- errorx2(1, "unable to dlopen %s: %s", plugin_path, dlerror());
+ fatalx_nodebug("unable to dlopen %s: %s", plugin_path, dlerror());
fp = fopen(symbols_file, "r");
if (fp == NULL)
- error2(1, "unable to open %s", symbols_file);
+ fatal_nodebug("unable to open %s", symbols_file);
while (fgets(line, sizeof(line), fp) != NULL) {
ntests++;
*cp = '\0';
sym = dlsym(handle, line);
if (sym == NULL) {
- warningx2("unable to resolve symbol %s: %s", line, dlerror());
+ printf("%s: test %d: unable to resolve symbol %s: %s\n",
+ getprogname(), ntests, line, dlerror());
errors++;
}
}
/*
* Make sure unexported symbols are not available.
*/
+ ntests++;
sym = dlsym(handle, "user_in_group");
if (sym != NULL) {
- warningx2("able to resolve local symbol user_in_group");
+ printf("%s: test %d: able to resolve local symbol user_in_group\n",
+ getprogname(), ntests);
errors++;
}
- ntests++;
dlclose(handle);
- printf("check_symbols: %d tests run, %d errors, %d%% success rate\n",
+ printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(),
ntests, errors, (ntests - errors) * 100 / ntests);
exit(errors);
}
-
-void
-cleanup(int gotsig)
-{
- return;
-}
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#include <pwd.h>
#include <grp.h>
#include <time.h>
struct sudo_user sudo_user;
struct passwd *list_pw;
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
static char sessid[7];
+__dso_public int main(int argc, char *argv[]);
+
static void
usage(void)
{
fp = fopen(argv[1], "r");
if (fp == NULL)
- errorx(1, "unable to open %s", argv[1]);
+ fatalx("unable to open %s", argv[1]);
memset(&pw, 0, sizeof(pw));
memset(&rpw, 0, sizeof(rpw));
tests++;
break;
default:
- errorx(1, "internal error, invalid state %d", state);
+ fatalx("internal error, invalid state %d", state);
}
state = (state + 1) % MAX_STATE;
}
{
memcpy(id, sessid, sizeof(sessid));
}
-
-void
-cleanup(int gotsig)
-{
- return;
-}
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include "error.h"
#include "sudo_plugin.h"
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
-
extern void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);
+__dso_public int main(int argc, char *argv[]);
+
static void
usage(void)
{
fp = fopen(argv[1], "r");
if (fp == NULL)
- errorx(1, "unable to open %s", argv[1]);
+ fatalx("unable to open %s", argv[1]);
/*
* Each test record consists of a log entry on one line and a list of
exit(0);
}
-
-void
-cleanup(int gotsig)
-{
- return;
-}
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <netdb.h>
#define SUDO_ERROR_WRAP 0
#include "parse.h"
#include "interfaces.h"
-static int check_addr_printf(int msg_type, const char *fmt, ...);
-
-/* for match_addr.c */
-struct interface *interfaces;
-sudo_printf_t sudo_printf = check_addr_printf;
-
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
+__dso_public int main(int argc, char *argv[]);
static int
check_addr(char *input)
fp = fopen(argv[1], "r");
if (fp == NULL)
- errorx(1, "unable to open %s", argv[1]);
+ fatalx("unable to open %s", argv[1]);
/*
* Input is in the following format. There are two types of
exit(errors);
}
-
-/* STUB */
-void
-cleanup(int gotsig)
-{
- return;
-}
-
-static int
-check_addr_printf(int msg_type, const char *fmt, ...)
-{
- va_list ap;
- FILE *fp;
-
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- fp = stdout;
- break;
- case SUDO_CONV_ERROR_MSG:
- fp = stderr;
- break;
- default:
- errno = EINVAL;
- return -1;
- }
-
- va_start(ap, fmt);
- vfprintf(fp, fmt, ap);
- va_end(ap);
-
- return 0;
-}
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
+
+#define SUDO_ERROR_WRAP 0
+
+#include "missing.h"
+
+extern size_t base64_decode(const char *str, unsigned char *dst, size_t dsize);
+
+__dso_public int main(int argc, char *argv[]);
+
+struct base64_test {
+ const char *ascii;
+ const char *encoded;
+} test_strings[] = {
+ {
+ "any carnal pleasure.",
+ "YW55IGNhcm5hbCBwbGVhc3VyZS4="
+ },
+ {
+ "any carnal pleasure",
+ "YW55IGNhcm5hbCBwbGVhc3VyZQ=="
+ },
+ {
+ "any carnal pleasur",
+ "YW55IGNhcm5hbCBwbGVhc3Vy"
+ },
+ {
+ "any carnal pleasu",
+ "YW55IGNhcm5hbCBwbGVhc3U="
+ },
+ {
+ "any carnal pleas",
+ "YW55IGNhcm5hbCBwbGVhcw=="
+ }
+};
+
+int
+main(int argc, char *argv[])
+{
+ const int ntests = (sizeof(test_strings) / sizeof(test_strings[0]));
+ int i, errors = 0;
+ char buf[32];
+ size_t len;
+
+ for (i = 0; i < ntests; i++) {
+ len = base64_decode(test_strings[i].encoded, buf, sizeof(buf));
+ buf[len] = '\0';
+ if (strcmp(test_strings[i].ascii, buf) != 0) {
+ fprintf(stderr, "check_base64: expected %s, got %s",
+ test_strings[i].ascii, buf);
+ errors++;
+ }
+ }
+ printf("check_base64: %d tests run, %d errors, %d%% success rate\n",
+ ntests, errors, (ntests - errors) * 100 / ntests);
+ exit(errors);
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
+
+#include "missing.h"
+#include "sha2.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+static struct digest_function {
+ const char *digest_name;
+ const int digest_len;
+ void (*init)(SHA2_CTX *);
+ void (*update)(SHA2_CTX *, const unsigned char *, size_t);
+ void (*final)(unsigned char *, SHA2_CTX *);
+} digest_functions[] = {
+ {
+ "SHA224",
+ SHA224_DIGEST_LENGTH,
+ SHA224Init,
+ SHA224Update,
+ SHA224Final
+ }, {
+ "SHA256",
+ SHA256_DIGEST_LENGTH,
+ SHA256Init,
+ SHA256Update,
+ SHA256Final
+ }, {
+ "SHA384",
+ SHA384_DIGEST_LENGTH,
+ SHA384Init,
+ SHA384Update,
+ SHA384Final
+ }, {
+ "SHA512",
+ SHA512_DIGEST_LENGTH,
+ SHA512Init,
+ SHA512Update,
+ SHA512Final
+ }, {
+ NULL
+ }
+};
+
+int
+main(int argc, char *argv[])
+{
+ SHA2_CTX ctx;
+ int i, j;
+ struct digest_function *func;
+ unsigned char digest[SHA512_DIGEST_LENGTH];
+ static const char hex[] = "0123456789abcdef";
+ unsigned char buf[1000];
+ unsigned const char *test_strings[] = {
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ "0123456789",
+ "12345678901234567890123456789012345678901234567890123456789"
+ "012345678901234567890",
+ };
+
+ for (func = digest_functions; func->digest_name != NULL; func++) {
+ for (i = 0; i < 8; i++) {
+ func->init(&ctx);
+ func->update(&ctx, test_strings[i], strlen(test_strings[i]));
+ func->final(digest, &ctx);
+ printf("%s (\"%s\") = ", func->digest_name, test_strings[i]);
+ for (j = 0; j < func->digest_len; j++) {
+ putchar(hex[digest[j] >> 4]);
+ putchar(hex[digest[j] & 0x0f]);
+ }
+ putchar('\n');
+ }
+
+ /* Simulate a string of a million 'a' characters. */
+ memset(buf, 'a', sizeof(buf));
+ func->init(&ctx);
+ for (i = 0; i < 1000; i++) {
+ func->update(&ctx, buf, sizeof(buf));
+ }
+ func->final(digest, &ctx);
+ printf("%s (one million 'a' characters) = ", func->digest_name);
+ for (j = 0; j < func->digest_len; j++) {
+ putchar(hex[digest[j] >> 4]);
+ putchar(hex[digest[j] & 0x0f]);
+ }
+ putchar('\n');
+ }
+ exit(0);
+}
--- /dev/null
+SHA224 ("") = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f
+SHA224 ("a") = abd37534c7d9a2efb9465de931cd7055ffdb8879563ae98078d6d6d5
+SHA224 ("abc") = 23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7
+SHA224 ("message digest") = 2cb21c83ae2f004de7e81c3c7019cbcb65b71ab656b22d6d0c39b8eb
+SHA224 ("abcdefghijklmnopqrstuvwxyz") = 45a5f72c39c5cff2522eb3429799e49e5f44b356ef926bcf390dccc2
+SHA224 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525
+SHA224 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = bff72b4fcb7d75e5632900ac5f90d219e05e97a7bde72e740db393d9
+SHA224 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = b50aecbe4e9bb0b57bc5f3ae760a8e01db24f203fb3cdcd13148046e
+SHA224 (one million 'a' characters) = 20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67
+SHA256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+SHA256 ("a") = ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb
+SHA256 ("abc") = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
+SHA256 ("message digest") = f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650
+SHA256 ("abcdefghijklmnopqrstuvwxyz") = 71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73
+SHA256 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1
+SHA256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0
+SHA256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e
+SHA256 (one million 'a' characters) = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0
+SHA384 ("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
+SHA384 ("a") = 54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31
+SHA384 ("abc") = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7
+SHA384 ("message digest") = 473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5
+SHA384 ("abcdefghijklmnopqrstuvwxyz") = feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4
+SHA384 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 3391fdddfc8dc7393707a65b1b4709397cf8b1d162af05abfe8f450de5f36bc6b0455a8520bc4e6f5fe95b1fe3c8452b
+SHA384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84
+SHA384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026
+SHA384 (one million 'a' characters) = 9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985
+SHA512 ("") = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+SHA512 ("a") = 1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75
+SHA512 ("abc") = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f
+SHA512 ("message digest") = 107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c
+SHA512 ("abcdefghijklmnopqrstuvwxyz") = 4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1
+SHA512 ("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq") = 204a8fc6dda82f0a0ced7beb8e08a41657c16ef468b228a8279be331a703c33596fd15c13b1b07f9aa1d3bea57789ca031ad85c7a71dd70354ec631238ca3445
+SHA512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894
+SHA512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843
+SHA512 (one million 'a' characters) = e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#define SUDO_ERROR_WRAP 0
+#include "missing.h"
#include "list.h"
#include "parse.h"
#include "toke.h"
#include "sudo_plugin.h"
#include <gram.h>
+__dso_public int main(int argc, char *argv[]);
+
/*
* TODO: test realloc
*/
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
-
-YYSTYPE yylval;
+YYSTYPE sudoerslval;
struct fill_test {
const char *input;
{
if (!fill(input, len))
return -1;
- *resultp = yylval.string;
- return !strcmp(yylval.string, expect);
+ *resultp = sudoerslval.string;
+ return !strcmp(sudoerslval.string, expect);
}
static int
{
if (!fill_cmnd(input, len))
return -1;
- *resultp = yylval.command.cmnd;
- return !strcmp(yylval.command.cmnd, expect);
+ *resultp = sudoerslval.command.cmnd;
+ return !strcmp(sudoerslval.command.cmnd, expect);
}
static int
{
if (!fill_args(input, len, addspace))
return -1;
- *resultp = yylval.command.args;
- return !strcmp(yylval.command.args, expect);
+ *resultp = sudoerslval.command.args;
+ return !strcmp(sudoerslval.command.args, expect);
}
static int
/* STUB */
void
-cleanup(int gotsig)
-{
- return;
-}
-
-/* STUB */
-void
-yyerror(const char *s)
+sudoerserror(const char *s)
{
return;
}
--- /dev/null
+Parses OK.
+
+
+
--- /dev/null
+Parse error in sudoers near line 1.
+
+
+
--- /dev/null
+WORD(5)
+<*>
\ No newline at end of file
--- /dev/null
+user ALL = (ALL)
--- /dev/null
+Parse error in sudoers near line 1.
+
+
+
--- /dev/null
+WORD(5) ALL = ( ALL )
+<*>
\ No newline at end of file
--- /dev/null
+user ALL = (ALL)
\ No newline at end of file
--- /dev/null
+Parse error in sudoers near line 1.
+
+
+
--- /dev/null
+WORD(5) ALL = ( ALL ) <*>
\ No newline at end of file
--- /dev/null
+Cmnd_Alias LS = sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls
+Cmnd_Alias SH = sha256:hOtoe/iK6SlGg7w4BfZBBdSsXjUmTJ5+ts51yjh7vkM= /bin/sh
+
+millert ALL = LS, SH, sha512:srzYEQ2aqzm+it3f74opTMkIImZRLxBARVpb0g9RSouJYdLt7DTRMEY4Ry9NyaOiDoUIplpNjqYH0JMYPVdFnw /bin/kill
--- /dev/null
+Parses OK.
+
+
+Cmnd_Alias LS = /bin/ls
+Cmnd_Alias SH = /bin/sh
+
+millert ALL = LS, SH, /bin/kill
--- /dev/null
+CMNDALIAS ALIAS = SHA224 : DIGEST COMMAND
+CMNDALIAS ALIAS = SHA256 : DIGEST COMMAND
+
+WORD(5) ALL = ALIAS , ALIAS , SHA512 : DIGEST COMMAND
--- /dev/null
+Parses OK.
+
+
+
./testsudoers -g bin root id <<EOF
root ALL = ALL
EOF
+
+exit 0
--- /dev/null
+root ALL = ALL
--- /dev/null
+Parses OK.
+
+Entries for user root:
+
+ALL = ALL
+ host matched
+ runas matched
+ cmnd allowed
+
+Command allowed
--- /dev/null
+#!/bin/sh
+#
+# Test #include facility
+#
+
+MYUID=`\ls -ln $TESTDIR/test2.inc | awk '{print $3}'`
+MYGID=`\ls -ln $TESTDIR/test2.inc | awk '{print $4}'`
+exec 2>&1
+./testsudoers -U $MYUID -G $MYGID root id <<EOF
+#include $TESTDIR/test2.inc
+EOF
+
+exit 0
--- /dev/null
+root ALL = ALL
--- /dev/null
+Parses OK.
+
+Entries for user root:
+
+ALL = ALL
+ host matched
+ runas matched
+ cmnd allowed
+
+Command allowed
--- /dev/null
+#!/bin/sh
+#
+# Test #include facility
+#
+
+MYUID=`\ls -lnd $TESTDIR/test3.d | awk '{print $3}'`
+MYGID=`\ls -lnd $TESTDIR/test3.d | awk '{print $4}'`
+exec 2>&1
+./testsudoers -U $MYUID -G $MYGID root id <<EOF
+#includedir $TESTDIR/test3.d
+EOF
+
+exit 0
--- /dev/null
+testsudoers: test2.inc should be owned by uid 1
+Parse error in sudoers near line 1.
+
+Entries for user root:
+
+Command unmatched
--- /dev/null
+#!/bin/sh
+#
+# Test sudoers owner check
+#
+
+exec 2>&1
+./testsudoers -U 1 root id <<EOF
+#include $TESTDIR/test2.inc
+EOF
+
+exit 0
--- /dev/null
+testsudoers: test5.inc is world writable
+Parse error in sudoers near line 1.
+
+Entries for user root:
+
+Command unmatched
+testsudoers: test5.inc should be owned by gid 4294967295
+Parse error in sudoers near line 1.
+
+Entries for user root:
+
+Command unmatched
--- /dev/null
+#!/bin/sh
+#
+# Test sudoers file mode check
+#
+
+# Create test file
+TESTFILE=`pwd`/regress/testsudoers/test5.inc
+cat >$TESTFILE <<EOF
+root ALL = ALL
+EOF
+
+MYUID=`\ls -ln $TESTFILE | awk '{print $3}'`
+MYGID=`\ls -ln $TESTFILE | awk '{print $4}'`
+exec 2>&1
+
+# Test world writable
+chmod 666 $TESTFILE
+./testsudoers -U $MYUID -G $MYGID root id <<EOF
+#include $TESTFILE
+EOF
+
+# Test group writable
+chmod 664 $TESTFILE
+./testsudoers -U $MYUID -G -1 root id <<EOF
+#include $TESTFILE
+EOF
+
+rm -f $TESTFILE
+exit 0
--- /dev/null
+stdin: parsed OK
--- /dev/null
+#!/bin/sh
+#
+# Sudo Bug 519:
+# Visudo in strict mode reports "parse error" even if there is no error
+#
+
+./visudo -csf - <<EOF
+User_Alias FOO = nobody
+FOO ALL=(ALL) NOPASSWD: ALL
+EOF
+
+exit 0
--- /dev/null
+visudo: Error: cycle in User_Alias `FOO'
--- /dev/null
+#!/bin/sh
+#
+# Test cycle detection
+# Prior to sudo 1.8.6p5 this resulted in a core dump (stack smash)
+# The names of the aliases (or rather their lexical order) is important.
+#
+
+./visudo -csf - <<EOF
+User_Alias YYY = FOO
+User_Alias XXX = nobody
+User_Alias FOO = XXX, YYY
+FOO ALL = ALL
+EOF
+
+exit 0
--- /dev/null
+visudo: Error: unused User_Alias A
+visudo: Error: unused User_Alias B
--- /dev/null
+stdin: parsed OK
--- /dev/null
+#!/bin/sh
+#
+# Sudo Bug 361:
+# Excerises a bug in the redblack tree code.
+#
+
+./visudo -csf - <<EOF
+User_Alias A=a
+User_Alias B=a
+User_Alias C=a
+User_Alias D=a
+User_Alias E=a
+User_Alias F=a
+User_Alias G=a
+User_Alias H=a
+User_Alias I=a
+User_Alias J=a
+User_Alias K=a
+User_Alias L=a
+User_Alias M=a
+
+C ALL=(ALL) ALL
+E ALL=(ALL) ALL
+J ALL=(ALL) ALL
+D ALL=(ALL) ALL
+L ALL=(ALL) ALL
+H ALL=(ALL) ALL
+F ALL=(ALL) ALL
+G ALL=(ALL) ALL
+M ALL=(ALL) ALL
+K ALL=(ALL) ALL
+I ALL=(ALL) ALL
+EOF
+
+exit 0
--- /dev/null
+stdin: parsed OK
--- /dev/null
+#!/bin/sh
+#
+# Test cycle detection and duplicate entries.
+# Prior to sudo 1.8.7 this resulted in a false positive.
+#
+
+./visudo -csf - <<EOF
+Host_Alias H1 = host1
+Host_Alias H2 = H1, host2
+Host_Alias H3 = H1, H2
+root H3 = ALL
+EOF
+
+exit 0
/*
- * Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
/* Stash initial state */
#ifdef HAVE_GETRESUID
if (getresuid(&state->ruid, &state->euid, &state->suid)) {
- strlcpy(errbuf, "PERM_INITIAL: getresuid", sizeof(errbuf));
+ errstr = "PERM_INITIAL: getresuid";
goto bad;
}
if (getresgid(&state->rgid, &state->egid, &state->sgid)) {
- strlcpy(errbuf, "PERM_INITIAL: getresgid", sizeof(errbuf));
+ errstr = "PERM_INITIAL: getresgid";
goto bad;
}
#else
goto bad;
}
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
state->sgid = ostate->sgid;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+ (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+ (int)state->rgid, (int)state->egid, (int)state->sgid);
+ if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid,
(int)state->ruid, (int)state->euid, (int)state->suid);
if (UID_CHANGED && setresuid(ID(ruid), ID(euid), ID(suid))) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setresgid(ID(rgid), ID(egid), ID(sgid))) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
goto bad;
}
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
state->sgid = ostate->sgid;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d, %d] -> [%d, %d, %d]", __func__,
+ (int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
+ (int)state->rgid, (int)state->egid, (int)state->sgid);
+ if (GID_CHANGED && setgidx(ID_EFFECTIVE, ROOT_GID)) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setgidx(ID_EFFECTIVE, state->egid)) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
(int)ostate->ruid, (int)ostate->euid, (int)ostate->suid,
(int)state->ruid, (int)state->euid, (int)state->suid);
if (UID_CHANGED && setuidx(ID_EFFECTIVE, state->euid)) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
(int)ostate->rgid, (int)ostate->egid, (int)ostate->sgid,
(int)state->rgid, (int)state->egid, (int)state->sgid);
if (GID_CHANGED && setgidx(ID_EFFECTIVE, sudoers_gid)) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
}
}
state->rgid = ostate->rgid;
- state->egid = ostate->rgid;
+ state->egid = ROOT_GID;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+ (int)ostate->egid, (int)state->rgid, (int)state->egid);
+ if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
+ snprintf(errbuf, sizeof(errbuf),
+ "PERM_ROOT: setregid(%d, %d)", ID(rgid), ID(egid));
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid,
(int)ostate->euid, (int)state->ruid, (int)state->euid);
if (UID_CHANGED && setreuid(ID(ruid), ID(euid))) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setregid(ID(rgid), ID(egid))) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
if (OID(euid) == ROOT_UID) {
/* setuid() may not set the saved ID unless the euid is ROOT_UID */
if (ID(euid) != ROOT_UID)
- (void)setreuid(-1, ROOT_UID);
+ ignore_result(setreuid(-1, ROOT_UID));
if (setuid(ROOT_UID)) {
warning("setuid() [%d, %d] -> %d)", (int)state->ruid,
(int)state->euid, ROOT_UID);
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
state->ruid = ROOT_UID;
state->euid = ROOT_UID;
state->rgid = ostate->rgid;
- state->egid = ostate->egid;
+ state->egid = ROOT_GID;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
+ (int)ostate->egid, ROOT_GID, ROOT_GID);
+ if (GID_CHANGED && setegid(ROOT_GID)) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
break;
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_USER: setgroups";
goto bad;
}
}
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setegid(state->egid)) {
- strlcpy(errbuf, _("unable to change to runas gid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas gid");
goto bad;
}
state->grlist = runas_setgroups();
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->ruid,
(int)ostate->euid, (int)state->ruid, (int)state->euid);
if (seteuid(state->euid)) {
- strlcpy(errbuf, _("unable to change to runas uid"), sizeof(errbuf));
+ errstr = N_("unable to change to runas uid");
goto bad;
}
break;
"[%d, %d] -> [%d, %d]", __func__, (int)ostate->rgid,
(int)ostate->egid, (int)state->rgid, (int)state->egid);
if (GID_CHANGED && setegid(sudoers_gid)) {
- strlcpy(errbuf, _("unable to change to sudoers gid"), sizeof(errbuf));
+ errstr = N_("unable to change to sudoers gid");
goto bad;
}
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
{
struct perm_state *state, *ostate = NULL;
char errbuf[1024];
+ const char *errstr = errbuf;
int noexit;
debug_decl(set_perms, SUDO_DEBUG_PERMS)
CLR(perm, PERM_MASK);
if (perm_stack_depth == PERM_STACK_MAX) {
- strlcpy(errbuf, _("perm stack overflow"), sizeof(errbuf));
+ errstr = N_("perm stack overflow");
errno = EINVAL;
goto bad;
}
state = &perm_stack[perm_stack_depth];
if (perm != PERM_INITIAL) {
if (perm_stack_depth == 0) {
- strlcpy(errbuf, _("perm stack underflow"), sizeof(errbuf));
+ errstr = N_("perm stack underflow");
errno = EINVAL;
goto bad;
}
case PERM_ROOT:
state->ruid = ROOT_UID;
- state->rgid = ostate->rgid;
+ state->rgid = ROOT_GID;
state->grlist = ostate->grlist;
sudo_grlist_addref(state->grlist);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
snprintf(errbuf, sizeof(errbuf), "PERM_ROOT: setuid(%d)", ROOT_UID);
goto bad;
}
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ "[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
+ if (setgid(ROOT_GID)) {
+ errstr = N_("unable to change to root gid");
+ goto bad;
+ }
break;
case PERM_FULL_USER:
state->rgid = user_gid;
- sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: gid: "
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: gid: "
"[%d] -> [%d]", __func__, (int)ostate->rgid, (int)state->rgid);
(void) setgid(user_gid);
state->grlist = user_group_list;
sudo_grlist_addref(state->grlist);
if (state->grlist != ostate->grlist) {
if (sudo_setgroups(state->grlist->ngids, state->grlist->gids)) {
- strlcpy(errbuf, "PERM_FULL_USER: setgroups", sizeof(errbuf));
+ errstr = "PERM_FULL_USER: setgroups";
goto bad;
}
}
state->ruid = user_uid;
- sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_ROOT: uid: "
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s: PERM_FULL_USER: uid: "
"[%d] -> [%d]", __func__, (int)ostate->ruid, (int)state->ruid);
if (setuid(user_uid)) {
snprintf(errbuf, sizeof(errbuf),
perm_stack_depth++;
debug_return_bool(1);
bad:
- warningx("%s: %s", errbuf,
+ warningx("%s: %s", _(errstr),
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
debug_return_bool(0);
aix_restoreauthdb();
#endif
if (sudo_setgroups(grlist->ngids, grlist->gids) < 0)
- log_fatal(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector"));
+ log_fatal(USE_ERRNO|MSG_ONLY, N_("unable to set runas group vector"));
debug_return_ptr(grlist);
}
#endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512
+ * as per FIPS 180-4: Secure Hash Standard (SHS)
+ * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
+ *
+ * Derived from the public domain SHA-1 and SHA-2 implementations
+ * by Steve Reid and Wei Dai respectively.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
+#if defined(HAVE_ENDIAN_H)
+# include <endian.h>
+#elif defined(HAVE_SYS_ENDIAN_H)
+# include <sys/endian.h>
+#elif defined(HAVE_MACHINE_ENDIAN_H)
+# include <machine/endian.h>
+#else
+# include "compat/endian.h"
+#endif
+
+#include "sha2.h"
+
+/*
+ * SHA-2 operates on 32-bit and 64-bit words in big endian byte order.
+ * The following macros convert between character arrays and big endian words.
+ */
+#define BE8TO32(x, y) do { \
+ (x) = (((uint32_t)((y)[0] & 255) << 24) | \
+ ((uint32_t)((y)[1] & 255) << 16) | \
+ ((uint32_t)((y)[2] & 255) << 8) | \
+ ((uint32_t)((y)[3] & 255))); \
+} while (0)
+
+#define BE8TO64(x, y) do { \
+ (x) = (((uint64_t)((y)[0] & 255) << 56) | \
+ ((uint64_t)((y)[1] & 255) << 48) | \
+ ((uint64_t)((y)[2] & 255) << 40) | \
+ ((uint64_t)((y)[3] & 255) << 32) | \
+ ((uint64_t)((y)[4] & 255) << 24) | \
+ ((uint64_t)((y)[5] & 255) << 16) | \
+ ((uint64_t)((y)[6] & 255) << 8) | \
+ ((uint64_t)((y)[7] & 255))); \
+} while (0)
+
+#define BE32TO8(x, y) do { \
+ (x)[0] = (uint8_t)(((y) >> 24) & 255); \
+ (x)[1] = (uint8_t)(((y) >> 16) & 255); \
+ (x)[2] = (uint8_t)(((y) >> 8) & 255); \
+ (x)[3] = (uint8_t)((y) & 255); \
+} while (0)
+
+#define BE64TO8(x, y) do { \
+ (x)[0] = (uint8_t)(((y) >> 56) & 255); \
+ (x)[1] = (uint8_t)(((y) >> 48) & 255); \
+ (x)[2] = (uint8_t)(((y) >> 40) & 255); \
+ (x)[3] = (uint8_t)(((y) >> 32) & 255); \
+ (x)[4] = (uint8_t)(((y) >> 24) & 255); \
+ (x)[5] = (uint8_t)(((y) >> 16) & 255); \
+ (x)[6] = (uint8_t)(((y) >> 8) & 255); \
+ (x)[7] = (uint8_t)((y) & 255); \
+} while (0)
+
+#define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x)
+
+#define blk0(i) (W[i])
+#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
+
+#define Ch(x,y,z) (z^(x&(y^z)))
+#define Maj(x,y,z) (y^((x^y)&(y^z)))
+
+#define a(i) T[(0-i)&7]
+#define b(i) T[(1-i)&7]
+#define c(i) T[(2-i)&7]
+#define d(i) T[(3-i)&7]
+#define e(i) T[(4-i)&7]
+#define f(i) T[(5-i)&7]
+#define g(i) T[(6-i)&7]
+#define h(i) T[(7-i)&7]
+
+extern void zero_bytes(volatile void *, size_t);
+
+void
+SHA224Init(SHA2_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->state.st32[0] = 0xc1059ed8UL;
+ ctx->state.st32[1] = 0x367cd507UL;
+ ctx->state.st32[2] = 0x3070dd17UL;
+ ctx->state.st32[3] = 0xf70e5939UL;
+ ctx->state.st32[4] = 0xffc00b31UL;
+ ctx->state.st32[5] = 0x68581511UL;
+ ctx->state.st32[6] = 0x64f98fa7UL;
+ ctx->state.st32[7] = 0xbefa4fa4UL;
+}
+
+void
+SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH])
+{
+ SHA256Transform(state, buffer);
+}
+
+void
+SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
+{
+ SHA256Update(ctx, data, len);
+}
+
+void
+SHA224Pad(SHA2_CTX *ctx)
+{
+ SHA256Pad(ctx);
+}
+
+void
+SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx)
+{
+ SHA256Pad(ctx);
+ if (digest != NULL) {
+#if BYTE_ORDER == BIG_ENDIAN
+ memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH);
+#else
+ unsigned int i;
+
+ for (i = 0; i < 7; i++)
+ BE32TO8(digest + (i * 4), ctx->state.st32[i]);
+#endif
+ memset(ctx, 0, sizeof(*ctx));
+ }
+}
+
+static const uint32_t SHA256_K[64] = {
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+void
+SHA256Init(SHA2_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->state.st32[0] = 0x6a09e667UL;
+ ctx->state.st32[1] = 0xbb67ae85UL;
+ ctx->state.st32[2] = 0x3c6ef372UL;
+ ctx->state.st32[3] = 0xa54ff53aUL;
+ ctx->state.st32[4] = 0x510e527fUL;
+ ctx->state.st32[5] = 0x9b05688cUL;
+ ctx->state.st32[6] = 0x1f83d9abUL;
+ ctx->state.st32[7] = 0x5be0cd19UL;
+}
+
+/* Round macros for SHA256 */
+#define R(i) do { \
+ h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \
+ d(i)+=h(i); \
+ h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
+} while (0)
+
+#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
+#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
+#define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
+#define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
+
+void
+SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH])
+{
+ uint32_t W[16];
+ uint32_t T[8];
+ unsigned int j;
+
+ /* Copy context state to working vars. */
+ memcpy(T, state, sizeof(T));
+ /* Copy data to W in big endian format. */
+#if BYTE_ORDER == BIG_ENDIAN
+ memcpy(W, data, sizeof(W));
+#else
+ for (j = 0; j < 16; j++) {
+ BE8TO32(W[j], data);
+ data += 4;
+ }
+#endif
+ /* 64 operations, partially loop unrolled. */
+ for (j = 0; j < 64; j += 16)
+ {
+ R( 0); R( 1); R( 2); R( 3);
+ R( 4); R( 5); R( 6); R( 7);
+ R( 8); R( 9); R(10); R(11);
+ R(12); R(13); R(14); R(15);
+ }
+ /* Add the working vars back into context state. */
+ state[0] += a(0);
+ state[1] += b(0);
+ state[2] += c(0);
+ state[3] += d(0);
+ state[4] += e(0);
+ state[5] += f(0);
+ state[6] += g(0);
+ state[7] += h(0);
+ /* Cleanup */
+ zero_bytes(T, sizeof(T));
+ zero_bytes(W, sizeof(W));
+}
+
+#undef S0
+#undef S1
+#undef s0
+#undef s1
+#undef R
+
+void
+SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
+{
+ size_t i = 0, j;
+
+ j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1));
+ ctx->count[0] += (len << 3);
+ if ((j + len) > SHA256_BLOCK_LENGTH - 1) {
+ memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j));
+ SHA256Transform(ctx->state.st32, ctx->buffer);
+ for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH)
+ SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]);
+ j = 0;
+ }
+ memcpy(&ctx->buffer[j], &data[i], len - i);
+}
+
+void
+SHA256Pad(SHA2_CTX *ctx)
+{
+ uint8_t finalcount[8];
+
+ /* Store unpadded message length in bits in big endian format. */
+ BE64TO8(finalcount, ctx->count[0]);
+
+ /* Append a '1' bit (0x80) to the message. */
+ SHA256Update(ctx, (uint8_t *)"\200", 1);
+
+ /* Pad message such that the resulting length modulo 512 is 448. */
+ while ((ctx->count[0] & 504) != 448)
+ SHA256Update(ctx, (uint8_t *)"\0", 1);
+
+ /* Append length of message in bits and do final SHA256Transform(). */
+ SHA256Update(ctx, finalcount, sizeof(finalcount));
+}
+
+void
+SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx)
+{
+ SHA256Pad(ctx);
+ if (digest != NULL) {
+#if BYTE_ORDER == BIG_ENDIAN
+ memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH);
+#else
+ unsigned int i;
+
+ for (i = 0; i < 8; i++)
+ BE32TO8(digest + (i * 4), ctx->state.st32[i]);
+#endif
+ memset(ctx, 0, sizeof(*ctx));
+ }
+}
+
+void
+SHA384Init(SHA2_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL;
+ ctx->state.st64[1] = 0x629a292a367cd507ULL;
+ ctx->state.st64[2] = 0x9159015a3070dd17ULL;
+ ctx->state.st64[3] = 0x152fecd8f70e5939ULL;
+ ctx->state.st64[4] = 0x67332667ffc00b31ULL;
+ ctx->state.st64[5] = 0x8eb44a8768581511ULL;
+ ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL;
+ ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL;
+}
+
+void
+SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH])
+{
+ SHA512Transform(state, data);
+}
+
+void
+SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
+{
+ SHA512Update(ctx, data, len);
+}
+
+void
+SHA384Pad(SHA2_CTX *ctx)
+{
+ SHA512Pad(ctx);
+}
+
+void
+SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx)
+{
+ SHA384Pad(ctx);
+ if (digest != NULL) {
+#if BYTE_ORDER == BIG_ENDIAN
+ memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH);
+#else
+ unsigned int i;
+
+ for (i = 0; i < 6; i++)
+ BE64TO8(digest + (i * 8), ctx->state.st64[i]);
+#endif
+ memset(ctx, 0, sizeof(*ctx));
+ }
+}
+
+static const uint64_t SHA512_K[80] = {
+ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
+ 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+ 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+ 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+ 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+ 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+ 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
+ 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+ 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+ 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+ 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
+ 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+ 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
+ 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+ 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+ 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
+ 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+ 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
+ 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+ 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+ 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+ 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
+ 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+ 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+ 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+ 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+ 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+ 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
+ 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
+ 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+ 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+ 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+ 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+ 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+ 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
+ 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+ 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+ 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+void
+SHA512Init(SHA2_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(*ctx));
+ ctx->state.st64[0] = 0x6a09e667f3bcc908ULL;
+ ctx->state.st64[1] = 0xbb67ae8584caa73bULL;
+ ctx->state.st64[2] = 0x3c6ef372fe94f82bULL;
+ ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL;
+ ctx->state.st64[4] = 0x510e527fade682d1ULL;
+ ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL;
+ ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL;
+ ctx->state.st64[7] = 0x5be0cd19137e2179ULL;
+}
+
+/* Round macros for SHA512 */
+#define R(i) do { \
+ h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \
+ d(i)+=h(i); \
+ h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
+} while (0)
+
+#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
+#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
+#define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
+#define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
+
+void
+SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH])
+{
+ uint64_t W[16];
+ uint64_t T[8];
+ unsigned int j;
+
+ /* Copy context state to working vars. */
+ memcpy(T, state, sizeof(T));
+ /* Copy data to W in big endian format. */
+#if BYTE_ORDER == BIG_ENDIAN
+ memcpy(W, data, sizeof(W));
+#else
+ for (j = 0; j < 16; j++) {
+ BE8TO64(W[j], data);
+ data += 8;
+ }
+#endif
+ /* 80 operations, partially loop unrolled. */
+ for (j = 0; j < 80; j += 16)
+ {
+ R( 0); R( 1); R( 2); R( 3);
+ R( 4); R( 5); R( 6); R( 7);
+ R( 8); R( 9); R(10); R(11);
+ R(12); R(13); R(14); R(15);
+ }
+ /* Add the working vars back into context state. */
+ state[0] += a(0);
+ state[1] += b(0);
+ state[2] += c(0);
+ state[3] += d(0);
+ state[4] += e(0);
+ state[5] += f(0);
+ state[6] += g(0);
+ state[7] += h(0);
+ /* Cleanup. */
+ zero_bytes(T, sizeof(T));
+ zero_bytes(W, sizeof(W));
+}
+
+void
+SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
+{
+ size_t i = 0, j;
+
+ j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1));
+ ctx->count[0] += (len << 3);
+ if (ctx->count[0] < (len << 3))
+ ctx->count[1]++;
+ if ((j + len) > SHA512_BLOCK_LENGTH - 1) {
+ memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j));
+ SHA512Transform(ctx->state.st64, ctx->buffer);
+ for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH)
+ SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]);
+ j = 0;
+ }
+ memcpy(&ctx->buffer[j], &data[i], len - i);
+}
+
+void
+SHA512Pad(SHA2_CTX *ctx)
+{
+ uint8_t finalcount[16];
+
+ /* Store unpadded message length in bits in big endian format. */
+ BE64TO8(finalcount, ctx->count[1]);
+ BE64TO8(finalcount + 8, ctx->count[0]);
+
+ /* Append a '1' bit (0x80) to the message. */
+ SHA512Update(ctx, (uint8_t *)"\200", 1);
+
+ /* Pad message such that the resulting length modulo 1024 is 896. */
+ while ((ctx->count[0] & 1008) != 896)
+ SHA512Update(ctx, (uint8_t *)"\0", 1);
+
+ /* Append length of message in bits and do final SHA512Transform(). */
+ SHA512Update(ctx, finalcount, sizeof(finalcount));
+}
+
+void
+SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx)
+{
+ SHA512Pad(ctx);
+ if (digest != NULL) {
+#if BYTE_ORDER == BIG_ENDIAN
+ memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH);
+#else
+ unsigned int i;
+
+ for (i = 0; i < 8; i++)
+ BE64TO8(digest + (i * 8), ctx->state.st64[i]);
+#endif
+ memset(ctx, 0, sizeof(*ctx));
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Derived from the public domain SHA-1 and SHA-2 implementations
+ * by Steve Reid and Wei Dai respectively.
+ */
+
+#ifndef _SUDOERS_SHA2_H
+#define _SUDOERS_SHA2_H
+
+#define SHA224_BLOCK_LENGTH 64
+#define SHA224_DIGEST_LENGTH 28
+#define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1)
+
+#define SHA256_BLOCK_LENGTH 64
+#define SHA256_DIGEST_LENGTH 32
+#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1)
+
+#define SHA384_BLOCK_LENGTH 128
+#define SHA384_DIGEST_LENGTH 48
+#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1)
+
+#define SHA512_BLOCK_LENGTH 128
+#define SHA512_DIGEST_LENGTH 64
+#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1)
+
+typedef struct {
+ union {
+ uint32_t st32[8]; /* sha224 and sha256 */
+ uint64_t st64[8]; /* sha384 and sha512 */
+ } state;
+ uint64_t count[2];
+ uint8_t buffer[SHA512_BLOCK_LENGTH];
+} SHA2_CTX;
+
+void SHA224Init(SHA2_CTX *ctx);
+void SHA224Pad(SHA2_CTX *ctx);
+void SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH]);
+void SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+void SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx);
+
+void SHA256Init(SHA2_CTX *ctx);
+void SHA256Pad(SHA2_CTX *ctx);
+void SHA256Transform(uint32_t state[8], const uint8_t buffer[SHA256_BLOCK_LENGTH]);
+void SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+void SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx);
+
+void SHA384Init(SHA2_CTX *ctx);
+void SHA384Pad(SHA2_CTX *ctx);
+void SHA384Transform(uint64_t state[8], const uint8_t buffer[SHA384_BLOCK_LENGTH]);
+void SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+void SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx);
+
+void SHA512Init(SHA2_CTX *ctx);
+void SHA512Pad(SHA2_CTX *ctx);
+void SHA512Transform(uint64_t state[8], const uint8_t buffer[SHA512_BLOCK_LENGTH]);
+void SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len);
+void SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx);
+
+#endif /* _SUDOERS_SHA2_H */
/*
- * Copyright (c) 2003-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2003-2013 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2011 Daniel Kopecek <dkopecek@redhat.com>
*
* This code is derived from software contributed by Aaron Spangler.
#include <sys/types.h>
#include <sys/time.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
sudo_debug_printf(SUDO_DEBUG_DEBUG,
"reallocating result: %p (count: %u -> %u)", out_res->rules,
in_res->num_rules, l);
- out_res->rules = erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule));
+ if (l > 0) {
+ out_res->rules =
+ erealloc3(out_res->rules, l, sizeof(struct sss_sudo_rule));
+ } else {
+ efree(out_res->rules);
+ out_res->rules = NULL;
+ }
}
out_res->num_rules = l;
/* Load symbols */
handle->ssslib = dlopen(path, RTLD_LAZY);
if (handle->ssslib == NULL) {
- warningx(_("Unable to dlopen %s: %s"), path, dlerror());
- warningx(_("Unable to initialize SSS source. Is SSSD installed on your machine?"));
+ warningx(_("unable to dlopen %s: %s"), path, dlerror());
+ warningx(_("unable to initialize SSS source. Is SSSD installed on your machine?"));
debug_return_int(EFAULT);
}
if (sss_error == ENOENT) {
sudo_debug_printf(SUDO_DEBUG_INFO, "The user was not found in SSSD.");
- debug_return_int(-1);
+ debug_return_int(0);
} else if(sss_error != 0) {
sudo_debug_printf(SUDO_DEBUG_INFO, "sss_error=%u\n", sss_error);
debug_return_int(-1);
/* FALLTHROUGH */
sudo_debug_printf(SUDO_DEBUG_DEBUG, "FALLTHROUGH");
default:
- if (strcasecmp(val, runas_pw->pw_name) == 0) {
+ if (userpw_matches(val, runas_pw->pw_name, runas_pw)) {
sudo_debug_printf(SUDO_DEBUG_DEBUG,
"%s == %s (pw_name) => match", val, runas_pw->pw_name);
ret = true;
debug_return_int(ret);
}
+/*
+ * If a digest prefix is present, fills in struct sudo_digest
+ * and returns a pointer to it, updating cmnd to point to the
+ * command after the digest.
+ */
+static struct sudo_digest *
+sudo_sss_extract_digest(char **cmnd, struct sudo_digest *digest)
+{
+ char *ep, *cp = *cmnd;
+ int digest_type = SUDO_DIGEST_INVALID;
+ debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP)
+
+ /*
+ * Check for and extract a digest prefix, e.g.
+ * sha224:d06a2617c98d377c250edd470fd5e576327748d82915d6e33b5f8db1 /bin/ls
+ */
+ if (cp[0] == 's' && cp[1] == 'h' && cp[2] == 'a') {
+ switch (cp[3]) {
+ case '2':
+ if (cp[4] == '2' && cp[5] == '4')
+ digest_type = SUDO_DIGEST_SHA224;
+ else if (cp[4] == '5' && cp[5] == '6')
+ digest_type = SUDO_DIGEST_SHA256;
+ break;
+ case '3':
+ if (cp[4] == '8' && cp[5] == '4')
+ digest_type = SUDO_DIGEST_SHA384;
+ break;
+ case '5':
+ if (cp[4] == '1' && cp[5] == '2')
+ digest_type = SUDO_DIGEST_SHA512;
+ break;
+ }
+ if (digest_type != SUDO_DIGEST_INVALID) {
+ cp += 6;
+ while (isblank((unsigned char)*cp))
+ cp++;
+ if (*cp == ':') {
+ cp++;
+ while (isblank((unsigned char)*cp))
+ cp++;
+ ep = cp;
+ while (*ep != '\0' && !isblank((unsigned char)*ep))
+ ep++;
+ if (*ep != '\0') {
+ digest->digest_type = digest_type;
+ digest->digest_str = estrndup(cp, (size_t)(ep - cp));
+ cp = ep + 1;
+ while (isblank((unsigned char)*cp))
+ cp++;
+ *cmnd = cp;
+ sudo_debug_printf(SUDO_DEBUG_INFO,
+ "%s digest %s for %s",
+ digest_type == SUDO_DIGEST_SHA224 ? "sha224" :
+ digest_type == SUDO_DIGEST_SHA256 ? "sha256" :
+ digest_type == SUDO_DIGEST_SHA384 ? "sha384" :
+ "sha512", digest->digest_str, cp);
+ debug_return_ptr(digest);
+ }
+ }
+ }
+ }
+ debug_return_ptr(NULL);
+}
+
/*
* Walk through search results and return true if we have a command match,
* false if disallowed and UNSPEC if not matched.
char **val_array = NULL, *val;
char *allowed_cmnd, *allowed_args;
int i, foundbang, ret = UNSPEC;
+ struct sudo_digest digest, *allowed_digest = NULL;
debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD);
if (rule == NULL)
continue;
}
+ /* check for sha-2 digest */
+ allowed_digest = sudo_ldap_extract_digest(&val, &digest);
+
/* check for !command */
if (*val == '!') {
foundbang = true;
*allowed_args++ = '\0';
/* check the command like normal */
- if (command_matches(allowed_cmnd, allowed_args)) {
+ if (command_matches(allowed_cmnd, allowed_args, NULL)) {
/*
* If allowed (no bang) set ret but keep on checking.
* If disallowed (bang), exit loop.
/*
- * Copyright (c) 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
sudo_read_nss(void)
{
FILE *fp;
- char *cp;
+ char *cp, *line = NULL;
+ size_t linesize = 0;
#ifdef HAVE_SSSD
bool saw_sss = false;
#endif
if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL)
goto nomatch;
- while ((cp = sudo_parseln(fp)) != NULL) {
+ while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
/* Skip blank or comment lines */
- if (*cp == '\0')
+ if (*line == '\0')
continue;
/* Look for a line starting with "sudoers:" */
- if (strncasecmp(cp, "sudoers:", 8) != 0)
+ if (strncasecmp(line, "sudoers:", 8) != 0)
continue;
/* Parse line */
- for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) {
+ for ((cp = strtok(line + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) {
if (strcasecmp(cp, "files") == 0 && !saw_files) {
tq_append(&snl, &sudo_nss_file);
got_match = true;
/* Only parse the first "sudoers:" line */
break;
}
+ free(line);
fclose(fp);
nomatch:
sudo_read_nss(void)
{
FILE *fp;
- char *cp, *ep;
+ char *cp, *ep, *line = NULL;
+ ssize_t linesize = 0;
#ifdef HAVE_SSSD
bool saw_sss = false;
#endif
if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL)
goto nomatch;
- while ((cp = sudo_parseln(fp)) != NULL) {
+ while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
/* Skip blank or comment lines */
- if (*cp == '\0')
+ if (*(cp = line) == '\0')
continue;
/* Look for a line starting with "sudoers = " */
if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode))
cols = 0;
lbuf_init(&defs, output, 4, NULL, cols);
- lbuf_init(&privs, output, 4, NULL, cols);
+ lbuf_init(&privs, output, 8, NULL, cols);
/* Display defaults from all sources. */
lbuf_append(&defs, _("Matching Defaults entries for %s on this host:\n"),
/*
- * Copyright (c) 2007-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2007-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_NSS_H
-#define _SUDO_NSS_H
+#ifndef _SUDOERS_NSS_H
+#define _SUDOERS_NSS_H
struct lbuf;
struct passwd;
struct sudo_nss_list *sudo_read_nss(void);
-#endif /* _SUDO_NSS_H */
+#endif /* _SUDOERS_NSS_H */
/*
- * Copyright (c) 1993-1996, 1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
- *
- * For a brief history of sudo, please see the HISTORY file included
- * with this distribution.
*/
#define _SUDO_MAIN
#include <sys/types.h>
#include <sys/stat.h>
-#include <sys/param.h>
#include <sys/socket.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#include <signal.h>
#include <grp.h>
#include <time.h>
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
-#include <netinet/in.h>
#include <netdb.h>
#ifdef HAVE_LOGIN_CAP_H
# include <login_cap.h>
# include <selinux/selinux.h>
#endif
#include <ctype.h>
-#include <setjmp.h>
#ifndef HAVE_GETADDRINFO
# include "compat/getaddrinfo.h"
#endif
#include "sudoers.h"
-#include "interfaces.h"
-#include "sudoers_version.h"
#include "auth/sudo_auth.h"
#include "secure_path.h"
/*
* Prototypes
*/
-static void init_vars(char * const *);
+static char *find_editor(int nfiles, char **files, char ***argv_out);
+static int cb_runas_default(const char *);
+static int cb_sudoers_locale(const char *);
static int set_cmnd(void);
+static void create_admin_success_flag(void);
+static void init_vars(char * const *);
+static void set_fqdn(void);
static void set_loginclass(struct passwd *);
-static void set_runaspw(const char *);
static void set_runasgr(const char *);
-static int cb_runas_default(const char *);
-static int sudoers_policy_version(int verbose);
-static int deserialize_info(char * const args[], char * const settings[],
- char * const user_info[]);
-static char *find_editor(int nfiles, char **files, char ***argv_out);
-static void create_admin_success_flag(void);
+static void set_runaspw(const char *);
+static bool tty_present(void);
/*
* Globals
*/
struct sudo_user sudo_user;
struct passwd *list_pw;
-struct interface *interfaces;
int long_list;
uid_t timestamp_uid;
extern int errorlineno;
#ifdef HAVE_BSD_AUTH_H
char *login_style;
#endif /* HAVE_BSD_AUTH_H */
-sudo_conv_t sudo_conv;
-sudo_printf_t sudo_printf;
int sudo_mode;
-static int sudo_version;
static char *prev_user;
static char *runas_user;
static char *runas_group;
static struct sudo_nss_list *snl;
-static const char *interfaces_string;
-static sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp;
/* XXX - must be extern for audit bits of sudo_auth.c */
int NewArgc;
char **NewArgv;
-/* Declared here instead of plugin_error.c for static sudo builds. */
-sigjmp_buf error_jmp;
-
-static int
-sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
- sudo_printf_t plugin_printf, char * const settings[],
- char * const user_info[], char * const envp[], char * const args[])
+int
+sudoers_policy_init(void *info, char * const envp[])
{
volatile int sources = 0;
- sigaction_t sa;
- struct sudo_nss *nss;
- struct sudo_nss *nss_next;
- debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN)
-
- sudo_version = version;
- if (!sudo_conv)
- sudo_conv = conversation;
- if (!sudo_printf)
- sudo_printf = plugin_printf;
-
- /* Plugin args are only specified for API version 1.2 and higher. */
- if (sudo_version < SUDO_API_MKVERSION(1, 2))
- args = NULL;
-
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
- rewind_perms();
- debug_return_bool(-1);
- }
+ struct sudo_nss *nss, *nss_next;
+ debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN)
bindtextdomain("sudoers", LOCALEDIR);
- /*
- * Signal setup:
- * Ignore keyboard-generated signals so the user cannot interrupt
- * us at some point and avoid the logging.
- * Install handler to wait for children when they exit.
- */
- zero_bytes(&sa, sizeof(sa));
- sigemptyset(&sa.sa_mask);
- sa.sa_flags = SA_RESTART;
- sa.sa_handler = SIG_IGN;
- (void) sigaction(SIGINT, &sa, &saved_sa_int);
- (void) sigaction(SIGQUIT, &sa, &saved_sa_quit);
- (void) sigaction(SIGTSTP, &sa, &saved_sa_tstp);
-
sudo_setpwent();
sudo_setgrent();
+ /* Register fatal/fatalx callback. */
+ fatal_callback_register(sudoers_cleanup);
+
/* Initialize environment functions (including replacements). */
env_init(envp);
/* Setup defaults data structures. */
init_defaults();
- /* Parse args, settings and user_info */
- sudo_mode = deserialize_info(args, settings, user_info);
+ /* Parse info from front-end. */
+ sudo_mode = sudoers_policy_deserialize_info(info, &runas_user, &runas_group);
init_vars(envp); /* XXX - move this later? */
if (nss->open(nss) == 0 && nss->parse(nss) == 0) {
sources++;
if (nss->setdefs(nss) != 0)
- log_error(NO_STDERR, _("problem with defaults entries"));
+ log_warning(NO_STDERR, N_("problem with defaults entries"));
} else {
tq_remove(snl, nss);
}
* Note that if runas_group was specified without runas_user we
* defer setting runas_pw so the match routines know to ignore it.
*/
+ /* XXX - qpm4u does more here as it may have already set runas_pw */
if (runas_group != NULL) {
set_runasgr(runas_group);
if (runas_user != NULL)
set_runaspw(runas_user ? runas_user : def_runas_default);
if (!update_defaults(SETDEF_RUNAS))
- log_error(NO_STDERR, _("problem with defaults entries"));
+ log_warning(NO_STDERR, N_("problem with defaults entries"));
if (def_fqdn)
set_fqdn(); /* deferred until after sudoers is parsed */
debug_return_bool(true);
}
-static void
-sudoers_policy_close(int exit_status, int error_code)
-{
- debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN)
-
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
- debug_return;
- }
-
- /* We do not currently log the exit status. */
- if (error_code)
- warningx(_("unable to execute %s: %s"), safe_cmnd, strerror(error_code));
-
- /* Close the session we opened in sudoers_policy_init_session(). */
- if (ISSET(sudo_mode, MODE_RUN|MODE_EDIT))
- (void)sudo_auth_end_session(runas_pw);
-
- /* Free remaining references to password and group entries. */
- sudo_pw_delref(sudo_user.pw);
- sudo_user.pw = NULL;
- sudo_pw_delref(runas_pw);
- runas_pw = NULL;
- if (runas_gr != NULL) {
- sudo_gr_delref(runas_gr);
- runas_gr = NULL;
- }
- if (user_group_list != NULL) {
- sudo_grlist_delref(user_group_list);
- user_group_list = NULL;
- }
- efree(user_gids);
- user_gids = NULL;
-
- debug_return;
-}
-
-/*
- * The init_session function is called before executing the command
- * and before uid/gid changes occur.
- * Returns 1 on success, 0 on failure and -1 on error.
- */
-static int
-sudoers_policy_init_session(struct passwd *pwd, char **user_env[])
-{
- debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN)
-
- /* user_env is only specified for API version 1.2 and higher. */
- if (sudo_version < SUDO_API_MKVERSION(1, 2))
- user_env = NULL;
-
- if (sigsetjmp(error_jmp, 1)) {
- /* called via error(), errorx() or log_fatal() */
- debug_return_bool(-1);
- }
-
- debug_return_bool(sudo_auth_begin_session(pwd, user_env));
-}
-
-static int
+int
sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[],
- char **command_infop[], char **argv_out[], char **user_env_out[])
+ void *closure)
{
- static char *command_info[32]; /* XXX */
char **edit_argv = NULL;
+ char *iolog_path = NULL;
+ mode_t cmnd_umask = 0777;
struct sudo_nss *nss;
- int cmnd_status = -1, validated;
- volatile int info_len = 0;
+ int cmnd_status = -1, oldlocale, validated;
volatile int rval = true;
debug_decl(sudoers_policy_main, SUDO_DEBUG_PLUGIN)
- if (sigsetjmp(error_jmp, 1)) {
- /* error recovery via error(), errorx() or log_fatal() */
+ /* XXX - would like to move this to policy.c but need the cleanup. */
+ if (fatal_setjmp() != 0) {
+ /* error recovery via fatal(), fatalx() or log_fatal() */
rval = -1;
goto done;
}
/* Find command in path */
cmnd_status = set_cmnd();
-#ifdef HAVE_SETLOCALE
- if (!setlocale(LC_ALL, def_sudoers_locale)) {
- warningx(_("unable to set locale to \"%s\", using \"C\""),
- def_sudoers_locale);
- setlocale(LC_ALL, "C");
- }
-#endif
-
/*
- * Check sudoers sources.
+ * Check sudoers sources, using the locale specified in sudoers.
*/
+ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale);
validated = FLAG_NO_USER | FLAG_NO_HOST;
tq_foreach_fwd(snl, nss) {
validated = nss->lookup(nss, validated, pwflag);
}
}
+ /* Restore user's locale. */
+ sudoers_setlocale(oldlocale, NULL);
+
if (safe_cmnd == NULL)
safe_cmnd = estrdup(user_cmnd);
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, "");
-#endif
-
/* If only a group was specified, set runas_pw based on invoking user. */
if (runas_pw == NULL)
set_runaspw(user_name);
timestamp_uid = pw->pw_uid;
sudo_pw_delref(pw);
} else {
- log_error(0, _("timestamp owner (%s): No such user"),
+ log_warning(0, N_("timestamp owner (%s): No such user"),
def_timestampowner);
timestamp_uid = ROOT_UID;
}
}
/* Bail if a tty is required and we don't have one. */
- if (def_requiretty) {
- int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
- if (fd == -1) {
- audit_failure(NewArgv, _("no tty"));
- warningx(_("sorry, you must have a tty to run sudo"));
- goto bad;
- } else
- (void) close(fd);
+ if (def_requiretty && !tty_present()) {
+ audit_failure(NewArgv, N_("no tty"));
+ warningx(_("sorry, you must have a tty to run sudo"));
+ goto bad;
}
/*
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
- audit_failure(NewArgv, _("command in current directory"));
+ audit_failure(NewArgv, N_("command in current directory"));
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd);
goto bad;
} else if (cmnd_status == NOT_FOUND) {
- audit_failure(NewArgv, _("%s: command not found"), user_cmnd);
- warningx(_("%s: command not found"), user_cmnd);
+ if (ISSET(sudo_mode, MODE_CHECK)) {
+ audit_failure(NewArgv, N_("%s: command not found"), NewArgv[0]);
+ warningx(_("%s: command not found"), NewArgv[0]);
+ } else {
+ audit_failure(NewArgv, N_("%s: command not found"), user_cmnd);
+ warningx(_("%s: command not found"), user_cmnd);
+ }
goto bad;
}
validate_env_vars(sudo_user.env_vars);
}
- if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output)) {
- if (def_iolog_file && def_iolog_dir) {
- command_info[info_len++] = expand_iolog_path("iolog_path=",
- def_iolog_dir, def_iolog_file, &sudo_user.iolog_file);
+ if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT))) {
+ if ((def_log_input || def_log_output) && def_iolog_file && def_iolog_dir) {
+ const char prefix[] = "iolog_path=";
+ iolog_path = expand_iolog_path(prefix, def_iolog_dir,
+ def_iolog_file, &sudo_user.iolog_file);
sudo_user.iolog_file++;
}
- if (def_log_input) {
- command_info[info_len++] = estrdup("iolog_stdin=true");
- command_info[info_len++] = estrdup("iolog_ttyin=true");
- }
- if (def_log_output) {
- command_info[info_len++] = estrdup("iolog_stdout=true");
- command_info[info_len++] = estrdup("iolog_stderr=true");
- command_info[info_len++] = estrdup("iolog_ttyout=true");
- }
- if (def_compress_io)
- command_info[info_len++] = estrdup("iolog_compress=true");
}
log_allowed(validated);
* unless umask_override is set.
*/
if (def_umask != 0777) {
- mode_t mask = def_umask;
- if (!def_umask_override) {
- mode_t omask = umask(mask);
- mask |= omask;
- umask(omask);
- }
- easprintf(&command_info[info_len++], "umask=0%o", (unsigned int)mask);
+ cmnd_umask = def_umask;
+ if (!def_umask_override)
+ cmnd_umask |= user_umask;
}
if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
*p = '-';
NewArgv[0] = p;
- /* Set cwd to run user's homedir. */
- command_info[info_len++] = fmt_string("cwd", runas_pw->pw_dir);
-
/*
* Newer versions of bash require the --login option to be used
* in conjunction with the -c option even if the shell name starts
/* Insert user-specified environment variables. */
insert_env_vars(sudo_user.env_vars);
- /* Restore signal handlers before we exec. */
- (void) sigaction(SIGINT, &saved_sa_int, NULL);
- (void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
- (void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
-
if (ISSET(sudo_mode, MODE_EDIT)) {
- char *editor = find_editor(NewArgc - 1, NewArgv + 1, &edit_argv);
- if (editor == NULL)
+ efree(safe_cmnd);
+ safe_cmnd = find_editor(NewArgc - 1, NewArgv + 1, &edit_argv);
+ if (safe_cmnd == NULL)
goto bad;
- command_info[info_len++] = fmt_string("command", editor);
- command_info[info_len++] = estrdup("sudoedit=true");
- } else {
- command_info[info_len++] = fmt_string("command", safe_cmnd);
}
- if (def_stay_setuid) {
- easprintf(&command_info[info_len++], "runas_uid=%u",
- (unsigned int)user_uid);
- easprintf(&command_info[info_len++], "runas_gid=%u",
- (unsigned int)user_gid);
- easprintf(&command_info[info_len++], "runas_euid=%u",
- (unsigned int)runas_pw->pw_uid);
- easprintf(&command_info[info_len++], "runas_egid=%u",
- runas_gr ? (unsigned int)runas_gr->gr_gid :
- (unsigned int)runas_pw->pw_gid);
- } else {
- easprintf(&command_info[info_len++], "runas_uid=%u",
- (unsigned int)runas_pw->pw_uid);
- easprintf(&command_info[info_len++], "runas_gid=%u",
- runas_gr ? (unsigned int)runas_gr->gr_gid :
- (unsigned int)runas_pw->pw_gid);
- }
- if (def_preserve_groups) {
- command_info[info_len++] = "preserve_groups=true";
- } else {
- int i, len;
- gid_t egid;
- size_t glsize;
- char *cp, *gid_list;
- struct group_list *grlist = sudo_get_grlist(runas_pw);
-
- /* We reserve an extra spot in the list for the effective gid. */
- glsize = sizeof("runas_groups=") - 1 +
- ((grlist->ngids + 1) * (MAX_UID_T_LEN + 1));
- gid_list = emalloc(glsize);
- memcpy(gid_list, "runas_groups=", sizeof("runas_groups=") - 1);
- cp = gid_list + sizeof("runas_groups=") - 1;
-
- /* On BSD systems the effective gid is the first group in the list. */
- egid = runas_gr ? (unsigned int)runas_gr->gr_gid :
- (unsigned int)runas_pw->pw_gid;
- len = snprintf(cp, glsize - (cp - gid_list), "%u", egid);
- if (len < 0 || len >= glsize - (cp - gid_list))
- errorx(1, _("internal error, %s overflow"), "runas_groups");
- cp += len;
- for (i = 0; i < grlist->ngids; i++) {
- if (grlist->gids[i] != egid) {
- len = snprintf(cp, glsize - (cp - gid_list), ",%u",
- (unsigned int) grlist->gids[i]);
- if (len < 0 || len >= glsize - (cp - gid_list))
- errorx(1, _("internal error, %s overflow"), "runas_groups");
- cp += len;
- }
- }
- command_info[info_len++] = gid_list;
- sudo_grlist_delref(grlist);
- }
- if (def_closefrom >= 0)
- easprintf(&command_info[info_len++], "closefrom=%d", def_closefrom);
- if (def_noexec)
- command_info[info_len++] = estrdup("noexec=true");
- if (def_set_utmp)
- command_info[info_len++] = estrdup("set_utmp=true");
- if (def_use_pty)
- command_info[info_len++] = estrdup("use_pty=true");
- if (def_utmp_runas)
- command_info[info_len++] = fmt_string("utmp_user", runas_pw->pw_name);
-#ifdef HAVE_LOGIN_CAP_H
- if (def_use_loginclass)
- command_info[info_len++] = fmt_string("login_class", login_class);
-#endif /* HAVE_LOGIN_CAP_H */
-#ifdef HAVE_SELINUX
- if (user_role != NULL)
- command_info[info_len++] = fmt_string("selinux_role", user_role);
- if (user_type != NULL)
- command_info[info_len++] = fmt_string("selinux_type", user_type);
-#endif /* HAVE_SELINUX */
-#ifdef HAVE_PRIV_SET
- if (runas_privs != NULL)
- command_info[info_len++] = fmt_string("runas_privs", runas_privs);
- if (runas_limitprivs != NULL)
- command_info[info_len++] = fmt_string("runas_limitprivs", runas_limitprivs);
-#endif /* HAVE_SELINUX */
/* Must audit before uid change. */
audit_success(NewArgv);
- *command_infop = command_info;
-
- *argv_out = edit_argv ? edit_argv : NewArgv;
+ /* Setup execution environment to pass back to front-end. */
+ rval = sudoers_policy_exec_setup(edit_argv ? edit_argv : NewArgv,
+ env_get(), cmnd_umask, iolog_path, closure);
- /* Get private version of the environment and zero out stashed copy. */
- *user_env_out = env_get();
+ /* Zero out stashed copy of environment, it is owned by the front-end. */
env_init(NULL);
goto done;
rval = false;
done:
+ fatal_disable_setjmp();
rewind_perms();
/* Close the password and group files and free up memory. */
debug_return_bool(rval);
}
-static int
-sudoers_policy_check(int argc, char * const argv[], char *env_add[],
- char **command_infop[], char **argv_out[], char **user_env_out[])
-{
- debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN)
-
- if (!ISSET(sudo_mode, MODE_EDIT))
- SET(sudo_mode, MODE_RUN);
-
- debug_return_bool(sudoers_policy_main(argc, argv, 0, env_add, command_infop,
- argv_out, user_env_out));
-}
-
-static int
-sudoers_policy_validate(void)
-{
- debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN)
-
- user_cmnd = "validate";
- SET(sudo_mode, MODE_VALIDATE);
-
- debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL, NULL, NULL));
-}
-
-static void
-sudoers_policy_invalidate(int remove)
-{
- debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN)
-
- user_cmnd = "kill";
- if (sigsetjmp(error_jmp, 1) == 0) {
- remove_timestamp(remove);
- plugin_cleanup(0);
- }
-
- debug_return;
-}
-
-static int
-sudoers_policy_list(int argc, char * const argv[], int verbose,
- const char *list_user)
-{
- int rval;
- debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN)
-
- user_cmnd = "list";
- if (argc)
- SET(sudo_mode, MODE_CHECK);
- else
- SET(sudo_mode, MODE_LIST);
- if (verbose)
- long_list = 1;
- if (list_user) {
- list_pw = sudo_getpwnam(list_user);
- if (list_pw == NULL) {
- warningx(_("unknown user: %s"), list_user);
- debug_return_bool(-1);
- }
- }
- rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL, NULL, NULL);
- if (list_user) {
- sudo_pw_delref(list_pw);
- list_pw = NULL;
- }
-
- debug_return_bool(rval);
-}
-
/*
- * Initialize timezone, set umask, fill in ``sudo_user'' struct and
- * load the ``interfaces'' array.
+ * Initialize timezone and fill in ``sudo_user'' struct.
*/
static void
init_vars(char * const envp[])
char * const * ep;
debug_decl(init_vars, SUDO_DEBUG_PLUGIN)
-#ifdef HAVE_TZSET
- (void) tzset(); /* set the timezone if applicable */
-#endif /* HAVE_TZSET */
+ sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale);
for (ep = envp; *ep; ep++) {
/* XXX - don't fill in if empty string */
}
/*
- * Get a local copy of the user's struct passwd with the shadow password
- * if necessary. It is assumed that euid is 0 at this point so we
- * can read the shadow passwd file if necessary.
+ * Get a local copy of the user's struct passwd if we don't already
+ * have one.
*/
- if ((sudo_user.pw = sudo_getpwuid(user_uid)) == NULL) {
- /*
- * It is not unusual for users to place "sudo -k" in a .logout
- * file which can cause sudo to be run during reboot after the
- * YP/NIS/NIS+/LDAP/etc daemon has died.
- */
- if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE)
- errorx(1, _("unknown uid: %u"), (unsigned int) user_uid);
+ if (sudo_user.pw == NULL) {
+ if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL) {
+ /*
+ * It is not unusual for users to place "sudo -k" in a .logout
+ * file which can cause sudo to be run during reboot after the
+ * YP/NIS/NIS+/LDAP/etc daemon has died.
+ */
+ if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE)
+ fatalx(_("unknown uid: %u"), (unsigned int) user_uid);
- /* Need to make a fake struct passwd for the call to log_fatal(). */
- sudo_user.pw = sudo_fakepwnamid(user_name, user_uid, user_gid);
- log_fatal(0, _("unknown uid: %u"), (unsigned int) user_uid);
- /* NOTREACHED */
+ /* Need to make a fake struct passwd for the call to log_fatal(). */
+ sudo_user.pw = sudo_mkpwent(user_name, user_uid, user_gid, NULL, NULL);
+ log_fatal(0, N_("unknown uid: %u"), (unsigned int) user_uid);
+ /* NOTREACHED */
+ }
}
/*
/* Set runas callback. */
sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default;
+ /* Set locale callback. */
+ sudo_defs_table[I_SUDOERS_LOCALE].callback = cb_sudoers_locale;
+
+ /* Set maxseq callback. */
+ sudo_defs_table[I_MAXSEQ].callback = io_set_max_sessid;
+
/* It is now safe to use log_fatal() and set_perms() */
debug_return;
}
for (to = user_args, av = NewArgv + 1; *av; av++) {
n = strlcpy(to, *av, size - (to - user_args));
if (n >= size - (to - user_args))
- errorx(1, _("internal error, %s overflow"), "set_cmnd()");
+ fatalx(_("internal error, %s overflow"), "set_cmnd()");
to += n;
*to++ = ' ';
}
}
}
}
- if (strlen(user_cmnd) >= PATH_MAX)
- errorx(1, _("%s: %s"), user_cmnd, strerror(ENAMETOOLONG));
+ if (strlen(user_cmnd) >= PATH_MAX) {
+ errno = ENAMETOOLONG;
+ fatal("%s", user_cmnd);
+ }
if ((user_base = strrchr(user_cmnd, '/')) != NULL)
user_base++;
user_base = user_cmnd;
if (!update_defaults(SETDEF_CMND))
- log_error(NO_STDERR, _("problem with defaults entries"));
+ log_warning(NO_STDERR, N_("problem with defaults entries"));
debug_return_int(rval);
}
* the user with a reasonable error message (unlike the lexer).
*/
if ((fp = fopen(sudoers, "r")) == NULL) {
- log_error(USE_ERRNO, _("unable to open %s"), sudoers);
+ log_warning(USE_ERRNO, N_("unable to open %s"), sudoers);
} else {
if (sb.st_size != 0 && fgetc(fp) == EOF) {
- log_error(USE_ERRNO, _("unable to read %s"),
+ log_warning(USE_ERRNO, N_("unable to read %s"),
sudoers);
fclose(fp);
fp = NULL;
}
break;
case SUDO_PATH_MISSING:
- log_error(USE_ERRNO, _("unable to stat %s"), sudoers);
+ log_warning(USE_ERRNO, N_("unable to stat %s"), sudoers);
break;
case SUDO_PATH_BAD_TYPE:
- log_error(0, _("%s is not a regular file"), sudoers);
+ log_warning(0, N_("%s is not a regular file"), sudoers);
break;
case SUDO_PATH_WRONG_OWNER:
- log_error(0, _("%s is owned by uid %u, should be %u"),
+ log_warning(0, N_("%s is owned by uid %u, should be %u"),
sudoers, (unsigned int) sb.st_uid, (unsigned int) sudoers_uid);
break;
case SUDO_PATH_WORLD_WRITABLE:
- log_error(0, _("%s is world writable"), sudoers);
+ log_warning(0, N_("%s is world writable"), sudoers);
break;
case SUDO_PATH_GROUP_WRITABLE:
- log_error(0, _("%s is owned by gid %u, should be %u"),
+ log_warning(0, N_("%s is owned by gid %u, should be %u"),
sudoers, (unsigned int) sb.st_gid, (unsigned int) sudoers_gid);
break;
default:
if (login_class && strcmp(login_class, "-") != 0) {
if (user_uid != 0 &&
strcmp(runas_user ? runas_user : def_runas_default, "root") != 0)
- errorx(1, _("only root can use `-c %s'"), login_class);
+ fatalx(_("only root can use `-c %s'"), login_class);
} else {
login_class = pw->pw_class;
if (!login_class || !*login_class)
* corrupted we want the admin to be able to use sudo to fix it.
*/
if (login_class)
- log_fatal(errflags, _("unknown login class: %s"), login_class);
+ log_fatal(errflags, N_("unknown login class: %s"), login_class);
else
- log_error(errflags, _("unknown login class: %s"), login_class);
+ log_warning(errflags, N_("unknown login class: %s"), login_class);
def_use_loginclass = false;
}
login_close(lc);
* Look up the fully qualified domain name and set user_host and user_shost.
* Use AI_FQDN if available since "canonical" is not always the same as fqdn.
*/
-void
+static void
set_fqdn(void)
{
struct addrinfo *res0, hint;
hint.ai_family = PF_UNSPEC;
hint.ai_flags = AI_FQDN;
if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {
- log_error(MSG_ONLY, _("unable to resolve host %s"), user_host);
+ log_warning(MSG_ONLY, N_("unable to resolve host %s"), user_host);
} else {
if (user_shost != user_host)
efree(user_shost);
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
} else {
if ((runas_pw = sudo_getpwnam(user)) == NULL)
- log_fatal(NO_MAIL|MSG_ONLY, _("unknown user: %s"), user);
+ log_fatal(NO_MAIL|MSG_ONLY, N_("unknown user: %s"), user);
}
debug_return;
}
runas_gr = sudo_fakegrnam(group);
} else {
if ((runas_gr = sudo_getgrnam(group)) == NULL)
- log_fatal(NO_MAIL|MSG_ONLY, _("unknown group: %s"), group);
+ log_fatal(NO_MAIL|MSG_ONLY, N_("unknown group: %s"), group);
}
debug_return;
}
}
/*
- * Cleanup hook for error()/errorx()
+ * Callback for sudoers_locale sudoers setting.
*/
-void
-plugin_cleanup(int gotsignal)
-{
- struct sudo_nss *nss;
-
- if (!gotsignal) {
- debug_decl(plugin_cleanup, SUDO_DEBUG_PLUGIN)
- if (snl != NULL) {
- tq_foreach_fwd(snl, nss)
- nss->close(nss);
- }
- if (def_group_plugin)
- group_plugin_unload();
- sudo_endpwent();
- sudo_endgrent();
- debug_return;
- }
-}
-
static int
-sudoers_policy_version(int verbose)
+cb_sudoers_locale(const char *locale)
{
- debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN)
-
- if (sigsetjmp(error_jmp, 1)) {
- /* error recovery via error(), errorx() or log_fatal() */
- debug_return_bool(-1);
- }
-
- sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"),
- PACKAGE_VERSION);
- sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers file grammar version %d\n"),
- SUDOERS_GRAMMAR_VERSION);
-
- if (verbose) {
- sudo_printf(SUDO_CONV_INFO_MSG, _("\nSudoers path: %s\n"), sudoers_file);
-#ifdef HAVE_LDAP
-# ifdef _PATH_NSSWITCH_CONF
- sudo_printf(SUDO_CONV_INFO_MSG, _("nsswitch path: %s\n"), _PATH_NSSWITCH_CONF);
-# endif
- sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.conf path: %s\n"), _PATH_LDAP_CONF);
- sudo_printf(SUDO_CONV_INFO_MSG, _("ldap.secret path: %s\n"), _PATH_LDAP_SECRET);
-#endif
- dump_auth_methods();
- dump_defaults();
- sudo_printf(SUDO_CONV_INFO_MSG, "\n");
- if (interfaces_string != NULL) {
- dump_interfaces(interfaces_string);
- sudo_printf(SUDO_CONV_INFO_MSG, "\n");
- }
- }
- debug_return_bool(true);
+ sudoers_initlocale(NULL, locale);
+ return true;
}
-static int
-deserialize_info(char * const args[], char * const settings[], char * const user_info[])
+/*
+ * Cleanup hook for fatal()/fatalx()
+ */
+void
+sudoers_cleanup(void)
{
- char * const *cur;
- const char *p, *groups = NULL;
- const char *debug_flags = NULL;
- int flags = 0;
- debug_decl(deserialize_info, SUDO_DEBUG_PLUGIN)
-
-#define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0)
-
- /* Parse sudo.conf plugin args. */
- if (args != NULL) {
- for (cur = args; *cur != NULL; cur++) {
- if (MATCHES(*cur, "sudoers_file=")) {
- sudoers_file = *cur + sizeof("sudoers_file=") - 1;
- continue;
- }
- if (MATCHES(*cur, "sudoers_uid=")) {
- sudoers_uid = (uid_t) atoi(*cur + sizeof("sudoers_uid=") - 1);
- continue;
- }
- if (MATCHES(*cur, "sudoers_gid=")) {
- sudoers_gid = (gid_t) atoi(*cur + sizeof("sudoers_gid=") - 1);
- continue;
- }
- if (MATCHES(*cur, "sudoers_mode=")) {
- sudoers_mode = (mode_t) strtol(*cur + sizeof("sudoers_mode=") - 1,
- NULL, 8);
- continue;
- }
- }
- }
-
- /* Parse command line settings. */
- user_closefrom = -1;
- for (cur = settings; *cur != NULL; cur++) {
- if (MATCHES(*cur, "closefrom=")) {
- user_closefrom = atoi(*cur + sizeof("closefrom=") - 1);
- continue;
- }
- if (MATCHES(*cur, "debug_flags=")) {
- debug_flags = *cur + sizeof("debug_flags=") - 1;
- continue;
- }
- if (MATCHES(*cur, "runas_user=")) {
- runas_user = *cur + sizeof("runas_user=") - 1;
- sudo_user.flags |= RUNAS_USER_SPECIFIED;
- continue;
- }
- if (MATCHES(*cur, "runas_group=")) {
- runas_group = *cur + sizeof("runas_group=") - 1;
- sudo_user.flags |= RUNAS_GROUP_SPECIFIED;
- continue;
- }
- if (MATCHES(*cur, "prompt=")) {
- user_prompt = *cur + sizeof("prompt=") - 1;
- def_passprompt_override = true;
- continue;
- }
- if (MATCHES(*cur, "set_home=")) {
- if (atobool(*cur + sizeof("set_home=") - 1) == true)
- SET(flags, MODE_RESET_HOME);
- continue;
- }
- if (MATCHES(*cur, "preserve_environment=")) {
- if (atobool(*cur + sizeof("preserve_environment=") - 1) == true)
- SET(flags, MODE_PRESERVE_ENV);
- continue;
- }
- if (MATCHES(*cur, "run_shell=")) {
- if (atobool(*cur + sizeof("run_shell=") - 1) == true)
- SET(flags, MODE_SHELL);
- continue;
- }
- if (MATCHES(*cur, "login_shell=")) {
- if (atobool(*cur + sizeof("login_shell=") - 1) == true) {
- SET(flags, MODE_LOGIN_SHELL);
- def_env_reset = true;
- }
- continue;
- }
- if (MATCHES(*cur, "implied_shell=")) {
- if (atobool(*cur + sizeof("implied_shell=") - 1) == true)
- SET(flags, MODE_IMPLIED_SHELL);
- continue;
- }
- if (MATCHES(*cur, "preserve_groups=")) {
- if (atobool(*cur + sizeof("preserve_groups=") - 1) == true)
- SET(flags, MODE_PRESERVE_GROUPS);
- continue;
- }
- if (MATCHES(*cur, "ignore_ticket=")) {
- if (atobool(*cur + sizeof("ignore_ticket=") - 1) == true)
- SET(flags, MODE_IGNORE_TICKET);
- continue;
- }
- if (MATCHES(*cur, "noninteractive=")) {
- if (atobool(*cur + sizeof("noninteractive=") - 1) == true)
- SET(flags, MODE_NONINTERACTIVE);
- continue;
- }
- if (MATCHES(*cur, "sudoedit=")) {
- if (atobool(*cur + sizeof("sudoedit=") - 1) == true)
- SET(flags, MODE_EDIT);
- continue;
- }
- if (MATCHES(*cur, "login_class=")) {
- login_class = *cur + sizeof("login_class=") - 1;
- def_use_loginclass = true;
- continue;
- }
-#ifdef HAVE_PRIV_SET
- if (MATCHES(*cur, "runas_privs=")) {
- def_privs = *cur + sizeof("runas_privs=") - 1;
- continue;
- }
- if (MATCHES(*cur, "runas_limitprivs=")) {
- def_limitprivs = *cur + sizeof("runas_limitprivs=") - 1;
- continue;
- }
-#endif /* HAVE_PRIV_SET */
-#ifdef HAVE_SELINUX
- if (MATCHES(*cur, "selinux_role=")) {
- user_role = *cur + sizeof("selinux_role=") - 1;
- continue;
- }
- if (MATCHES(*cur, "selinux_type=")) {
- user_type = *cur + sizeof("selinux_type=") - 1;
- continue;
- }
-#endif /* HAVE_SELINUX */
-#ifdef HAVE_BSD_AUTH_H
- if (MATCHES(*cur, "bsdauth_type=")) {
- login_style = *cur + sizeof("bsdauth_type=") - 1;
- continue;
- }
-#endif /* HAVE_BSD_AUTH_H */
-#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
- if (MATCHES(*cur, "progname=")) {
- setprogname(*cur + sizeof("progname=") - 1);
- continue;
- }
-#endif
- if (MATCHES(*cur, "network_addrs=")) {
- interfaces_string = *cur + sizeof("network_addrs=") - 1;
- set_interfaces(interfaces_string);
- continue;
- }
- }
-
- for (cur = user_info; *cur != NULL; cur++) {
- if (MATCHES(*cur, "user=")) {
- user_name = estrdup(*cur + sizeof("user=") - 1);
- continue;
- }
- if (MATCHES(*cur, "uid=")) {
- user_uid = (uid_t) atoi(*cur + sizeof("uid=") - 1);
- continue;
- }
- if (MATCHES(*cur, "gid=")) {
- p = *cur + sizeof("gid=") - 1;
- user_gid = (gid_t) atoi(p);
- continue;
- }
- if (MATCHES(*cur, "groups=")) {
- groups = *cur + sizeof("groups=") - 1;
- continue;
- }
- if (MATCHES(*cur, "cwd=")) {
- user_cwd = estrdup(*cur + sizeof("cwd=") - 1);
- continue;
- }
- if (MATCHES(*cur, "tty=")) {
- user_tty = user_ttypath = estrdup(*cur + sizeof("tty=") - 1);
- if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
- user_tty += sizeof(_PATH_DEV) - 1;
- continue;
- }
- if (MATCHES(*cur, "host=")) {
- user_host = user_shost = estrdup(*cur + sizeof("host=") - 1);
- if ((p = strchr(user_host, '.')))
- user_shost = estrndup(user_host, (size_t)(p - user_host));
- continue;
- }
- if (MATCHES(*cur, "lines=")) {
- sudo_user.lines = atoi(*cur + sizeof("lines=") - 1);
- continue;
- }
- if (MATCHES(*cur, "cols=")) {
- sudo_user.cols = atoi(*cur + sizeof("cols=") - 1);
- continue;
- }
- if (MATCHES(*cur, "sid=")) {
- sudo_user.sid = atoi(*cur + sizeof("sid=") - 1);
- continue;
- }
- }
- if (user_cwd == NULL)
- user_cwd = "unknown";
- if (user_tty == NULL)
- user_tty = "unknown"; /* user_ttypath remains NULL */
-
- if (groups != NULL && groups[0] != '\0') {
- const char *cp;
- GETGROUPS_T *gids;
- int ngids;
-
- /* Count number of groups, including passwd gid. */
- ngids = 2;
- for (cp = groups; *cp != '\0'; cp++) {
- if (*cp == ',')
- ngids++;
- }
-
- /* The first gid in the list is the passwd group gid. */
- gids = emalloc2(ngids, sizeof(GETGROUPS_T));
- gids[0] = user_gid;
- ngids = 1;
- cp = groups;
- for (;;) {
- gids[ngids] = atoi(cp);
- if (gids[0] != gids[ngids])
- ngids++;
- cp = strchr(cp, ',');
- if (cp == NULL)
- break;
- cp++; /* skip over comma */
- }
- user_gids = gids;
- user_ngids = ngids;
- }
+ struct sudo_nss *nss;
+ debug_decl(sudoers_cleanup, SUDO_DEBUG_PLUGIN)
- /* Setup debugging if indicated. */
- if (debug_flags != NULL) {
- sudo_debug_init(NULL, debug_flags);
- for (cur = settings; *cur != NULL; cur++)
- sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur);
- for (cur = user_info; *cur != NULL; cur++)
- sudo_debug_printf(SUDO_DEBUG_INFO, "user_info: %s", *cur);
+ if (snl != NULL) {
+ tq_foreach_fwd(snl, nss)
+ nss->close(nss);
}
+ if (def_group_plugin)
+ group_plugin_unload();
+ sudo_endpwent();
+ sudo_endgrent();
-#undef MATCHES
- debug_return_int(flags);
+ debug_return;
}
static char *
-resolve_editor(char *editor, int nfiles, char **files, char ***argv_out)
+resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, char ***argv_out)
{
- char *cp, **nargv, *editor_path = NULL;
+ char *cp, **nargv, *editor, *editor_path = NULL;
int ac, i, nargc;
bool wasblank;
debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN)
- editor = estrdup(editor); /* becomes part of argv_out */
+ /* Note: editor becomes part of argv_out and is not freed. */
+ editor = emalloc(edlen + 1);
+ memcpy(editor, ed, edlen);
+ editor[edlen] = '\0';
/*
* Split editor into an argument vector; editor is reused (do not free).
static char *
find_editor(int nfiles, char **files, char ***argv_out)
{
- char *cp, *editor, *editor_path = NULL, **ev, *ev0[4];
+ const char *cp, *ep, *editor;
+ char *editor_path = NULL, **ev, *ev0[4];
+ size_t len;
debug_decl(find_editor, SUDO_DEBUG_PLUGIN)
/*
ev0[1] = "VISUAL";
ev0[2] = "EDITOR";
ev0[3] = NULL;
- for (ev = ev0; *ev != NULL; ev++) {
+ for (ev = ev0; editor_path == NULL && *ev != NULL; ev++) {
if ((editor = getenv(*ev)) != NULL && *editor != '\0') {
- editor_path = resolve_editor(editor, nfiles, files, argv_out);
- if (editor_path != NULL)
- break;
+ editor_path = resolve_editor(editor, strlen(editor), nfiles,
+ files, argv_out);
}
}
if (editor_path == NULL) {
- /* def_editor could be a path, split it up */
- editor = estrdup(def_editor);
- cp = strtok(editor, ":");
- while (cp != NULL && editor_path == NULL) {
- editor_path = resolve_editor(cp, nfiles, files, argv_out);
- cp = strtok(NULL, ":");
- }
- if (editor_path)
- efree(editor);
+ /* def_editor could be a path, split it up, avoiding strtok() */
+ cp = editor = def_editor;
+ do {
+ if ((ep = strchr(cp, ':')) != NULL)
+ len = ep - cp;
+ else
+ len = strlen(cp);
+ editor_path = resolve_editor(cp, len, nfiles, files, argv_out);
+ cp = ep + 1;
+ } while (ep != NULL && editor_path == NULL);
}
if (!editor_path) {
- audit_failure(NewArgv, _("%s: command not found"), editor);
+ audit_failure(NewArgv, N_("%s: command not found"), editor);
warningx(_("%s: command not found"), editor);
}
debug_return_str(editor_path);
}
#endif /* USE_ADMIN_FLAG */
-static void
-sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook *hook))
+static bool
+tty_present(void)
{
- struct sudo_hook hook;
-
- memset(&hook, 0, sizeof(hook));
- hook.hook_version = SUDO_HOOK_VERSION;
-
- hook.hook_type = SUDO_HOOK_SETENV;
- hook.hook_fn = sudoers_hook_setenv;
- register_hook(&hook);
-
- hook.hook_type = SUDO_HOOK_UNSETENV;
- hook.hook_fn = sudoers_hook_unsetenv;
- register_hook(&hook);
-
- hook.hook_type = SUDO_HOOK_GETENV;
- hook.hook_fn = sudoers_hook_getenv;
- register_hook(&hook);
-
- hook.hook_type = SUDO_HOOK_PUTENV;
- hook.hook_fn = sudoers_hook_putenv;
- register_hook(&hook);
+#if defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV) || defined(HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) || defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__)
+ return user_ttypath != NULL;
+#else
+ int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
+ if (fd != -1)
+ close(fd);
+ return fd != -1;
+#endif
}
-
-__dso_public struct policy_plugin sudoers_policy = {
- SUDO_POLICY_PLUGIN,
- SUDO_API_VERSION,
- sudoers_policy_open,
- sudoers_policy_close,
- sudoers_policy_version,
- sudoers_policy_check,
- sudoers_policy_list,
- sudoers_policy_validate,
- sudoers_policy_invalidate,
- sudoers_policy_init_session,
- sudoers_policy_register_hooks
-};
/*
- * Copyright (c) 1993-1996, 1998-2005, 2007-2011
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
-#ifndef _SUDO_SUDOERS_H
-#define _SUDO_SUDOERS_H
+#ifndef _SUDOERS_SUDOERS_H
+#define _SUDOERS_SUDOERS_H
#include <limits.h>
#ifdef HAVE_STDBOOL_H
char *privs;
char *limitprivs;
#endif
- char *cwd;
+ const char *cwd;
char *iolog_file;
GETGROUPS_T *gids;
int ngids;
int lines;
int cols;
int flags;
+ int max_groups;
+ mode_t umask;
uid_t uid;
uid_t gid;
pid_t sid;
#define user_uid (sudo_user.uid)
#define user_gid (sudo_user.gid)
#define user_sid (sudo_user.sid)
+#define user_umask (sudo_user.umask)
#define user_passwd (sudo_user.pw->pw_passwd)
#define user_dir (sudo_user.pw->pw_dir)
#define user_gids (sudo_user.gids)
#define runas_limitprivs (sudo_user.limitprivs)
#ifdef __TANDEM
-# define ROOT_UID 65535
+# define ROOT_UID 65535
#else
-# define ROOT_UID 0
+# define ROOT_UID 0
#endif
+#define ROOT_GID 0
/*
* We used to use the system definition of PASS_MAX or _PASSWD_LEN,
/*
* Function prototypes
*/
-#define YY_DECL int yylex(void)
+#define YY_DECL int sudoerslex(void)
/* goodpath.c */
bool sudo_goodpath(const char *, struct stat *);
int find_path(char *, char **, struct stat *, char *, int);
/* check.c */
-int check_user(int, int);
-void remove_timestamp(bool);
+int check_user(int validate, int mode);
bool user_is_exempt(void);
+/* prompt.c */
+char *expand_prompt(const char *old_prompt, const char *user, const char *host);
+
+/* timestamp.c */
+void remove_timestamp(bool);
+bool set_lectured(void);
+
/* sudo_auth.c */
+bool sudo_auth_needs_end_session(void);
int verify_user(struct passwd *pw, char *prompt, int validated);
int sudo_auth_begin_session(struct passwd *pw, char **user_env[]);
int sudo_auth_end_session(struct passwd *pw);
int pam_prep_user(struct passwd *);
/* gram.y */
-int yyparse(void);
+int sudoersparse(void);
/* toke.l */
YY_DECL;
struct group *sudo_fakegrnam(const char *);
struct group_list *sudo_get_grlist(struct passwd *pw);
struct passwd *sudo_fakepwnam(const char *, gid_t);
-struct passwd *sudo_fakepwnamid(const char *user, uid_t uid, gid_t gid);
+struct passwd *sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, const char *shell);
struct passwd *sudo_getpwnam(const char *);
struct passwd *sudo_getpwuid(uid_t);
void sudo_endgrent(void);
void sudo_grlist_delref(struct group_list *);
void sudo_pw_addref(struct passwd *);
void sudo_pw_delref(struct passwd *);
+void sudo_set_grlist(struct passwd *pw, char * const *groups,
+ char * const *gids);
void sudo_setgrent(void);
void sudo_setpwent(void);
void sudo_setspent(void);
int get_boottime(struct timeval *);
/* iolog.c */
+int io_set_max_sessid(const char *sessid);
void io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]);
/* iolog_path.c */
char *fmt_string(const char *, const char *);
/* sudoers.c */
-void plugin_cleanup(int);
-void set_fqdn(void);
FILE *open_sudoers(const char *, bool, bool *);
+int sudoers_policy_init(void *info, char * const envp[]);
+int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure);
+void sudoers_cleanup(void);
+
+/* policy.c */
+int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group);
+int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v);
+extern const char *path_ldap_conf;
+extern const char *path_ldap_secret;
/* aix.c */
void aix_restoreauthdb(void);
extern int sudo_mode;
extern uid_t timestamp_uid;
extern sudo_conv_t sudo_conv;
-extern sudo_printf_t sudo_printf;
#endif
-#endif /* _SUDO_SUDOERS_H */
+#endif /* _SUDOERS_SUDOERS_H */
#!/usr/bin/env perl
+#
+# Copyright (c) 2007, 2010-2011, 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
use strict;
#
my $opt=$';
$opt=~s/\s+$//; # remove trailing whitespace
push @options,$opt;
- } elsif (/^(\S+)\s+(.+)=\s*(.*)/) {
+ } elsif (/^(\S+)\s+([^=]+)=\s*(.*)/) {
# Aliases or Definitions
my ($p1,$p2,$p3)=($1,$2,$3);
s/NOLOG_INPUT:\s*// && push @options,"!log_input";
s/LOG_OUTPUT:\s*// && push @options,"log_output";
s/NOLOG_OUTPUT:\s*// && push @options,"!log_output";
- s/\w+://; # silently remove other directives
+ s/[[:upper:]]+://; # silently remove other tags
s/\s+$//; # right trim
}
+/*
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
/*
* Major sudoers grammar changes are documented here.
* Note that minor changes such as added Defaults options are not listed here.
* 40 sudo 1.7.6/1.8.1, A group ID is now allowed in a User_List or Runas_List.
* 41 sudo 1.7.6/1.8.4, Support for relative paths in #include and #includedir
* 42 sudo 1.8.6, Support for empty Runas_List (with or without a colon) to mean the invoking user. Support for Solaris Privilege Sets (PRIVS= and LIMITPRIVS=).
+ * 43 sudo 1.8.7, Support for specifying a digest along with the command.
*/
#ifndef _SUDOERS_VERSION_H
#define _SUDOERS_VERSION_H
-#define SUDOERS_GRAMMAR_VERSION 42
+#define SUDOERS_GRAMMAR_VERSION 43
#endif /* _SUDOERS_VERSION_H */
/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/uio.h>
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h>
#ifdef HAVE_ZLIB_H
# include <zlib.h>
#endif
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#include <signal.h>
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#include "alloc.h"
#include "error.h"
#include "gettext.h"
+#include "logging.h"
#include "sudo_plugin.h"
#include "sudo_conf.h"
#include "sudo_debug.h"
} u;
} *search_expr;
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
-
#define STACK_NODE_SIZE 32
static struct search_node *node_stack[32];
static int stack_top;
extern int term_raw(int, int);
extern int term_restore(int, int);
extern void get_ttysize(int *rowp, int *colp);
-void cleanup(int);
static int list_sessions(int, char **, const char *, const char *, const char *);
static int parse_expr(struct search_node **, char **);
static struct log_info *parse_logfile(char *logfile);
static void free_log_info(struct log_info *li);
static size_t atomic_writev(int fd, struct iovec *iov, int iovcnt);
+static void sudoreplay_handler(int);
+static void sudoreplay_cleanup(void);
#ifdef HAVE_REGCOMP
# define REGEX_T regex_t
(s)[8] == '/' && (s)[9] == 'l' && (s)[10] == 'o' && (s)[11] == 'g' && \
(s)[12] == '\0')
+__dso_public int main(int argc, char *argv[]);
+
int
main(int argc, char *argv[])
{
int ch, idx, plen, exitcode = 0, rows = 0, cols = 0;
bool interactive = false, listonly = false, need_nlcr = false;
- const char *id, *user = NULL, *pattern = NULL, *tty = NULL, *decimal = ".";
+ const char *decimal, *id, *user = NULL, *pattern = NULL, *tty = NULL;
char path[PATH_MAX], buf[LINE_MAX], *cp, *ep;
double seconds, to_wait, speed = 1.0, max_wait = 0;
sigaction_t sa;
setprogname(argc > 0 ? argv[0] : "sudoreplay");
#endif
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, "");
+ sudoers_setlocale(SUDOERS_LOCALE_USER, NULL);
decimal = localeconv()->decimal_point;
-#endif
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have sudoreplay domain */
textdomain("sudoers");
+ /* Register fatal/fatalx callback. */
+ fatal_callback_register(sudoreplay_cleanup);
+
/* Read sudo.conf. */
- sudo_conf_read();
+ sudo_conf_read(NULL);
while ((ch = getopt(argc, argv, "d:f:hlm:s:V")) != -1) {
switch(ch) {
else if (strcmp(cp, "ttyout") == 0)
SET(replay_filter, 1 << IOFD_TTYOUT);
else
- errorx(1, _("invalid filter option: %s"), optarg);
+ fatalx(_("invalid filter option: %s"), optarg);
}
break;
case 'h':
errno = 0;
max_wait = strtod(optarg, &ep);
if (*ep != '\0' || errno != 0)
- errorx(1, _("invalid max wait: %s"), optarg);
+ fatalx(_("invalid max wait: %s"), optarg);
break;
case 's':
errno = 0;
speed = strtod(optarg, &ep);
if (*ep != '\0' || errno != 0)
- errorx(1, _("invalid speed factor: %s"), optarg);
+ fatalx(_("invalid speed factor: %s"), optarg);
break;
case 'V':
(void) printf(_("%s version %s\n"), getprogname(), PACKAGE_VERSION);
plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing",
session_dir, id, &id[2], &id[4]);
if (plen <= 0 || plen >= sizeof(path))
- errorx(1, _("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir,
+ fatalx(_("%s/%.2s/%.2s/%.2s/timing: %s"), session_dir,
id, &id[2], &id[4], strerror(ENAMETOOLONG));
} else {
plen = snprintf(path, sizeof(path), "%s/%s/timing",
session_dir, id);
if (plen <= 0 || plen >= sizeof(path))
- errorx(1, _("%s/%s/timing: %s"), session_dir,
+ fatalx(_("%s/%s/timing: %s"), session_dir,
id, strerror(ENAMETOOLONG));
}
plen -= 7;
for (idx = 0; idx < IOFD_MAX; idx++) {
if (ISSET(replay_filter, 1 << idx) || idx == IOFD_TIMING) {
if (open_io_fd(path, plen, io_fnames[idx], &io_fds[idx]) == -1)
- error(1, _("unable to open %s"), path);
+ fatal(_("unable to open %s"), path);
}
}
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESETHAND;
- sa.sa_handler = cleanup;
+ sa.sa_handler = sudoreplay_handler;
(void) sigaction(SIGINT, &sa, NULL);
(void) sigaction(SIGKILL, &sa, NULL);
(void) sigaction(SIGTERM, &sa, NULL);
if (ch != -1)
(void) fcntl(STDIN_FILENO, F_SETFL, ch | O_NONBLOCK);
if (!term_raw(STDIN_FILENO, 1))
- error(1, _("unable to set tty to raw mode"));
- iovcnt = 0;
+ fatal(_("unable to set tty to raw mode"));
iovmax = 32;
iov = ecalloc(iovmax, sizeof(*iov));
}
char last_char = '\0';
if (!parse_timing(buf, decimal, &idx, &seconds, &nbytes))
- errorx(1, _("invalid timing file line: %s"), buf);
+ fatalx(_("invalid timing file line: %s"), buf);
if (interactive)
check_input(STDIN_FILENO, &speed);
iovcnt = 1;
}
if (atomic_writev(STDOUT_FILENO, iov, iovcnt) == -1)
- error(1, _("writing to standard output"));
+ fatal(_("writing to standard output"));
}
}
term_restore(STDIN_FILENO, 1);
rval = nanosleep(&ts, &rts);
} while (rval == -1 && errno == EINTR);
if (rval == -1) {
- error2(1, _("nanosleep: tv_sec %ld, tv_nsec %ld"),
- (long)ts.tv_sec, (long)ts.tv_nsec);
+ fatal_nodebug("nanosleep: tv_sec %lld, tv_nsec %ld",
+ (long long)ts.tv_sec, (long)ts.tv_nsec);
}
}
continue;
case 'c': /* command */
if (av[0][1] == '\0')
- errorx(1, _("ambiguous expression \"%s\""), *av);
+ fatalx(_("ambiguous expression \"%s\""), *av);
if (strncmp(*av, "cwd", strlen(*av)) == 0)
type = ST_CWD;
else if (strncmp(*av, "command", strlen(*av)) == 0)
break;
case 't': /* tty or to date */
if (av[0][1] == '\0')
- errorx(1, _("ambiguous expression \"%s\""), *av);
+ fatalx(_("ambiguous expression \"%s\""), *av);
if (strncmp(*av, "todate", strlen(*av)) == 0)
type = ST_TODATE;
else if (strncmp(*av, "tty", strlen(*av)) == 0)
if (av[0][1] != '\0')
goto bad;
if (stack_top + 1 == STACK_NODE_SIZE) {
- errorx(1, _("too many parenthesized expressions, max %d"),
+ fatalx(_("too many parenthesized expressions, max %d"),
STACK_NODE_SIZE);
}
node_stack[stack_top++] = sn;
goto bad;
/* pop */
if (--stack_top < 0)
- errorx(1, _("unmatched ')' in expression"));
+ fatalx(_("unmatched ')' in expression"));
if (node_stack[stack_top])
sn->next = node_stack[stack_top]->next;
debug_return_int(av - argv + 1);
bad:
default:
- errorx(1, _("unknown search term \"%s\""), *av);
+ fatalx(_("unknown search term \"%s\""), *av);
/* NOTREACHED */
}
av += parse_expr(&newsn->u.expr, av + 1);
} else {
if (*(++av) == NULL)
- errorx(1, _("%s requires an argument"), av[-1]);
+ fatalx(_("%s requires an argument"), av[-1]);
#ifdef HAVE_REGCOMP
if (type == ST_PATTERN) {
if (regcomp(&newsn->u.cmdre, *av, REG_EXTENDED|REG_NOSUB) != 0)
- errorx(1, _("invalid regular expression: %s"), *av);
+ fatalx(_("invalid regular expression: %s"), *av);
} else
#endif
if (type == ST_TODATE || type == ST_FROMDATE) {
newsn->u.tstamp = get_date(*av);
if (newsn->u.tstamp == -1)
- errorx(1, _("could not parse date \"%s\""), *av);
+ fatalx(_("could not parse date \"%s\""), *av);
} else {
newsn->u.ptr = *av;
}
sn = newsn;
}
if (stack_top)
- errorx(1, _("unmatched '(' in expression"));
+ fatalx(_("unmatched '(' in expression"));
if (or)
- errorx(1, _("illegal trailing \"or\""));
+ fatalx(_("illegal trailing \"or\""));
if (not)
- errorx(1, _("illegal trailing \"!\""));
+ fatalx(_("illegal trailing \"!\""));
debug_return_int(av - argv);
}
if (rc && rc != REG_NOMATCH) {
char buf[BUFSIZ];
regerror(rc, &sn->u.cmdre, buf, sizeof(buf));
- errorx(1, "%s", buf);
+ fatalx("%s", buf);
}
matched = rc == REG_NOMATCH ? 0 : 1;
#else
return strcmp(s1, s2);
}
-/* XXX - always returns 0, calls error() on failure */
+/* XXX - always returns 0, calls fatal() on failure */
static int
find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty)
{
d = opendir(dir);
if (d == NULL)
- error(1, _("unable to open %s"), dir);
+ fatal(_("unable to open %s"), dir);
/* XXX - would be faster to chdir and use relative names */
sdlen = strlcpy(pathbuf, dir, sizeof(pathbuf));
if (sdlen + 1 >= sizeof(pathbuf)) {
errno = ENAMETOOLONG;
- error(1, "%s/", dir);
+ fatal("%s/", dir);
}
pathbuf[sdlen++] = '/';
pathbuf[sdlen] = '\0';
"%s/log", sessions[i]);
if (len <= 0 || len >= sizeof(pathbuf) - sdlen) {
errno = ENAMETOOLONG;
- error(1, "%s/%s/log", dir, sessions[i]);
+ fatal("%s/%s/log", dir, sessions[i]);
}
efree(sessions[i]);
debug_return_int(0);
}
-/* XXX - always returns 0, calls error() on failure */
+/* XXX - always returns 0, calls fatal() on failure */
static int
list_sessions(int argc, char **argv, const char *pattern, const char *user,
const char *tty)
if (pattern) {
re = &rebuf;
if (regcomp(re, pattern, REG_EXTENDED|REG_NOSUB) != 0)
- errorx(1, _("invalid regex: %s"), pattern);
+ fatalx(_("invalid regular expression: %s"), pattern);
}
#else
re = (char *) pattern;
}
/*
- * Cleanup hook for error()/errorx()
+ * Cleanup hook for fatal()/fatalx()
*/
-void
-cleanup(int signo)
+static void
+sudoreplay_cleanup(void)
+{
+ term_restore(STDIN_FILENO, 0);
+}
+
+/*
+ * Signal handler for SIGINT, SIGKILL, SIGTERM, SIGHUP
+ * Must be installed with SA_RESETHAND enabled.
+ */
+static void
+sudoreplay_handler(int signo)
{
term_restore(STDIN_FILENO, 0);
- if (signo)
- kill(getpid(), signo);
+ kill(getpid(), signo);
}
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
-#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <errno.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <netdb.h>
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#include "tsgetgrpw.h"
#include "sudoers.h"
void print_privilege(struct privilege *);
void print_userspecs(void);
void usage(void) __attribute__((__noreturn__));
-void cleanup(int);
static void set_runaspw(const char *);
static void set_runasgr(const char *);
static int cb_runas_default(const char *);
-static int testsudoers_printf(int msg_type, const char *fmt, ...);
static int testsudoers_print(const char *msg);
extern void setgrfile(const char *);
/*
* Globals
*/
-struct interface *interfaces;
struct sudo_user sudo_user;
struct passwd *list_pw;
static char *runas_group, *runas_user;
extern int errorlineno;
extern bool parse_error;
extern char *errorfile;
-sudo_printf_t sudo_printf = testsudoers_printf;
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
/* For getopt(3) */
extern char *optarg;
extern char *malloc_options;
#endif
#ifdef YYDEBUG
-extern int yydebug;
+extern int sudoersdebug;
#endif
+__dso_public int main(int argc, char *argv[]);
+
int
main(int argc, char *argv[])
{
struct privilege *priv;
struct userspec *us;
char *p, *grfile, *pwfile;
- char hbuf[MAXHOSTNAMELEN + 1];
+ char hbuf[HOST_NAME_MAX + 1];
int match, host_match, runas_match, cmnd_match;
int ch, dflag, exitcode = 0;
debug_decl(main, SUDO_DEBUG_MAIN)
malloc_options = "AFGJPR";
#endif
#ifdef YYDEBUG
- yydebug = 1;
+ sudoersdebug = 1;
#endif
#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
setprogname(argc > 0 ? argv[0] : "testsudoers");
#endif
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, "");
-#endif
+ sudoers_setlocale(SUDOERS_LOCALE_USER, NULL);
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have own domain */
textdomain("sudoers");
/* Read sudo.conf. */
- sudo_conf_read();
+ sudo_conf_read(NULL);
dflag = 0;
grfile = pwfile = NULL;
argc -= 2;
}
if ((sudo_user.pw = sudo_getpwnam(user_name)) == NULL)
- errorx(1, _("unknown user: %s"), user_name);
+ fatalx(_("unknown user: %s"), user_name);
if (user_host == NULL) {
if (gethostname(hbuf, sizeof(hbuf)) != 0)
- error(1, "gethostname");
+ fatal("gethostname");
hbuf[sizeof(hbuf) - 1] = '\0';
user_host = hbuf;
}
for (to = user_args, from = argv; *from; from++) {
n = strlcpy(to, *from, size - (to - user_args));
if (n >= size - (to - user_args))
- errorx(1, _("internal error, %s overflow"), "init_vars()");
+ fatalx(_("internal error, %s overflow"), "init_vars()");
to += n;
*to++ = ' ';
}
/* Allocate space for data structures in the parser. */
init_parser("sudoers", false);
- if (yyparse() != 0 || parse_error) {
+ if (sudoersparse() != 0 || parse_error) {
parse_error = true;
if (errorlineno != -1)
(void) printf("Parse error in %s near line %d",
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
} else {
if ((runas_pw = sudo_getpwnam(user)) == NULL)
- errorx(1, _("unknown user: %s"), user);
+ fatalx(_("unknown user: %s"), user);
}
debug_return;
runas_gr = sudo_fakegrnam(group);
} else {
if ((runas_gr = sudo_getgrnam(group)) == NULL)
- errorx(1, _("unknown group: %s"), group);
+ fatalx(_("unknown group: %s"), group);
}
debug_return;
return;
}
-void
-set_fqdn(void)
-{
- return;
-}
-
FILE *
open_sudoers(const char *sudoers, bool doedit, bool *keepopen)
{
{
}
-void
-cleanup(int gotsignal)
-{
- if (!gotsignal) {
- sudo_endpwent();
- sudo_endgrent();
- }
-}
-
void
print_member(struct member *m)
{
print_member(m);
}
fputs(" = ", stdout);
- tags.nopasswd = tags.noexec = UNSPEC;
+ tags.nopasswd = UNSPEC;
+ tags.noexec = UNSPEC;
tq_foreach_fwd(&p->cmndlist, cs) {
if (cs != tq_first(&p->cmndlist))
fputs(", ", stdout);
debug_return;
}
-static int
-testsudoers_printf(int msg_type, const char *fmt, ...)
-{
- va_list ap;
- FILE *fp;
- debug_decl(testsudoers_printf, SUDO_DEBUG_UTIL)
-
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- fp = stdout;
- break;
- case SUDO_CONV_ERROR_MSG:
- fp = stderr;
- break;
- default:
- errno = EINVAL;
- debug_return_int(-1);
- }
-
- va_start(ap, fmt);
- vfprintf(fp, fmt, ap);
- va_end(ap);
-
- debug_return_int(0);
-}
-
void
dump_sudoers(void)
{
--- /dev/null
+/*
+ * Copyright (c) 1993-1996,1998-2005, 2007-2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#ifndef __TANDEM
+# include <sys/file.h>
+#endif
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudoers.h"
+#include "check.h"
+
+static struct sudo_tty_info tty_info;
+static char timestampdir[PATH_MAX];
+static char timestampfile[PATH_MAX];
+
+/*
+ * Fills in timestampdir as well as timestampfile if using tty tickets.
+ */
+int
+build_timestamp(struct passwd *pw)
+{
+ char *dirparent;
+ struct stat sb;
+ int len;
+ debug_decl(build_timestamp, SUDO_DEBUG_AUTH)
+
+ /* Stash the tty's device, session ID and ctime for ticket comparison. */
+ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
+ tty_info.dev = sb.st_dev;
+ tty_info.ino = sb.st_ino;
+ tty_info.rdev = sb.st_rdev;
+ tty_info.uid = sb.st_uid;
+ tty_info.gid = sb.st_gid;
+ tty_info.sid = user_sid;
+ }
+
+ dirparent = def_timestampdir;
+ timestampfile[0] = '\0';
+ len = snprintf(timestampdir, sizeof(timestampdir), "%s/%s", dirparent,
+ user_name);
+ if (len <= 0 || len >= sizeof(timestampdir))
+ goto bad;
+
+ /*
+ * Timestamp file may be a file in the directory or NUL to use
+ * the directory as the timestamp.
+ */
+ if (def_tty_tickets) {
+ char *p;
+
+ if ((p = strrchr(user_tty, '/')))
+ p++;
+ else
+ p = user_tty;
+ if (def_targetpw)
+ len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s:%s",
+ dirparent, user_name, p, runas_pw->pw_name);
+ else
+ len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s",
+ dirparent, user_name, p);
+ if (len <= 0 || len >= sizeof(timestampfile))
+ goto bad;
+ } else if (def_targetpw) {
+ len = snprintf(timestampfile, sizeof(timestampfile), "%s/%s/%s",
+ dirparent, user_name, runas_pw->pw_name);
+ if (len <= 0 || len >= sizeof(timestampfile))
+ goto bad;
+ }
+ sudo_debug_printf(SUDO_DEBUG_INFO, "using timestamp file %s", timestampfile);
+
+ debug_return_int(len);
+bad:
+ log_fatal(0, N_("timestamp path too long: %s"),
+ *timestampfile ? timestampfile : timestampdir);
+ /* NOTREACHED */
+ debug_return_int(-1);
+}
+
+/*
+ * Update the time on the timestamp file/dir or create it if necessary.
+ */
+bool
+update_timestamp(struct passwd *pw)
+{
+ debug_decl(update_timestamp, SUDO_DEBUG_AUTH)
+
+ /* If using tty timestamps but we have no tty there is nothing to do. */
+ if (def_tty_tickets && !user_ttypath)
+ debug_return_bool(false);
+
+ if (timestamp_uid != 0)
+ set_perms(PERM_TIMESTAMP);
+ if (*timestampfile) {
+ /*
+ * Store tty info in timestamp file
+ */
+ int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
+ if (fd == -1)
+ log_warning(USE_ERRNO, N_("unable to open %s"), timestampfile);
+ else {
+ lock_file(fd, SUDO_LOCK);
+ if (write(fd, &tty_info, sizeof(tty_info)) != sizeof(tty_info))
+ log_warning(USE_ERRNO, N_("unable to write to %s"), timestampfile);
+ close(fd);
+ }
+ } else {
+ if (touch(-1, timestampdir, NULL) == -1) {
+ if (mkdir(timestampdir, 0700) == -1) {
+ log_warning(USE_ERRNO, N_("unable to mkdir %s"),
+ timestampdir);
+ }
+ }
+ }
+ if (timestamp_uid != 0)
+ restore_perms();
+ debug_return_bool(true);
+}
+
+/*
+ * Check the timestamp file and directory and return their status.
+ */
+static int
+timestamp_status_internal(bool removing)
+{
+ struct stat sb;
+ struct timeval boottime, mtime;
+ time_t now;
+ char *dirparent = def_timestampdir;
+ int status = TS_ERROR; /* assume the worst */
+ debug_decl(timestamp_status_internal, SUDO_DEBUG_AUTH)
+
+ if (timestamp_uid != 0)
+ set_perms(PERM_TIMESTAMP);
+
+ /*
+ * Sanity check dirparent and make it if it doesn't already exist.
+ * We start out assuming the worst (that the dir is not sane) and
+ * if it is ok upgrade the status to ``no timestamp file''.
+ * Note that we don't check the parent(s) of dirparent for
+ * sanity since the sudo dir is often just located in /tmp.
+ */
+ if (lstat(dirparent, &sb) == 0) {
+ if (!S_ISDIR(sb.st_mode))
+ log_warning(0, N_("%s exists but is not a directory (0%o)"),
+ dirparent, (unsigned int) sb.st_mode);
+ else if (sb.st_uid != timestamp_uid)
+ log_warning(0, N_("%s owned by uid %u, should be uid %u"),
+ dirparent, (unsigned int) sb.st_uid,
+ (unsigned int) timestamp_uid);
+ else if ((sb.st_mode & 0000022))
+ log_warning(0,
+ N_("%s writable by non-owner (0%o), should be mode 0700"),
+ dirparent, (unsigned int) sb.st_mode);
+ else {
+ if ((sb.st_mode & 0000777) != 0700)
+ (void) chmod(dirparent, 0700);
+ status = TS_MISSING;
+ }
+ } else if (errno != ENOENT) {
+ log_warning(USE_ERRNO, N_("unable to stat %s"), dirparent);
+ } else {
+ /* No dirparent, try to make one. */
+ if (!removing) {
+ if (mkdir(dirparent, S_IRWXU))
+ log_warning(USE_ERRNO, N_("unable to mkdir %s"),
+ dirparent);
+ else
+ status = TS_MISSING;
+ }
+ }
+ if (status == TS_ERROR)
+ goto done;
+
+ /*
+ * Sanity check the user's ticket dir. We start by downgrading
+ * the status to TS_ERROR. If the ticket dir exists and is sane
+ * this will be upgraded to TS_OLD. If the dir does not exist,
+ * it will be upgraded to TS_MISSING.
+ */
+ status = TS_ERROR; /* downgrade status again */
+ if (lstat(timestampdir, &sb) == 0) {
+ if (!S_ISDIR(sb.st_mode)) {
+ if (S_ISREG(sb.st_mode)) {
+ /* convert from old style */
+ if (unlink(timestampdir) == 0)
+ status = TS_MISSING;
+ } else
+ log_warning(0, N_("%s exists but is not a directory (0%o)"),
+ timestampdir, (unsigned int) sb.st_mode);
+ } else if (sb.st_uid != timestamp_uid)
+ log_warning(0, N_("%s owned by uid %u, should be uid %u"),
+ timestampdir, (unsigned int) sb.st_uid,
+ (unsigned int) timestamp_uid);
+ else if ((sb.st_mode & 0000022))
+ log_warning(0,
+ N_("%s writable by non-owner (0%o), should be mode 0700"),
+ timestampdir, (unsigned int) sb.st_mode);
+ else {
+ if ((sb.st_mode & 0000777) != 0700)
+ (void) chmod(timestampdir, 0700);
+ status = TS_OLD; /* do date check later */
+ }
+ } else if (errno != ENOENT) {
+ log_warning(USE_ERRNO, N_("unable to stat %s"), timestampdir);
+ } else
+ status = TS_MISSING;
+
+ /*
+ * If there is no user ticket dir, AND we are in tty ticket mode,
+ * AND we are not just going to remove it, create the user ticket dir.
+ */
+ if (status == TS_MISSING && *timestampfile && !removing) {
+ if (mkdir(timestampdir, S_IRWXU) == -1) {
+ status = TS_ERROR;
+ log_warning(USE_ERRNO, N_("unable to mkdir %s"), timestampdir);
+ }
+ }
+
+ /*
+ * Sanity check the tty ticket file if it exists.
+ */
+ if (*timestampfile && status != TS_ERROR) {
+ if (status != TS_MISSING)
+ status = TS_NOFILE; /* dir there, file missing */
+ if (def_tty_tickets && !user_ttypath)
+ goto done; /* no tty, always prompt */
+ if (lstat(timestampfile, &sb) == 0) {
+ if (!S_ISREG(sb.st_mode)) {
+ status = TS_ERROR;
+ log_warning(0, N_("%s exists but is not a regular file (0%o)"),
+ timestampfile, (unsigned int) sb.st_mode);
+ } else {
+ /* If bad uid or file mode, complain and kill the bogus file. */
+ if (sb.st_uid != timestamp_uid) {
+ log_warning(0,
+ N_("%s owned by uid %u, should be uid %u"),
+ timestampfile, (unsigned int) sb.st_uid,
+ (unsigned int) timestamp_uid);
+ (void) unlink(timestampfile);
+ } else if ((sb.st_mode & 0000022)) {
+ log_warning(0,
+ N_("%s writable by non-owner (0%o), should be mode 0600"),
+ timestampfile, (unsigned int) sb.st_mode);
+ (void) unlink(timestampfile);
+ } else {
+ /* If not mode 0600, fix it. */
+ if ((sb.st_mode & 0000777) != 0600)
+ (void) chmod(timestampfile, 0600);
+
+ /*
+ * Check for stored tty info. If the file is zero-sized
+ * it is an old-style timestamp with no tty info in it.
+ * If removing, we don't care about the contents.
+ * The actual mtime check is done later.
+ */
+ if (removing) {
+ status = TS_OLD;
+ } else if (sb.st_size != 0) {
+ struct sudo_tty_info info;
+ int fd = open(timestampfile, O_RDONLY, 0644);
+ if (fd != -1) {
+ if (read(fd, &info, sizeof(info)) == sizeof(info) &&
+ memcmp(&info, &tty_info, sizeof(info)) == 0) {
+ status = TS_OLD;
+ }
+ close(fd);
+ }
+ }
+ }
+ }
+ } else if (errno != ENOENT) {
+ log_warning(USE_ERRNO, N_("unable to stat %s"), timestampfile);
+ status = TS_ERROR;
+ }
+ }
+
+ /*
+ * If the file/dir exists and we are not removing it, check its mtime.
+ */
+ if (status == TS_OLD && !removing) {
+ mtim_get(&sb, &mtime);
+ if (timevalisset(&mtime)) {
+ /* Negative timeouts only expire manually (sudo -k). */
+ if (def_timestamp_timeout < 0) {
+ status = TS_CURRENT;
+ } else {
+ time(&now);
+ if (def_timestamp_timeout &&
+ now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+ /*
+ * Check for bogus time on the stampfile. The clock may
+ * have been set back or user could be trying to spoof us.
+ */
+ if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+ time_t tv_sec = (time_t)mtime.tv_sec;
+ log_warning(0,
+ N_("timestamp too far in the future: %20.20s"),
+ 4 + ctime(&tv_sec));
+ if (*timestampfile)
+ (void) unlink(timestampfile);
+ else
+ (void) rmdir(timestampdir);
+ status = TS_MISSING;
+ } else if (get_boottime(&boottime) &&
+ timevalcmp(&mtime, &boottime, <)) {
+ status = TS_OLD;
+ } else {
+ status = TS_CURRENT;
+ }
+ }
+ }
+ }
+ }
+
+done:
+ if (timestamp_uid != 0)
+ restore_perms();
+ debug_return_int(status);
+}
+
+int
+timestamp_status(struct passwd *pw)
+{
+ return timestamp_status_internal(false);
+}
+
+/*
+ * Remove the timestamp ticket file/dir.
+ */
+void
+remove_timestamp(bool remove)
+{
+ struct timeval tv;
+ char *path;
+ int status;
+ debug_decl(remove_timestamp, SUDO_DEBUG_AUTH)
+
+ if (build_timestamp(NULL) == -1)
+ debug_return;
+
+ status = timestamp_status_internal(true);
+ if (status != TS_MISSING && status != TS_ERROR) {
+ path = *timestampfile ? timestampfile : timestampdir;
+ if (remove) {
+ if (*timestampfile)
+ status = unlink(timestampfile);
+ else
+ status = rmdir(timestampdir);
+ if (status == -1 && errno != ENOENT) {
+ log_warning(0,
+ N_("unable to remove %s, will reset to the epoch"), path);
+ remove = false;
+ }
+ }
+ if (!remove) {
+ timevalclear(&tv);
+ if (touch(-1, path, &tv) == -1 && errno != ENOENT)
+ fatal(_("unable to reset %s to the epoch"), path);
+ }
+ }
+
+ debug_return;
+}
+
+/*
+ * Lecture status is currently implied by the timestamp status but
+ * may be stored separately in a future release.
+ */
+bool
+set_lectured(void)
+{
+ return true;
+}
#include <config.h>
+#define yy_create_buffer sudoers_create_buffer
+#define yy_delete_buffer sudoers_delete_buffer
+#define yy_scan_buffer sudoers_scan_buffer
+#define yy_scan_string sudoers_scan_string
+#define yy_scan_bytes sudoers_scan_bytes
+#define yy_flex_debug sudoers_flex_debug
+#define yy_init_buffer sudoers_init_buffer
+#define yy_flush_buffer sudoers_flush_buffer
+#define yy_load_buffer_state sudoers_load_buffer_state
+#define yy_switch_to_buffer sudoers_switch_to_buffer
+#define yyin sudoersin
+#define yyleng sudoersleng
+#define yylex sudoerslex
+#define yyout sudoersout
+#define yyrestart sudoersrestart
+#define yytext sudoerstext
+
/* $OpenBSD: flex.skl,v 1.11 2010/08/04 18:24:50 millert Exp $ */
/* A lexical scanner generated by flex */
*yy_cp = '\0'; \
yy_c_buf_p = yy_cp;
-#define YY_NUM_RULES 61
-#define YY_END_OF_BUFFER 62
-static yyconst short int yy_accept[622] =
+#define YY_NUM_RULES 67
+#define YY_END_OF_BUFFER 68
+static yyconst short int yy_accept[814] =
{ 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 62, 49, 57, 56, 55, 48, 60, 32,
- 50, 51, 32, 52, 49, 49, 49, 49, 54, 53,
- 60, 44, 44, 44, 44, 44, 44, 44, 44, 44,
- 44, 60, 49, 49, 57, 60, 44, 44, 44, 44,
- 44, 2, 60, 1, 49, 44, 44, 49, 17, 16,
- 17, 16, 16, 60, 60, 60, 3, 9, 8, 9,
- 4, 9, 5, 60, 13, 13, 13, 11, 12, 49,
- 0, 57, 55, 0, 59, 0, 49, 34, 0, 32,
- 0, 33, 0, 47, 47, 0, 49, 49, 0, 49,
-
- 49, 49, 49, 0, 37, 44, 44, 44, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 49, 58, 49,
- 57, 0, 0, 0, 0, 0, 0, 49, 49, 49,
- 49, 49, 2, 1, 0, 1, 45, 45, 0, 49,
- 17, 17, 15, 14, 15, 0, 0, 3, 9, 0,
- 6, 7, 9, 9, 13, 0, 13, 13, 0, 10,
- 0, 0, 0, 34, 34, 0, 0, 49, 49, 49,
- 49, 49, 0, 0, 37, 37, 44, 39, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 44, 44, 44,
- 49, 0, 0, 0, 0, 0, 0, 49, 49, 49,
-
- 49, 49, 0, 49, 10, 0, 49, 49, 49, 49,
- 49, 49, 0, 38, 38, 38, 0, 0, 37, 37,
- 37, 37, 37, 37, 37, 44, 44, 44, 44, 44,
- 44, 44, 44, 44, 44, 40, 44, 41, 49, 0,
- 0, 0, 0, 0, 0, 49, 49, 49, 49, 49,
- 49, 49, 0, 0, 38, 38, 38, 0, 37, 37,
- 0, 37, 37, 37, 37, 37, 37, 37, 37, 37,
- 37, 37, 0, 25, 44, 44, 44, 44, 44, 44,
- 44, 44, 42, 44, 49, 0, 0, 0, 0, 49,
- 49, 49, 49, 49, 49, 49, 49, 0, 38, 0,
-
- 37, 37, 37, 0, 0, 0, 37, 37, 37, 37,
- 37, 37, 37, 37, 37, 37, 37, 37, 37, 44,
- 44, 44, 44, 44, 44, 44, 44, 44, 49, 0,
- 0, 0, 49, 49, 49, 35, 35, 35, 0, 0,
- 37, 37, 37, 37, 37, 37, 37, 0, 0, 0,
- 0, 0, 37, 37, 37, 37, 37, 37, 37, 37,
- 37, 37, 37, 37, 37, 37, 44, 44, 44, 0,
- 24, 44, 44, 44, 44, 0, 23, 0, 26, 49,
- 0, 0, 0, 49, 49, 49, 49, 35, 35, 35,
- 35, 0, 37, 0, 37, 37, 37, 37, 37, 37,
-
- 37, 37, 37, 37, 37, 0, 0, 0, 37, 37,
- 37, 37, 37, 37, 37, 37, 37, 37, 37, 37,
- 37, 44, 44, 44, 44, 44, 44, 44, 46, 0,
- 0, 0, 49, 20, 45, 36, 36, 36, 36, 37,
- 0, 0, 0, 37, 37, 37, 37, 37, 37, 37,
- 37, 37, 37, 37, 37, 37, 0, 0, 0, 0,
- 0, 37, 37, 37, 37, 37, 37, 37, 37, 44,
- 44, 44, 44, 44, 0, 22, 0, 27, 0, 20,
- 0, 0, 49, 0, 49, 49, 49, 36, 36, 36,
- 36, 0, 0, 0, 0, 0, 37, 37, 37, 37,
+ 0, 0, 0, 0, 68, 55, 63, 62, 61, 54,
+ 66, 34, 56, 57, 34, 58, 55, 55, 55, 55,
+ 60, 59, 66, 46, 46, 46, 46, 46, 46, 46,
+ 46, 46, 46, 66, 55, 55, 63, 66, 46, 46,
+ 46, 46, 46, 2, 66, 1, 55, 46, 46, 55,
+ 17, 16, 17, 16, 16, 66, 66, 66, 3, 9,
+ 8, 9, 4, 9, 5, 66, 13, 13, 13, 11,
+ 12, 66, 19, 19, 18, 18, 18, 19, 18, 18,
+ 18, 19, 19, 19, 19, 19, 18, 19, 19, 55,
+
+ 0, 63, 61, 0, 65, 0, 55, 36, 0, 34,
+ 0, 35, 0, 53, 53, 0, 55, 55, 0, 55,
+ 55, 55, 55, 0, 39, 46, 46, 46, 46, 46,
+ 46, 46, 46, 46, 46, 46, 46, 55, 64, 55,
+ 55, 63, 0, 0, 0, 0, 0, 0, 55, 55,
+ 55, 55, 55, 2, 1, 0, 1, 47, 47, 0,
+ 55, 17, 17, 15, 14, 15, 0, 0, 3, 9,
+ 0, 6, 7, 9, 9, 13, 0, 13, 13, 0,
+ 10, 36, 0, 0, 35, 19, 19, 0, 19, 0,
+ 0, 18, 18, 18, 18, 18, 18, 19, 19, 46,
+
+ 19, 19, 19, 19, 19, 19, 19, 0, 0, 0,
+ 36, 55, 55, 55, 55, 55, 0, 0, 39, 39,
+ 46, 41, 46, 46, 46, 46, 46, 46, 46, 46,
+ 46, 46, 46, 46, 55, 55, 0, 0, 0, 0,
+ 0, 0, 55, 55, 55, 55, 55, 0, 55, 10,
+ 0, 0, 0, 18, 18, 18, 19, 19, 19, 19,
+ 19, 19, 19, 19, 19, 19, 19, 0, 55, 55,
+ 55, 55, 55, 55, 0, 40, 40, 40, 0, 0,
+ 39, 39, 39, 39, 39, 39, 39, 46, 46, 46,
+ 46, 46, 46, 46, 46, 46, 46, 42, 46, 43,
+
+ 55, 55, 55, 55, 0, 0, 0, 0, 0, 0,
+ 55, 55, 55, 55, 0, 0, 0, 0, 0, 18,
+ 18, 19, 46, 19, 19, 19, 19, 19, 19, 19,
+ 19, 19, 19, 55, 55, 55, 0, 0, 40, 40,
+ 40, 0, 39, 39, 0, 39, 39, 39, 39, 39,
+ 39, 39, 39, 39, 39, 39, 0, 27, 46, 46,
+ 46, 46, 46, 46, 46, 46, 44, 46, 55, 55,
+ 55, 55, 55, 0, 0, 0, 0, 55, 55, 55,
+ 0, 0, 0, 18, 18, 46, 46, 19, 19, 19,
+ 19, 19, 19, 19, 19, 19, 19, 19, 55, 55,
+
+ 55, 55, 55, 0, 40, 0, 39, 39, 39, 0,
+ 0, 0, 39, 39, 39, 39, 39, 39, 39, 39,
+ 39, 39, 39, 39, 39, 46, 46, 46, 46, 46,
+ 46, 46, 46, 46, 48, 49, 50, 51, 55, 0,
+ 0, 0, 55, 55, 55, 0, 0, 0, 0, 0,
+ 46, 46, 19, 46, 19, 19, 19, 19, 19, 19,
+ 19, 19, 19, 37, 37, 37, 0, 0, 39, 39,
+ 39, 39, 39, 39, 39, 0, 0, 0, 0, 0,
+ 39, 39, 39, 39, 39, 39, 39, 39, 39, 39,
+ 39, 39, 39, 39, 46, 46, 46, 0, 26, 46,
+
+ 46, 46, 46, 0, 25, 0, 28, 55, 0, 0,
+ 0, 55, 55, 55, 37, 37, 37, 46, 46, 46,
+ 46, 19, 19, 19, 55, 37, 37, 37, 37, 0,
+ 39, 0, 39, 39, 39, 39, 39, 39, 39, 39,
+ 39, 39, 39, 0, 0, 0, 39, 39, 39, 39,
+ 39, 39, 39, 39, 39, 39, 39, 39, 39, 46,
+ 46, 46, 46, 46, 46, 46, 52, 0, 0, 0,
+ 55, 22, 47, 0, 37, 37, 37, 37, 46, 46,
+ 46, 46, 19, 19, 19, 38, 38, 38, 38, 39,
+ 0, 0, 0, 39, 39, 39, 39, 39, 39, 39,
+
+ 39, 39, 39, 39, 39, 39, 0, 0, 0, 0,
+ 0, 39, 39, 39, 39, 39, 39, 39, 39, 46,
+ 46, 46, 46, 46, 0, 24, 0, 29, 0, 22,
+ 0, 0, 55, 0, 55, 38, 38, 38, 38, 46,
+ 46, 46, 46, 55, 55, 38, 38, 38, 38, 0,
+ 0, 0, 0, 0, 39, 39, 39, 39, 39, 39,
+ 39, 39, 39, 39, 39, 39, 39, 39, 39, 39,
+ 39, 39, 39, 39, 45, 0, 32, 46, 46, 46,
+ 0, 0, 0, 20, 0, 23, 22, 0, 0, 0,
+ 0, 0, 22, 0, 0, 0, 38, 38, 38, 38,
+
+ 46, 46, 46, 55, 55, 55, 0, 0, 0, 39,
+ 39, 39, 39, 39, 39, 39, 39, 39, 39, 39,
+ 39, 39, 39, 39, 39, 39, 39, 0, 30, 46,
+ 46, 23, 0, 0, 22, 0, 0, 0, 46, 46,
+ 55, 55, 55, 55, 55, 0, 0, 0, 0, 0,
+ 39, 39, 39, 39, 39, 39, 39, 39, 0, 33,
+ 46, 0, 0, 0, 0, 0, 0, 46, 55, 55,
+ 55, 39, 39, 39, 39, 39, 39, 0, 31, 0,
+ 0, 21, 0, 0, 0, 55, 55, 55, 55, 55,
+ 39, 39, 39, 39, 39, 0, 0, 0, 0, 0,
37, 37, 37, 37, 37, 37, 37, 37, 37, 37,
- 37, 37, 37, 37, 37, 37, 43, 0, 30, 44,
- 44, 44, 0, 0, 0, 18, 0, 21, 20, 0,
- 0, 0, 0, 0, 20, 0, 49, 49, 49, 0,
- 0, 0, 37, 37, 37, 37, 37, 37, 37, 37,
- 37, 37, 37, 37, 37, 37, 37, 37, 37, 37,
- 0, 28, 44, 44, 21, 0, 0, 20, 49, 49,
- 49, 49, 49, 0, 0, 0, 0, 0, 37, 37,
- 37, 37, 37, 37, 37, 37, 0, 31, 44, 0,
- 49, 49, 49, 37, 37, 37, 37, 37, 37, 0,
-
- 29, 0, 0, 19, 49, 49, 49, 49, 49, 37,
- 37, 37, 37, 37, 35, 35, 35, 35, 35, 35,
- 0
+ 37, 37, 0
} ;
static yyconst int yy_ec[256] =
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 2, 4, 5, 6, 1, 7, 1, 1, 8,
9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
- 19, 20, 21, 22, 22, 22, 23, 24, 1, 1,
- 25, 26, 10, 27, 28, 29, 30, 31, 32, 29,
- 33, 34, 35, 36, 36, 37, 38, 39, 40, 41,
- 36, 42, 43, 44, 45, 46, 47, 48, 49, 36,
- 10, 50, 10, 1, 51, 1, 52, 53, 54, 55,
-
- 56, 57, 58, 58, 59, 58, 58, 60, 61, 62,
- 63, 58, 58, 64, 65, 66, 67, 58, 58, 58,
- 58, 58, 1, 1, 1, 1, 1, 1, 1, 1,
+ 19, 20, 21, 22, 23, 24, 25, 26, 1, 1,
+ 27, 28, 10, 29, 30, 31, 32, 33, 34, 31,
+ 35, 36, 37, 38, 38, 39, 40, 41, 42, 43,
+ 38, 44, 45, 46, 47, 48, 49, 50, 51, 38,
+ 10, 52, 10, 1, 53, 1, 54, 55, 56, 57,
+
+ 58, 59, 60, 61, 62, 60, 60, 63, 64, 65,
+ 66, 60, 60, 67, 68, 69, 70, 60, 60, 60,
+ 60, 60, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1
} ;
-static yyconst int yy_meta[68] =
+static yyconst int yy_meta[71] =
{ 0,
1, 2, 3, 4, 5, 6, 1, 7, 7, 1,
- 1, 8, 1, 9, 10, 11, 11, 11, 11, 11,
- 11, 11, 11, 12, 13, 7, 1, 11, 11, 11,
- 11, 11, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 14,
- 15, 16, 16, 16, 16, 16, 16, 15, 15, 15,
- 15, 15, 15, 15, 15, 15, 15
+ 8, 9, 10, 11, 12, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 14, 15, 7, 1, 16,
+ 16, 16, 16, 16, 17, 17, 17, 17, 17, 17,
+ 17, 17, 17, 17, 17, 17, 17, 17, 17, 17,
+ 17, 18, 19, 20, 20, 20, 20, 20, 20, 21,
+ 21, 21, 21, 21, 21, 21, 21, 21, 21, 21
} ;
-static yyconst short int yy_base[686] =
+static yyconst short int yy_base[931] =
{ 0,
- 0, 66, 68, 76, 119, 124, 173, 239, 148, 197,
- 82, 90, 2937, 2886, 2933, 3595, 2929, 3595, 165, 65,
- 3595, 3595, 2882, 3595, 130, 293, 173, 146, 2907, 3595,
- 3595, 350, 2893, 42, 402, 41, 2889, 74, 2888, 2895,
- 2876, 458, 197, 57, 219, 482, 38, 207, 2854, 37,
- 2851, 117, 249, 2880, 326, 2841, 2852, 105, 0, 3595,
- 2875, 3595, 0, 469, 424, 143, 0, 2828, 3595, 48,
- 3595, 223, 3595, 155, 2827, 202, 97, 3595, 252, 2817,
- 504, 2855, 2852, 2852, 3595, 258, 504, 312, 526, 201,
- 548, 2796, 557, 528, 2795, 582, 579, 614, 2820, 2829,
-
- 593, 601, 266, 2818, 182, 656, 0, 2796, 2791, 2766,
- 2761, 296, 2727, 2725, 2713, 2696, 2691, 426, 3595, 87,
- 659, 2659, 2663, 2655, 2650, 2651, 257, 196, 318, 276,
- 258, 288, 436, 2694, 631, 2693, 655, 2644, 690, 303,
- 0, 2681, 168, 3595, 3595, 701, 352, 0, 2634, 723,
- 3595, 3595, 2633, 447, 2632, 2676, 467, 461, 433, 2670,
- 2659, 2600, 720, 733, 206, 755, 759, 771, 781, 791,
- 828, 2581, 2570, 870, 453, 913, 955, 0, 2563, 2557,
- 2540, 2523, 2530, 2541, 2536, 2516, 2502, 2496, 2475, 2473,
- 277, 2442, 2436, 2402, 2404, 2407, 477, 436, 2405, 424,
-
- 401, 292, 813, 488, 2454, 2450, 845, 438, 855, 890,
- 756, 465, 2428, 2418, 930, 554, 2409, 2408, 463, 898,
- 999, 939, 972, 1042, 980, 2403, 490, 2378, 500, 2380,
- 2338, 2327, 2325, 2321, 2310, 0, 2305, 0, 508, 2274,
- 2238, 2212, 2211, 2176, 515, 517, 615, 527, 529, 1018,
- 1061, 1086, 2212, 2210, 1026, 2209, 2203, 2171, 2166, 565,
- 1069, 754, 1096, 802, 1123, 0, 1106, 1134, 1151, 1159,
- 1177, 1196, 601, 3595, 2136, 2137, 2127, 2131, 2090, 2090,
- 2084, 2078, 0, 2062, 607, 2056, 2024, 2025, 573, 576,
- 578, 676, 1204, 591, 1221, 1239, 1231, 2064, 2031, 2006,
-
- 2004, 1274, 676, 1256, 1293, 1318, 682, 808, 815, 1301,
- 819, 1328, 0, 1339, 1350, 1367, 1247, 1393, 1377, 1955,
- 1915, 1888, 742, 692, 1884, 1891, 794, 980, 777, 1889,
- 1856, 652, 945, 680, 820, 1411, 1420, 1436, 1842, 1824,
- 1800, 1446, 1473, 1455, 1266, 1515, 1492, 1500, 1809, 1534,
- 1559, 1544, 1009, 1052, 1569, 1571, 1580, 1590, 1601, 0,
- 1612, 1623, 1590, 1463, 1666, 1642, 1762, 1737, 1740, 1108,
- 3595, 1696, 1672, 1662, 1628, 1157, 3595, 1158, 3595, 774,
- 1514, 1500, 730, 1152, 697, 913, 1650, 805, 1686, 1709,
- 1695, 1516, 1500, 1721, 1222, 1730, 1474, 1744, 0, 830,
-
- 1755, 1772, 1571, 1797, 1782, 1816, 1841, 1851, 1284, 1377,
- 1832, 1861, 1861, 1872, 1883, 0, 1894, 1905, 1872, 1824,
- 1924, 1414, 1400, 1375, 1336, 1331, 1159, 1483, 1312, 1274,
- 1260, 1539, 606, 1730, 1238, 1949, 1959, 1969, 1984, 1256,
- 1994, 2004, 2019, 1245, 1535, 1915, 1932, 1950, 2029, 0,
- 874, 2040, 2057, 2065, 2082, 2101, 2109, 1214, 2126, 2136,
- 2146, 1633, 1675, 2154, 924, 966, 2165, 0, 1003, 1092,
- 1731, 1087, 1056, 1052, 2042, 3595, 2063, 3595, 1017, 2147,
- 1126, 624, 1311, 2187, 2192, 2183, 1756, 2193, 2203, 2230,
- 1979, 2238, 992, 2248, 2265, 2275, 830, 811, 1970, 2194,
-
- 2281, 2214, 2291, 0, 1111, 2302, 2319, 2256, 2344, 2329,
- 2362, 2371, 2387, 1807, 813, 1170, 0, 2065, 3595, 2228,
- 738, 713, 680, 731, 1201, 3595, 900, 653, 2409, 2414,
- 2419, 2424, 2418, 2436, 2445, 2446, 2459, 2469, 2480, 2494,
- 2504, 2515, 569, 531, 2215, 2217, 2523, 2221, 2533, 0,
- 1278, 2544, 2561, 2569, 2588, 519, 2597, 2606, 2615, 492,
- 2304, 3595, 2393, 452, 3595, 1416, 2621, 2629, 2637, 1981,
- 2647, 2657, 2672, 2682, 345, 2692, 2707, 2717, 305, 264,
- 2303, 245, 191, 2725, 0, 1477, 2441, 3595, 2444, 1632,
- 2735, 2745, 2755, 2770, 2780, 2790, 90, 0, 92, 2482,
-
- 3595, 100, 1647, 3595, 2798, 1982, 2808, 2818, 2833, 3595,
- 2843, 2853, 2763, 3595, 2868, 2876, 2884, 19, 2892, 2903,
- 3595, 2953, 2969, 2985, 3001, 3017, 3033, 3049, 3065, 3081,
- 3087, 3103, 3119, 1676, 3135, 3151, 3167, 3183, 3199, 3215,
- 3231, 3237, 3244, 3260, 3276, 3282, 3289, 3295, 3301, 3307,
- 3314, 3320, 3326, 3332, 3339, 3347, 3353, 3359, 3365, 3372,
- 3380, 3386, 3392, 3399, 3407, 3413, 3421, 3428, 3436, 3442,
- 3450, 3457, 3465, 3481, 3497, 3513, 3519, 3527, 3534, 3540,
- 3548, 3554, 3562, 3578, 2159
+ 0, 69, 71, 79, 94, 124, 175, 244, 153, 197,
+ 85, 130, 314, 0, 4514, 4461, 4510, 5604, 4507, 5604,
+ 382, 86, 5604, 5604, 4458, 5604, 140, 394, 195, 153,
+ 4483, 5604, 5604, 453, 4383, 43, 508, 37, 4379, 65,
+ 4378, 4385, 4367, 566, 581, 91, 151, 604, 39, 41,
+ 4351, 34, 4348, 117, 4402, 4412, 428, 4371, 4382, 136,
+ 0, 5604, 4407, 5604, 0, 606, 664, 105, 0, 4358,
+ 5604, 115, 5604, 133, 5604, 138, 4357, 152, 171, 5604,
+ 188, 383, 641, 694, 737, 235, 245, 794, 843, 4369,
+ 157, 898, 4365, 4364, 4375, 4370, 944, 0, 206, 4351,
+
+ 266, 4400, 4397, 4397, 5604, 263, 532, 585, 4386, 608,
+ 707, 4346, 829, 648, 4345, 968, 981, 1018, 4359, 4370,
+ 563, 708, 422, 4357, 371, 1062, 1106, 4343, 4347, 4340,
+ 4344, 596, 4333, 4340, 4337, 4329, 4331, 644, 5604, 237,
+ 137, 946, 4309, 4314, 4305, 4300, 4301, 121, 225, 530,
+ 377, 369, 335, 445, 4366, 720, 4365, 931, 4314, 1018,
+ 169, 0, 4361, 160, 5604, 5604, 991, 388, 0, 4312,
+ 638, 5604, 5604, 4311, 661, 4310, 4356, 392, 221, 420,
+ 4358, 653, 665, 1139, 4296, 1145, 0, 1173, 1201, 1210,
+ 1037, 1239, 4333, 1081, 1170, 826, 1288, 1343, 4307, 0,
+
+ 4311, 4309, 899, 4298, 4296, 4287, 4283, 4336, 4335, 1222,
+ 1258, 1389, 1362, 968, 1428, 4323, 4310, 1472, 520, 1517,
+ 1561, 1605, 4303, 4297, 4280, 4282, 4289, 4300, 4295, 4283,
+ 4279, 4292, 4291, 4290, 654, 493, 4258, 4252, 4242, 4244,
+ 4250, 534, 579, 4253, 491, 407, 506, 1413, 626, 4304,
+ 4251, 4239, 1651, 1661, 4227, 1705, 0, 4197, 4164, 4155,
+ 4151, 4151, 4135, 4112, 4111, 811, 4067, 4122, 1749, 378,
+ 0, 0, 1041, 243, 4098, 4097, 1786, 805, 4096, 4095,
+ 623, 1410, 1799, 1447, 1091, 1844, 1890, 4094, 429, 4073,
+ 632, 4084, 4082, 4056, 4054, 4050, 4053, 0, 4046, 0,
+
+ 929, 638, 544, 561, 4022, 4024, 4008, 4022, 4008, 746,
+ 524, 1063, 413, 662, 1491, 4060, 4059, 4058, 1270, 1900,
+ 1944, 763, 904, 4037, 4020, 4009, 4007, 3992, 3988, 818,
+ 3993, 3988, 3912, 1990, 2002, 2014, 3930, 3929, 2024, 3929,
+ 3912, 3911, 3910, 919, 1536, 1003, 1580, 1142, 2037, 0,
+ 1626, 2083, 1680, 1372, 2128, 2174, 764, 5604, 3892, 3877,
+ 3870, 3884, 3862, 3869, 3879, 3879, 0, 3863, 698, 593,
+ 820, 973, 1093, 3857, 3824, 3825, 922, 897, 969, 1097,
+ 3866, 3858, 2186, 2196, 3829, 3807, 3800, 3814, 3778, 3784,
+ 3794, 3793, 3747, 3726, 3716, 3711, 3696, 3656, 2240, 1017,
+
+ 2279, 2291, 1637, 3686, 3662, 3648, 3646, 2301, 1127, 3642,
+ 3641, 2347, 1154, 1205, 1209, 1724, 1761, 2359, 0, 1763,
+ 2405, 1774, 1457, 2450, 2496, 2521, 1024, 1127, 1181, 1190,
+ 1169, 1207, 1224, 1392, 3602, 3584, 3577, 3560, 1240, 3581,
+ 3547, 1313, 1391, 874, 1774, 1821, 3584, 3576, 3569, 1503,
+ 3523, 3519, 869, 1379, 3515, 3511, 949, 1045, 0, 0,
+ 0, 0, 3478, 2577, 1863, 1546, 3510, 3509, 3506, 1919,
+ 2616, 1963, 1590, 2660, 2706, 2056, 3517, 3509, 3487, 1692,
+ 1879, 1979, 2096, 2104, 2147, 2106, 2718, 0, 2217, 2764,
+ 2250, 1734, 2809, 2855, 2880, 2086, 1133, 1088, 5604, 421,
+
+ 2087, 1184, 2088, 1369, 5604, 1370, 5604, 1197, 3418, 3389,
+ 1282, 2127, 1249, 1368, 3442, 3427, 2936, 3386, 3320, 3309,
+ 3295, 2951, 1219, 3272, 3006, 1181, 3044, 0, 1709, 3290,
+ 3263, 2260, 58, 2320, 1774, 3083, 0, 2380, 3129, 2424,
+ 1831, 3173, 3219, 3270, 3265, 3231, 2336, 2462, 2464, 2471,
+ 3256, 2477, 3243, 0, 2589, 3289, 2600, 1929, 3335, 3360,
+ 1376, 1087, 1847, 1409, 1542, 1586, 3218, 3184, 3166, 1832,
+ 1427, 2060, 3174, 2635, 3210, 3186, 3185, 2435, 3129, 3111,
+ 3114, 3066, 3429, 1454, 0, 3486, 2679, 2737, 1483, 3085,
+ 2989, 2839, 3525, 2819, 2003, 2280, 2783, 2381, 3537, 0,
+
+ 2830, 3583, 3016, 2157, 3627, 3673, 3026, 2821, 2801, 2750,
+ 2228, 2472, 2474, 2695, 1189, 1531, 3685, 0, 2647, 1848,
+ 1925, 1602, 1522, 1849, 1587, 5604, 1664, 5604, 2692, 1967,
+ 1630, 2177, 2014, 2406, 2761, 2674, 2630, 3731, 2272, 1926,
+ 2155, 2500, 1927, 3741, 2076, 3780, 0, 1967, 2277, 3054,
+ 2598, 2535, 2509, 2841, 2470, 2431, 2485, 2600, 3064, 2617,
+ 3819, 0, 3104, 3865, 3148, 3036, 3909, 3955, 2390, 2373,
+ 3966, 3118, 2338, 1742, 2298, 2129, 5604, 2743, 1825, 1738,
+ 2219, 2153, 1825, 5604, 2062, 2083, 3130, 3172, 3276, 3281,
+ 1984, 2880, 1920, 3360, 3192, 1912, 1877, 1858, 3274, 1744,
+
+ 2326, 2643, 2745, 3978, 3990, 4002, 1700, 1693, 4014, 1662,
+ 1623, 2856, 2951, 3496, 3084, 4026, 0, 3508, 4072, 3556,
+ 3074, 0, 1599, 1510, 1503, 3319, 1423, 2328, 5604, 3154,
+ 2037, 5604, 2124, 3602, 3646, 1409, 1403, 4118, 2407, 2791,
+ 4130, 2334, 4142, 4154, 3659, 3704, 1390, 1286, 1251, 3418,
+ 1158, 1087, 3105, 1077, 1056, 4166, 0, 3568, 2499, 5604,
+ 3270, 2220, 3751, 1014, 1005, 957, 3614, 2522, 4178, 4190,
+ 4202, 3761, 3790, 3800, 684, 0, 683, 2685, 5604, 658,
+ 2222, 5604, 522, 382, 4214, 4226, 2335, 4238, 4250, 3840,
+ 5604, 3846, 3884, 3202, 5604, 3928, 374, 208, 117, 3716,
+
+ 4260, 4297, 4334, 4045, 4091, 4270, 59, 4371, 3941, 5604,
+ 4280, 3771, 5604, 4423, 4444, 4465, 4486, 4507, 4528, 4549,
+ 4570, 4591, 4600, 2074, 4620, 4641, 2383, 4662, 4683, 4704,
+ 4725, 4746, 4767, 4788, 4809, 2337, 4830, 4839, 4847, 4856,
+ 4876, 4897, 4918, 2474, 4939, 4960, 4981, 5002, 5011, 5030,
+ 5039, 5048, 2421, 2516, 5056, 5064, 5072, 5081, 5089, 5096,
+ 5104, 5112, 5121, 5131, 2600, 2694, 5139, 5147, 5155, 2695,
+ 2757, 5164, 5174, 5194, 2798, 5203, 5211, 2799, 5220, 5230,
+ 5250, 2228, 2615, 5259, 5271, 5280, 5290, 2803, 2825, 5299,
+ 5309, 5318, 5338, 2700, 5347, 5359, 2841, 2872, 5368, 5378,
+
+ 2873, 5387, 5397, 5417, 5438, 5459, 3115, 3116, 5479, 3168,
+ 5486, 5496, 2951, 2967, 5505, 2520, 5525, 3304, 3313, 5534,
+ 5544, 3517, 3314, 3318, 5552, 5562, 5582, 3814, 3319, 3430
} ;
-static yyconst short int yy_def[686] =
+static yyconst short int yy_def[931] =
{ 0,
- 621, 1, 1, 1, 622, 622, 623, 623, 624, 624,
- 625, 625, 621, 626, 621, 621, 621, 621, 627, 628,
- 621, 621, 629, 621, 630, 626, 26, 26, 631, 621,
- 621, 621, 32, 32, 32, 35, 35, 35, 35, 35,
- 35, 626, 26, 626, 621, 627, 32, 32, 35, 35,
- 35, 621, 621, 621, 632, 35, 35, 626, 633, 621,
- 633, 621, 633, 621, 627, 621, 634, 635, 621, 635,
- 621, 635, 621, 636, 637, 637, 637, 621, 621, 626,
- 626, 621, 621, 638, 621, 639, 621, 628, 621, 640,
- 628, 629, 629, 630, 641, 626, 626, 26, 631, 98,
-
- 98, 98, 98, 642, 643, 35, 35, 35, 35, 35,
- 35, 35, 35, 35, 35, 35, 35, 626, 621, 626,
- 621, 621, 621, 621, 621, 621, 638, 626, 98, 626,
- 626, 626, 621, 621, 621, 621, 632, 644, 626, 626,
- 633, 633, 621, 621, 621, 639, 621, 634, 635, 635,
- 621, 621, 635, 635, 637, 621, 637, 637, 621, 621,
- 638, 645, 621, 621, 640, 640, 621, 626, 626, 626,
- 98, 171, 646, 621, 647, 621, 106, 35, 35, 35,
- 35, 35, 35, 35, 35, 35, 35, 35, 35, 35,
- 626, 621, 621, 621, 621, 621, 638, 626, 171, 626,
-
- 626, 626, 621, 626, 621, 645, 626, 626, 626, 626,
- 626, 626, 648, 649, 649, 215, 650, 649, 651, 176,
- 621, 221, 221, 621, 221, 35, 35, 35, 35, 35,
- 35, 35, 35, 35, 35, 35, 35, 35, 626, 621,
- 621, 621, 621, 621, 638, 626, 626, 626, 626, 626,
- 626, 626, 621, 652, 652, 255, 652, 653, 654, 655,
- 621, 656, 224, 656, 656, 265, 656, 621, 268, 268,
- 621, 268, 621, 621, 35, 35, 35, 35, 35, 35,
- 35, 35, 35, 35, 626, 621, 621, 621, 638, 626,
- 626, 626, 626, 626, 626, 626, 626, 657, 657, 658,
-
- 659, 621, 621, 621, 621, 621, 660, 660, 661, 271,
- 661, 661, 312, 661, 621, 315, 315, 621, 315, 35,
- 35, 35, 35, 35, 35, 35, 35, 35, 626, 621,
- 621, 638, 626, 626, 626, 626, 626, 626, 621, 662,
- 663, 302, 621, 343, 343, 621, 343, 621, 621, 621,
- 621, 621, 621, 664, 664, 665, 318, 665, 665, 359,
- 665, 621, 362, 362, 621, 362, 35, 35, 35, 621,
- 621, 35, 35, 35, 35, 621, 621, 621, 621, 626,
- 621, 621, 638, 626, 626, 626, 626, 626, 626, 626,
- 626, 621, 666, 621, 667, 346, 667, 667, 398, 398,
-
- 621, 401, 401, 621, 401, 621, 621, 621, 621, 668,
- 668, 669, 365, 669, 669, 415, 669, 621, 418, 418,
- 418, 35, 35, 35, 35, 35, 35, 35, 626, 621,
- 621, 638, 626, 626, 626, 626, 626, 626, 626, 621,
- 621, 621, 621, 670, 670, 671, 404, 671, 671, 449,
- 449, 621, 452, 452, 621, 452, 621, 621, 621, 621,
- 621, 621, 672, 672, 673, 673, 673, 467, 467, 35,
- 35, 35, 35, 35, 621, 621, 621, 621, 621, 621,
- 674, 638, 626, 675, 676, 626, 626, 626, 626, 626,
- 626, 621, 621, 621, 621, 621, 621, 677, 677, 678,
-
- 455, 678, 678, 503, 503, 621, 506, 506, 621, 506,
- 621, 621, 621, 621, 679, 679, 35, 621, 621, 35,
- 35, 35, 621, 674, 674, 621, 638, 626, 675, 675,
- 675, 675, 621, 675, 676, 676, 626, 626, 626, 621,
- 621, 621, 621, 680, 680, 681, 509, 681, 681, 549,
- 549, 621, 552, 552, 552, 621, 621, 621, 621, 621,
- 621, 621, 35, 35, 621, 638, 621, 621, 626, 626,
- 626, 626, 626, 621, 621, 621, 621, 621, 621, 682,
- 682, 683, 683, 683, 584, 584, 621, 621, 35, 684,
- 626, 626, 626, 621, 621, 621, 621, 685, 685, 621,
-
- 621, 684, 684, 621, 626, 626, 626, 626, 626, 621,
- 621, 621, 621, 621, 626, 626, 626, 626, 626, 626,
- 0, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621
+ 813, 1, 1, 1, 814, 814, 815, 815, 816, 816,
+ 817, 817, 813, 13, 813, 818, 813, 813, 813, 813,
+ 819, 820, 813, 813, 821, 813, 822, 818, 28, 28,
+ 823, 813, 813, 813, 34, 34, 34, 37, 37, 37,
+ 37, 37, 37, 818, 28, 818, 813, 819, 34, 34,
+ 37, 37, 37, 813, 824, 813, 825, 37, 37, 818,
+ 826, 813, 826, 813, 826, 813, 819, 813, 827, 828,
+ 813, 828, 813, 828, 813, 829, 830, 830, 830, 813,
+ 813, 831, 832, 833, 813, 85, 85, 85, 813, 89,
+ 89, 89, 92, 92, 92, 92, 85, 88, 88, 818,
+
+ 818, 813, 813, 834, 813, 835, 813, 820, 836, 831,
+ 820, 821, 821, 822, 837, 818, 818, 28, 838, 118,
+ 118, 118, 118, 839, 840, 37, 126, 127, 127, 127,
+ 127, 127, 127, 127, 127, 127, 127, 818, 813, 818,
+ 818, 813, 813, 813, 813, 813, 813, 834, 818, 118,
+ 818, 818, 818, 813, 813, 813, 813, 841, 842, 818,
+ 818, 843, 843, 813, 813, 813, 835, 813, 844, 845,
+ 845, 813, 813, 845, 845, 830, 813, 830, 830, 813,
+ 813, 831, 831, 831, 846, 847, 88, 846, 848, 813,
+ 813, 85, 192, 192, 192, 192, 813, 197, 198, 849,
+
+ 198, 198, 198, 198, 198, 88, 88, 834, 850, 813,
+ 813, 818, 212, 212, 118, 215, 851, 813, 852, 813,
+ 127, 221, 222, 222, 222, 222, 222, 222, 222, 222,
+ 222, 222, 222, 222, 818, 818, 813, 813, 813, 813,
+ 813, 834, 818, 215, 818, 818, 818, 813, 818, 813,
+ 853, 854, 813, 88, 254, 197, 198, 198, 198, 198,
+ 198, 198, 198, 198, 198, 88, 88, 850, 818, 818,
+ 212, 212, 212, 818, 855, 856, 856, 277, 857, 856,
+ 858, 220, 813, 283, 283, 813, 283, 222, 222, 222,
+ 222, 222, 222, 222, 222, 222, 222, 222, 222, 222,
+
+ 818, 818, 818, 818, 813, 813, 813, 813, 813, 834,
+ 818, 818, 818, 818, 813, 813, 853, 853, 813, 254,
+ 197, 198, 859, 198, 198, 198, 198, 198, 198, 88,
+ 88, 88, 88, 212, 212, 212, 813, 860, 860, 339,
+ 860, 861, 862, 863, 813, 864, 286, 864, 813, 349,
+ 864, 813, 352, 352, 813, 352, 813, 813, 222, 222,
+ 222, 222, 222, 222, 222, 222, 222, 222, 818, 818,
+ 818, 818, 818, 813, 813, 813, 834, 818, 818, 818,
+ 865, 866, 813, 88, 321, 859, 859, 198, 198, 198,
+ 198, 198, 198, 88, 88, 88, 88, 88, 818, 818,
+
+ 212, 212, 818, 867, 867, 868, 869, 813, 813, 870,
+ 871, 813, 872, 872, 873, 355, 873, 813, 418, 873,
+ 813, 421, 421, 813, 421, 813, 426, 426, 426, 426,
+ 426, 426, 426, 426, 818, 818, 818, 818, 818, 813,
+ 813, 874, 818, 818, 818, 813, 813, 875, 875, 813,
+ 859, 859, 198, 859, 198, 198, 198, 198, 88, 88,
+ 88, 88, 88, 818, 464, 464, 813, 876, 877, 408,
+ 813, 471, 471, 813, 471, 813, 813, 878, 878, 813,
+ 813, 879, 879, 880, 424, 880, 813, 487, 880, 813,
+ 490, 490, 813, 490, 813, 495, 495, 813, 813, 495,
+
+ 495, 495, 495, 813, 813, 813, 813, 818, 813, 813,
+ 881, 818, 818, 818, 882, 883, 813, 884, 884, 884,
+ 884, 813, 522, 885, 818, 818, 818, 527, 527, 813,
+ 886, 813, 887, 474, 887, 813, 536, 887, 813, 539,
+ 539, 813, 539, 888, 889, 813, 813, 890, 890, 891,
+ 892, 891, 813, 553, 891, 813, 556, 556, 556, 813,
+ 560, 560, 560, 560, 560, 560, 818, 813, 813, 893,
+ 818, 818, 818, 813, 813, 894, 894, 813, 895, 895,
+ 895, 895, 813, 583, 896, 818, 586, 586, 586, 813,
+ 897, 898, 813, 899, 899, 900, 542, 900, 813, 599,
+
+ 900, 813, 602, 602, 813, 602, 813, 813, 901, 901,
+ 813, 813, 902, 902, 903, 903, 813, 617, 903, 560,
+ 560, 560, 560, 560, 813, 813, 813, 813, 813, 813,
+ 904, 893, 818, 905, 906, 907, 908, 813, 907, 909,
+ 909, 909, 909, 818, 818, 818, 646, 646, 818, 813,
+ 813, 910, 910, 813, 813, 911, 911, 912, 605, 912,
+ 813, 661, 912, 813, 664, 664, 813, 664, 913, 914,
+ 813, 813, 915, 915, 560, 813, 813, 560, 560, 560,
+ 813, 904, 904, 813, 893, 818, 905, 905, 905, 905,
+ 916, 905, 917, 917, 813, 813, 907, 907, 813, 813,
+
+ 909, 909, 909, 646, 646, 646, 918, 919, 813, 813,
+ 920, 920, 921, 667, 921, 813, 716, 921, 813, 719,
+ 719, 922, 813, 913, 913, 813, 813, 813, 813, 560,
+ 560, 813, 893, 813, 813, 923, 924, 813, 909, 909,
+ 646, 818, 646, 646, 818, 813, 813, 918, 918, 813,
+ 813, 925, 925, 926, 926, 926, 756, 926, 813, 813,
+ 560, 927, 813, 813, 923, 923, 813, 909, 646, 646,
+ 646, 813, 813, 813, 813, 928, 928, 813, 813, 927,
+ 927, 813, 929, 930, 813, 646, 818, 646, 646, 818,
+ 813, 813, 813, 813, 813, 813, 813, 929, 929, 813,
+
+ 818, 818, 818, 813, 813, 813, 818, 818, 818, 813,
+ 813, 813, 0, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813
} ;
-static yyconst short int yy_nxt[3663] =
+static yyconst short int yy_nxt[5675] =
{ 0,
- 14, 15, 16, 17, 18, 19, 20, 21, 22, 14,
- 23, 24, 14, 14, 25, 26, 27, 28, 26, 26,
- 26, 26, 26, 29, 30, 31, 14, 32, 33, 33,
- 33, 34, 35, 35, 35, 35, 36, 35, 37, 35,
- 38, 39, 40, 41, 35, 35, 35, 35, 35, 42,
- 14, 43, 43, 43, 43, 43, 43, 14, 14, 14,
- 14, 14, 14, 14, 44, 14, 14, 45, 81, 52,
- 89, 46, 151, 53, 107, 110, 115, 52, 107, 54,
- 111, 53, 55, 76, 16, 77, 78, 54, 90, 109,
- 55, 76, 16, 77, 78, 47, 48, 150, 128, 49,
-
- 158, 113, 604, 131, 56, 394, 81, 50, 57, 35,
- 51, 35, 56, 547, 91, 114, 57, 35, 133, 35,
- 15, 60, 61, 120, 62, 15, 60, 61, 134, 62,
- 62, 79, 58, 95, 95, 62, 81, 95, 95, 79,
- 58, 191, 62, 63, 147, 119, 156, 62, 63, 15,
- 16, 17, 69, 65, 81, 95, 154, 119, 70, 71,
- 72, 102, 102, 102, 102, 102, 103, 85, 64, 147,
- 119, 140, 73, 64, 15, 16, 17, 86, 65, 96,
- 87, 87, 87, 87, 87, 87, 87, 87, 101, 101,
- 101, 101, 101, 101, 101, 101, 174, 74, 15, 16,
-
- 17, 69, 65, 157, 621, 176, 89, 70, 71, 72,
- 80, 621, 100, 100, 100, 100, 100, 100, 100, 100,
- 121, 73, 66, 67, 67, 67, 67, 67, 67, 67,
- 67, 67, 67, 67, 67, 67, 67, 67, 67, 67,
- 15, 16, 17, 107, 65, 81, 74, 152, 122, 123,
- 166, 156, 124, 159, 160, 166, 155, 198, 394, 85,
- 125, 135, 129, 126, 87, 87, 87, 87, 87, 87,
- 87, 87, 150, 87, 87, 87, 87, 87, 87, 87,
- 87, 172, 172, 172, 172, 172, 172, 547, 66, 67,
- 67, 67, 67, 67, 67, 67, 67, 67, 67, 67,
-
- 67, 67, 67, 67, 67, 67, 97, 81, 98, 98,
- 98, 98, 98, 98, 98, 98, 99, 621, 197, 201,
- 100, 100, 100, 100, 100, 81, 81, 182, 501, 138,
- 138, 80, 183, 138, 138, 621, 184, 81, 185, 239,
- 200, 81, 81, 202, 100, 100, 100, 100, 100, 100,
- 80, 138, 81, 147, 119, 246, 80, 204, 574, 80,
- 80, 91, 80, 80, 80, 106, 106, 106, 106, 106,
- 106, 106, 106, 99, 199, 139, 80, 106, 106, 106,
- 106, 106, 107, 107, 107, 107, 108, 107, 107, 107,
- 107, 107, 107, 107, 107, 107, 107, 107, 107, 81,
-
- 107, 100, 100, 100, 100, 100, 100, 80, 80, 80,
- 80, 80, 80, 80, 80, 80, 80, 107, 107, 107,
- 107, 107, 107, 107, 107, 621, 85, 147, 119, 107,
- 107, 107, 107, 107, 159, 160, 146, 133, 107, 621,
- 621, 621, 621, 621, 621, 621, 621, 134, 147, 119,
- 81, 207, 248, 80, 80, 80, 80, 80, 80, 118,
- 119, 80, 80, 80, 158, 80, 80, 174, 157, 80,
- 143, 119, 144, 81, 145, 81, 220, 174, 144, 85,
- 145, 80, 80, 80, 85, 81, 220, 81, 99, 246,
- 246, 273, 145, 145, 86, 589, 150, 87, 87, 87,
-
- 87, 87, 87, 87, 87, 80, 174, 80, 80, 80,
- 156, 80, 80, 274, 81, 80, 156, 85, 145, 87,
- 87, 87, 87, 87, 87, 87, 87, 80, 80, 80,
- 245, 95, 95, 174, 276, 95, 95, 81, 163, 277,
- 127, 164, 164, 164, 164, 164, 164, 164, 164, 88,
- 249, 88, 88, 95, 501, 88, 88, 81, 92, 88,
- 92, 92, 92, 285, 92, 92, 81, 290, 92, 257,
- 257, 257, 88, 88, 289, 85, 81, 96, 81, 174,
- 92, 92, 92, 94, 292, 80, 80, 94, 220, 80,
- 80, 246, 447, 94, 168, 169, 170, 168, 168, 168,
-
- 168, 168, 273, 333, 293, 94, 94, 80, 172, 172,
- 172, 172, 172, 172, 172, 172, 172, 172, 172, 172,
- 172, 172, 172, 172, 274, 81, 85, 81, 81, 171,
- 171, 171, 171, 171, 171, 171, 171, 334, 99, 332,
- 81, 171, 171, 171, 171, 171, 87, 87, 87, 87,
- 87, 87, 87, 87, 85, 81, 81, 483, 138, 138,
- 121, 329, 138, 138, 81, 171, 171, 171, 171, 171,
- 171, 177, 177, 177, 177, 177, 177, 177, 177, 99,
- 138, 291, 527, 177, 177, 177, 177, 177, 122, 123,
- 174, 137, 124, 80, 80, 137, 174, 80, 80, 220,
-
- 125, 137, 81, 126, 139, 263, 383, 171, 171, 171,
- 171, 171, 171, 137, 137, 80, 621, 621, 621, 621,
- 621, 621, 621, 621, 149, 81, 372, 149, 149, 81,
- 335, 373, 85, 526, 149, 164, 164, 164, 164, 164,
- 164, 164, 164, 370, 565, 385, 81, 149, 164, 164,
- 164, 164, 164, 164, 164, 164, 165, 564, 165, 165,
- 95, 434, 165, 165, 95, 371, 165, 261, 174, 207,
- 95, 208, 208, 208, 208, 208, 208, 263, 165, 165,
- 165, 563, 95, 95, 207, 432, 208, 208, 208, 208,
- 208, 208, 208, 208, 207, 376, 209, 209, 209, 209,
-
- 209, 209, 209, 209, 207, 81, 210, 210, 210, 210,
- 210, 211, 208, 208, 138, 621, 174, 377, 138, 387,
- 81, 261, 174, 81, 138, 263, 81, 174, 261, 174,
- 81, 263, 621, 174, 447, 380, 138, 138, 310, 429,
- 81, 80, 310, 212, 212, 212, 212, 212, 212, 212,
- 212, 444, 444, 396, 81, 212, 212, 212, 212, 212,
- 250, 251, 252, 250, 250, 250, 250, 250, 207, 81,
- 208, 208, 208, 208, 208, 208, 208, 208, 386, 212,
- 212, 212, 212, 212, 212, 214, 215, 216, 216, 216,
- 216, 216, 216, 217, 81, 498, 498, 218, 218, 218,
-
- 218, 218, 85, 207, 81, 208, 208, 208, 208, 208,
- 208, 208, 208, 225, 225, 225, 225, 225, 225, 225,
- 225, 218, 218, 218, 218, 218, 218, 174, 221, 222,
- 223, 221, 221, 221, 221, 221, 224, 261, 174, 81,
- 225, 225, 225, 225, 225, 255, 255, 256, 257, 257,
- 257, 257, 257, 217, 265, 265, 265, 265, 265, 265,
- 265, 265, 81, 566, 225, 225, 225, 225, 225, 225,
- 226, 226, 226, 226, 226, 226, 226, 226, 435, 621,
- 174, 378, 226, 226, 226, 226, 226, 266, 266, 266,
- 266, 266, 267, 621, 81, 264, 264, 264, 264, 264,
-
- 264, 264, 264, 379, 384, 492, 212, 212, 212, 212,
- 212, 212, 261, 174, 262, 262, 262, 262, 262, 262,
- 262, 262, 263, 174, 515, 515, 264, 264, 264, 264,
- 264, 293, 263, 294, 294, 294, 294, 294, 294, 294,
- 294, 299, 299, 299, 299, 299, 299, 299, 299, 217,
- 264, 264, 264, 264, 264, 264, 174, 268, 269, 270,
- 268, 268, 268, 268, 268, 271, 174, 81, 523, 272,
- 272, 272, 272, 272, 293, 310, 295, 295, 295, 295,
- 295, 295, 295, 295, 304, 305, 306, 304, 304, 304,
- 304, 304, 522, 272, 272, 272, 272, 272, 272, 293,
-
- 521, 296, 296, 296, 296, 296, 297, 294, 294, 370,
- 81, 272, 272, 272, 272, 272, 272, 272, 272, 261,
- 174, 308, 308, 308, 308, 308, 308, 525, 526, 263,
- 520, 371, 544, 544, 517, 81, 261, 174, 308, 308,
- 308, 308, 308, 308, 308, 308, 263, 261, 174, 309,
- 309, 309, 309, 309, 309, 309, 309, 310, 376, 378,
- 475, 311, 311, 311, 311, 311, 312, 312, 312, 312,
- 312, 312, 312, 312, 313, 313, 313, 313, 313, 314,
- 377, 379, 476, 261, 174, 311, 311, 311, 311, 311,
- 311, 174, 315, 316, 317, 315, 315, 315, 315, 315,
-
- 318, 81, 525, 526, 319, 319, 319, 319, 319, 621,
- 433, 311, 311, 311, 311, 311, 311, 311, 311, 336,
- 337, 338, 336, 336, 336, 336, 336, 457, 319, 319,
- 319, 319, 319, 319, 293, 394, 294, 294, 294, 294,
- 294, 294, 294, 294, 293, 396, 294, 294, 294, 294,
- 294, 294, 293, 81, 294, 294, 294, 294, 294, 294,
- 294, 294, 360, 360, 360, 360, 360, 361, 396, 348,
- 81, 349, 349, 349, 349, 349, 349, 349, 349, 342,
- 81, 399, 399, 399, 399, 399, 400, 81, 81, 343,
- 344, 345, 343, 343, 343, 343, 343, 346, 174, 580,
-
- 580, 347, 347, 347, 347, 347, 348, 310, 350, 350,
- 350, 350, 350, 350, 350, 350, 319, 319, 319, 319,
- 319, 319, 319, 319, 480, 347, 347, 347, 347, 347,
- 347, 348, 479, 351, 351, 351, 351, 351, 352, 349,
- 349, 261, 174, 355, 355, 355, 355, 355, 355, 355,
- 355, 310, 261, 174, 355, 355, 355, 355, 355, 355,
- 81, 81, 310, 261, 174, 356, 356, 356, 356, 356,
- 356, 356, 356, 357, 474, 528, 473, 358, 358, 358,
- 358, 358, 359, 359, 359, 359, 359, 359, 359, 359,
- 621, 174, 358, 358, 358, 358, 358, 358, 358, 358,
-
- 357, 358, 358, 358, 358, 358, 358, 174, 362, 363,
- 364, 362, 362, 362, 362, 362, 365, 590, 85, 472,
- 366, 366, 366, 366, 366, 387, 388, 388, 388, 388,
- 388, 388, 388, 388, 387, 389, 389, 389, 389, 389,
- 389, 389, 389, 471, 366, 366, 366, 366, 366, 366,
- 387, 390, 390, 390, 390, 390, 391, 388, 388, 470,
- 81, 347, 347, 347, 347, 347, 347, 347, 347, 81,
- 398, 398, 398, 398, 398, 398, 398, 398, 416, 416,
- 416, 416, 416, 417, 477, 81, 394, 621, 395, 395,
- 395, 395, 395, 395, 395, 395, 396, 396, 598, 598,
-
- 397, 397, 397, 397, 397, 621, 478, 397, 397, 397,
- 397, 397, 397, 397, 397, 406, 407, 408, 406, 406,
- 406, 406, 406, 342, 397, 397, 397, 397, 397, 397,
- 401, 402, 403, 401, 401, 401, 401, 401, 404, 259,
- 481, 85, 405, 405, 405, 405, 405, 348, 394, 349,
- 349, 349, 349, 349, 349, 349, 349, 348, 396, 349,
- 349, 349, 349, 349, 349, 431, 405, 405, 405, 405,
- 405, 405, 348, 430, 349, 349, 349, 349, 349, 349,
- 349, 349, 261, 174, 261, 174, 450, 450, 450, 450,
- 450, 451, 310, 482, 357, 366, 366, 366, 366, 366,
-
- 366, 366, 366, 621, 174, 415, 415, 415, 415, 415,
- 415, 415, 415, 357, 261, 174, 411, 411, 411, 411,
- 411, 411, 411, 411, 357, 261, 174, 411, 411, 411,
- 411, 411, 411, 603, 604, 357, 261, 174, 412, 412,
- 412, 412, 412, 412, 412, 412, 413, 174, 603, 604,
- 414, 414, 414, 414, 414, 621, 357, 414, 414, 414,
- 414, 414, 414, 414, 414, 436, 437, 438, 439, 436,
- 436, 436, 436, 428, 414, 414, 414, 414, 414, 414,
- 174, 418, 419, 420, 418, 418, 418, 418, 418, 174,
- 148, 148, 427, 421, 421, 421, 421, 421, 413, 81,
-
- 387, 388, 388, 388, 388, 388, 388, 388, 388, 387,
- 388, 388, 388, 388, 388, 388, 426, 421, 421, 421,
- 421, 421, 421, 387, 388, 388, 388, 388, 388, 388,
- 388, 388, 518, 484, 425, 81, 441, 442, 443, 441,
- 441, 441, 441, 441, 81, 405, 405, 405, 405, 405,
- 405, 405, 405, 484, 519, 484, 485, 394, 81, 445,
- 445, 445, 445, 445, 445, 445, 445, 396, 394, 486,
- 446, 446, 446, 446, 446, 446, 446, 446, 447, 81,
- 424, 423, 448, 448, 448, 448, 448, 449, 449, 449,
- 449, 449, 449, 449, 449, 621, 422, 448, 448, 448,
-
- 448, 448, 448, 448, 448, 81, 448, 448, 448, 448,
- 448, 448, 452, 453, 454, 452, 452, 452, 452, 452,
- 455, 174, 348, 342, 456, 456, 456, 456, 456, 457,
- 413, 458, 458, 458, 458, 458, 458, 458, 458, 468,
- 468, 468, 468, 468, 469, 261, 174, 259, 456, 456,
- 456, 456, 456, 456, 457, 357, 459, 459, 459, 459,
- 459, 459, 459, 459, 457, 217, 460, 460, 460, 460,
- 460, 461, 458, 458, 261, 174, 421, 421, 421, 421,
- 421, 421, 421, 421, 413, 621, 174, 467, 467, 467,
- 467, 467, 467, 467, 467, 413, 261, 174, 464, 464,
-
- 464, 464, 464, 464, 464, 464, 413, 261, 174, 464,
- 464, 464, 464, 464, 464, 382, 381, 413, 261, 174,
- 465, 465, 465, 465, 465, 465, 465, 465, 394, 375,
- 374, 369, 466, 466, 466, 466, 466, 621, 447, 466,
- 466, 466, 466, 466, 466, 466, 466, 456, 456, 456,
- 456, 456, 456, 456, 456, 368, 466, 466, 466, 466,
- 466, 466, 486, 621, 487, 487, 487, 487, 487, 487,
- 487, 487, 486, 447, 488, 488, 488, 488, 488, 488,
- 488, 488, 486, 394, 489, 489, 489, 489, 489, 490,
- 491, 491, 486, 447, 569, 605, 367, 486, 81, 491,
-
- 491, 491, 487, 487, 487, 487, 487, 492, 81, 493,
- 493, 493, 493, 493, 493, 493, 493, 492, 81, 494,
- 494, 494, 494, 494, 494, 494, 494, 342, 81, 259,
- 81, 81, 492, 81, 495, 495, 495, 495, 495, 496,
- 493, 493, 394, 475, 499, 499, 499, 499, 499, 499,
- 499, 499, 447, 394, 217, 500, 500, 500, 500, 500,
- 500, 500, 500, 501, 477, 476, 518, 502, 502, 502,
- 502, 502, 503, 503, 503, 503, 503, 503, 503, 503,
- 504, 504, 504, 504, 504, 505, 478, 217, 519, 286,
- 331, 502, 502, 502, 502, 502, 502, 506, 507, 508,
-
- 506, 506, 506, 506, 506, 509, 330, 328, 327, 510,
- 510, 510, 510, 510, 621, 326, 502, 502, 502, 502,
- 502, 502, 502, 502, 511, 512, 513, 511, 511, 511,
- 511, 511, 325, 510, 510, 510, 510, 510, 510, 457,
- 324, 458, 458, 458, 458, 458, 458, 458, 458, 457,
- 484, 458, 458, 458, 458, 458, 458, 458, 458, 457,
- 323, 458, 458, 458, 458, 458, 458, 261, 174, 614,
- 484, 322, 484, 484, 614, 321, 320, 413, 261, 174,
- 516, 516, 516, 516, 516, 516, 516, 516, 530, 302,
- 531, 532, 533, 530, 259, 531, 532, 533, 537, 538,
-
- 539, 537, 537, 537, 537, 537, 486, 394, 487, 487,
- 487, 487, 487, 487, 487, 487, 486, 501, 487, 487,
- 487, 487, 487, 487, 487, 487, 217, 621, 394, 561,
- 394, 298, 81, 217, 621, 105, 534, 501, 501, 286,
- 547, 536, 81, 486, 547, 487, 487, 487, 487, 487,
- 487, 562, 81, 540, 541, 542, 540, 540, 540, 540,
- 540, 492, 288, 493, 493, 493, 493, 493, 493, 493,
- 493, 550, 550, 550, 550, 550, 551, 286, 492, 81,
- 493, 493, 493, 493, 493, 493, 493, 493, 492, 287,
- 493, 493, 493, 493, 493, 493, 510, 510, 510, 510,
-
- 510, 510, 510, 510, 394, 561, 545, 545, 545, 545,
- 545, 545, 545, 545, 501, 394, 394, 546, 546, 546,
- 546, 546, 546, 546, 546, 547, 547, 562, 286, 548,
- 548, 548, 548, 548, 549, 549, 549, 549, 549, 549,
- 549, 549, 621, 284, 548, 548, 548, 548, 548, 548,
- 548, 548, 283, 548, 548, 548, 548, 548, 548, 552,
- 553, 554, 552, 552, 552, 552, 552, 282, 281, 280,
- 279, 555, 555, 555, 555, 555, 174, 556, 556, 556,
- 556, 556, 556, 556, 556, 174, 557, 557, 557, 557,
- 557, 557, 557, 557, 587, 555, 555, 555, 555, 555,
-
- 555, 174, 558, 558, 558, 558, 558, 559, 556, 556,
- 621, 278, 621, 621, 621, 530, 588, 531, 532, 533,
- 621, 275, 531, 532, 533, 621, 99, 621, 621, 533,
- 567, 217, 259, 568, 568, 568, 568, 568, 568, 568,
- 568, 217, 587, 529, 529, 600, 621, 529, 621, 621,
- 621, 105, 85, 535, 535, 205, 247, 535, 534, 529,
- 529, 529, 244, 534, 588, 243, 242, 601, 534, 535,
- 535, 535, 569, 534, 570, 570, 570, 570, 570, 570,
- 570, 570, 569, 600, 571, 571, 571, 571, 571, 571,
- 571, 571, 241, 569, 536, 572, 572, 572, 572, 572,
-
- 573, 570, 570, 240, 238, 601, 237, 574, 81, 575,
- 575, 575, 575, 575, 575, 575, 575, 574, 81, 576,
- 576, 576, 576, 576, 576, 576, 576, 236, 574, 81,
- 577, 577, 577, 577, 577, 578, 575, 575, 555, 555,
- 555, 555, 555, 555, 555, 555, 394, 235, 581, 581,
- 581, 581, 581, 581, 581, 581, 547, 394, 234, 582,
- 582, 582, 582, 582, 582, 582, 582, 233, 232, 231,
- 230, 583, 583, 583, 583, 583, 584, 584, 584, 584,
- 584, 584, 584, 584, 585, 585, 585, 585, 585, 586,
- 229, 228, 227, 105, 97, 583, 583, 583, 583, 583,
-
- 583, 621, 85, 583, 583, 583, 583, 583, 583, 583,
- 583, 174, 556, 556, 556, 556, 556, 556, 556, 556,
- 174, 556, 556, 556, 556, 556, 556, 556, 556, 174,
- 556, 556, 556, 556, 556, 556, 568, 568, 568, 568,
- 568, 568, 568, 568, 568, 568, 568, 568, 568, 568,
- 568, 568, 591, 592, 593, 591, 591, 591, 591, 591,
- 569, 85, 570, 570, 570, 570, 570, 570, 570, 570,
- 569, 205, 570, 570, 570, 570, 570, 570, 570, 570,
- 155, 156, 150, 150, 142, 569, 81, 570, 570, 570,
- 570, 570, 570, 203, 136, 136, 81, 594, 595, 596,
-
- 594, 594, 594, 594, 594, 574, 81, 575, 575, 575,
- 575, 575, 575, 575, 575, 196, 195, 194, 193, 192,
- 574, 81, 575, 575, 575, 575, 575, 575, 575, 575,
- 574, 190, 575, 575, 575, 575, 575, 575, 394, 189,
- 599, 599, 599, 599, 599, 599, 599, 599, 605, 188,
- 606, 606, 606, 606, 606, 606, 606, 606, 605, 187,
- 607, 607, 607, 607, 607, 607, 607, 607, 605, 186,
- 608, 608, 608, 608, 608, 609, 606, 606, 610, 610,
- 610, 610, 610, 610, 81, 610, 610, 610, 610, 610,
- 610, 610, 610, 181, 81, 611, 611, 611, 611, 611,
-
- 611, 611, 611, 180, 81, 612, 612, 612, 612, 612,
- 613, 610, 610, 615, 616, 617, 615, 615, 615, 615,
- 615, 605, 179, 606, 606, 606, 606, 606, 606, 606,
- 606, 605, 178, 606, 606, 606, 606, 606, 606, 606,
- 606, 105, 80, 105, 167, 93, 605, 81, 606, 606,
- 606, 606, 606, 606, 85, 83, 82, 81, 610, 610,
- 610, 610, 610, 610, 610, 610, 81, 81, 610, 610,
- 610, 610, 610, 610, 610, 610, 156, 150, 142, 113,
- 111, 136, 81, 618, 618, 618, 618, 618, 618, 618,
- 618, 615, 615, 615, 615, 615, 615, 615, 615, 619,
-
- 619, 619, 619, 619, 620, 618, 618, 618, 618, 618,
- 618, 618, 618, 618, 618, 132, 130, 81, 618, 618,
- 618, 618, 618, 618, 117, 81, 116, 115, 112, 107,
- 105, 93, 83, 81, 82, 81, 621, 621, 621, 621,
- 621, 81, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 81, 59, 59, 59, 59, 59, 59, 59,
- 59, 59, 59, 59, 59, 59, 59, 59, 59, 31,
- 31, 31, 31, 31, 31, 31, 31, 31, 31, 31,
- 31, 31, 31, 31, 31, 68, 68, 68, 68, 68,
- 68, 68, 68, 68, 68, 68, 68, 68, 68, 68,
-
- 68, 75, 75, 75, 75, 75, 75, 75, 75, 75,
- 75, 75, 75, 75, 75, 75, 75, 80, 621, 621,
- 621, 621, 621, 621, 621, 80, 80, 80, 621, 621,
- 80, 80, 80, 84, 84, 84, 84, 84, 84, 84,
- 84, 84, 84, 84, 84, 84, 84, 84, 84, 88,
- 621, 621, 621, 621, 88, 621, 621, 88, 88, 88,
- 88, 621, 88, 88, 88, 92, 621, 621, 621, 621,
- 621, 621, 621, 92, 92, 92, 621, 621, 92, 92,
- 92, 94, 621, 621, 94, 94, 621, 94, 621, 94,
- 94, 94, 621, 621, 94, 94, 94, 104, 104, 621,
-
- 621, 621, 104, 137, 621, 621, 137, 137, 621, 137,
- 621, 137, 137, 137, 621, 621, 137, 137, 137, 141,
- 621, 621, 141, 141, 621, 141, 621, 141, 141, 141,
- 621, 141, 621, 141, 141, 149, 621, 621, 149, 621,
- 621, 149, 621, 149, 149, 149, 149, 621, 149, 149,
- 149, 153, 153, 153, 153, 153, 153, 153, 153, 153,
- 153, 153, 153, 153, 153, 153, 153, 155, 155, 621,
- 155, 621, 155, 155, 155, 155, 155, 155, 155, 155,
- 155, 155, 155, 161, 161, 161, 161, 161, 161, 161,
- 161, 161, 161, 161, 161, 161, 161, 161, 161, 162,
-
- 162, 621, 162, 162, 162, 162, 162, 162, 162, 162,
- 162, 162, 162, 162, 162, 165, 621, 621, 621, 621,
- 165, 621, 621, 165, 165, 165, 621, 621, 165, 165,
- 165, 95, 621, 621, 95, 95, 621, 95, 621, 95,
- 95, 95, 621, 621, 95, 95, 95, 173, 173, 621,
- 621, 621, 173, 175, 175, 175, 621, 621, 621, 175,
- 138, 621, 621, 138, 138, 621, 138, 621, 138, 138,
- 138, 621, 621, 138, 138, 138, 206, 206, 206, 206,
- 206, 206, 206, 206, 206, 206, 206, 206, 206, 206,
- 206, 206, 213, 213, 621, 621, 621, 213, 219, 219,
-
- 219, 621, 621, 621, 219, 253, 253, 621, 621, 621,
- 253, 254, 254, 621, 621, 621, 254, 258, 258, 621,
- 621, 621, 258, 260, 260, 260, 621, 621, 621, 260,
- 298, 298, 621, 621, 621, 298, 300, 300, 621, 621,
- 621, 300, 301, 301, 621, 621, 621, 301, 303, 303,
- 303, 621, 621, 621, 303, 307, 307, 307, 307, 621,
- 621, 621, 307, 339, 339, 621, 621, 621, 339, 340,
- 340, 621, 621, 621, 340, 341, 341, 621, 621, 621,
- 341, 353, 353, 353, 621, 621, 621, 353, 354, 354,
- 354, 354, 621, 621, 621, 354, 392, 392, 621, 621,
-
- 621, 392, 393, 393, 621, 621, 621, 393, 409, 409,
- 409, 621, 621, 621, 409, 410, 410, 410, 410, 621,
- 621, 621, 410, 440, 440, 621, 621, 621, 440, 444,
- 621, 444, 444, 621, 621, 621, 444, 462, 462, 462,
- 621, 621, 621, 462, 463, 463, 463, 463, 621, 621,
- 621, 463, 497, 497, 621, 621, 621, 497, 498, 621,
- 498, 498, 621, 621, 621, 498, 514, 514, 514, 621,
- 621, 621, 514, 515, 515, 515, 621, 621, 621, 621,
- 515, 524, 524, 524, 524, 524, 524, 524, 524, 524,
- 524, 524, 524, 524, 524, 524, 524, 529, 529, 621,
-
- 529, 529, 529, 621, 621, 529, 529, 529, 621, 621,
- 529, 529, 529, 535, 535, 621, 535, 535, 535, 621,
- 621, 535, 535, 535, 621, 621, 535, 535, 535, 543,
- 543, 621, 621, 621, 543, 544, 621, 544, 544, 621,
- 621, 621, 544, 560, 560, 621, 621, 621, 621, 560,
- 579, 579, 621, 621, 621, 579, 580, 621, 580, 580,
- 621, 621, 621, 580, 597, 597, 621, 621, 621, 597,
- 598, 621, 598, 621, 621, 621, 621, 598, 602, 602,
- 602, 602, 602, 602, 602, 602, 602, 602, 602, 602,
- 602, 602, 602, 602, 13, 621, 621, 621, 621, 621,
-
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621
+ 16, 17, 18, 19, 20, 21, 22, 23, 24, 16,
+ 25, 26, 16, 16, 27, 28, 29, 30, 28, 28,
+ 28, 28, 28, 28, 28, 31, 32, 33, 16, 34,
+ 35, 35, 35, 36, 37, 37, 37, 37, 38, 37,
+ 39, 37, 40, 41, 42, 43, 37, 37, 37, 37,
+ 37, 44, 16, 45, 45, 45, 45, 45, 45, 16,
+ 16, 16, 16, 16, 16, 16, 16, 46, 16, 16,
+ 47, 532, 54, 130, 48, 135, 55, 127, 131, 127,
+ 54, 127, 56, 534, 55, 57, 78, 18, 79, 80,
+ 56, 109, 129, 57, 133, 17, 62, 63, 150, 64,
+
+ 49, 50, 149, 152, 51, 64, 168, 139, 134, 58,
+ 101, 110, 52, 59, 37, 53, 37, 58, 154, 64,
+ 65, 59, 37, 105, 37, 17, 62, 63, 155, 64,
+ 796, 78, 18, 79, 80, 64, 81, 111, 60, 175,
+ 139, 172, 101, 115, 115, 66, 60, 115, 115, 64,
+ 65, 140, 142, 178, 17, 18, 19, 71, 67, 173,
+ 141, 168, 139, 72, 73, 74, 171, 115, 122, 122,
+ 122, 122, 122, 123, 179, 66, 17, 18, 19, 75,
+ 67, 81, 143, 144, 171, 242, 145, 101, 101, 180,
+ 181, 116, 176, 236, 146, 198, 140, 147, 17, 18,
+
+ 19, 71, 67, 177, 76, 161, 201, 72, 73, 74,
+ 121, 121, 121, 121, 121, 121, 121, 121, 121, 121,
+ 101, 796, 177, 75, 179, 249, 68, 69, 69, 69,
+ 69, 69, 69, 69, 69, 69, 69, 69, 69, 69,
+ 69, 69, 69, 69, 69, 17, 18, 19, 76, 67,
+ 194, 194, 194, 194, 194, 194, 194, 194, 194, 194,
+ 195, 195, 195, 195, 195, 196, 206, 100, 119, 100,
+ 100, 100, 177, 100, 100, 207, 101, 100, 107, 107,
+ 107, 107, 107, 107, 107, 107, 107, 107, 101, 243,
+ 235, 100, 100, 100, 101, 68, 69, 69, 69, 69,
+
+ 69, 69, 69, 69, 69, 69, 69, 69, 69, 69,
+ 69, 69, 69, 69, 33, 17, 18, 19, 33, 33,
+ 82, 23, 24, 33, 83, 26, 33, 33, 84, 85,
+ 86, 87, 85, 85, 85, 85, 85, 85, 85, 31,
+ 88, 33, 33, 89, 90, 90, 90, 91, 92, 92,
+ 92, 92, 93, 92, 94, 92, 95, 92, 96, 92,
+ 92, 92, 92, 92, 92, 68, 33, 97, 97, 97,
+ 97, 97, 97, 98, 98, 98, 98, 98, 98, 98,
+ 98, 99, 98, 98, 105, 218, 101, 796, 109, 168,
+ 139, 269, 247, 178, 106, 796, 220, 107, 107, 107,
+
+ 107, 107, 107, 107, 107, 107, 107, 117, 183, 118,
+ 118, 118, 118, 118, 118, 118, 118, 118, 118, 119,
+ 101, 180, 181, 120, 120, 120, 120, 120, 101, 101,
+ 357, 159, 159, 246, 184, 159, 159, 216, 216, 216,
+ 216, 216, 216, 177, 245, 101, 154, 120, 120, 120,
+ 120, 120, 120, 100, 358, 159, 155, 127, 101, 100,
+ 313, 563, 100, 100, 101, 100, 100, 100, 126, 126,
+ 126, 126, 126, 126, 126, 126, 126, 126, 119, 160,
+ 311, 100, 126, 126, 126, 126, 126, 127, 127, 127,
+ 127, 128, 127, 127, 127, 127, 127, 127, 127, 127,
+
+ 127, 127, 127, 127, 101, 127, 120, 120, 120, 120,
+ 120, 120, 100, 100, 100, 100, 100, 100, 100, 100,
+ 100, 100, 100, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 127, 813, 218, 796, 105, 127, 127, 127,
+ 127, 127, 101, 100, 101, 282, 127, 107, 107, 107,
+ 107, 107, 107, 107, 107, 107, 107, 101, 304, 311,
+ 372, 100, 100, 100, 100, 100, 100, 138, 139, 100,
+ 100, 100, 311, 100, 100, 101, 378, 100, 216, 216,
+ 216, 216, 216, 216, 216, 216, 216, 216, 244, 310,
+ 813, 100, 100, 100, 100, 101, 120, 120, 120, 120,
+
+ 120, 120, 120, 120, 120, 120, 105, 164, 139, 165,
+ 813, 166, 101, 109, 436, 165, 106, 166, 373, 107,
+ 107, 107, 107, 107, 107, 107, 107, 107, 107, 226,
+ 101, 166, 166, 813, 227, 311, 111, 218, 228, 170,
+ 229, 185, 170, 170, 101, 168, 139, 185, 282, 170,
+ 185, 115, 115, 185, 185, 115, 115, 166, 813, 184,
+ 782, 371, 168, 139, 170, 148, 105, 187, 360, 185,
+ 109, 301, 302, 361, 303, 115, 167, 101, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 101,
+ 813, 314, 188, 185, 115, 101, 532, 115, 115, 116,
+
+ 115, 115, 115, 115, 184, 101, 115, 115, 108, 714,
+ 108, 108, 171, 101, 108, 108, 184, 435, 108, 380,
+ 187, 115, 115, 216, 216, 216, 216, 216, 216, 216,
+ 216, 216, 216, 108, 108, 107, 107, 107, 107, 107,
+ 107, 107, 107, 107, 107, 190, 115, 187, 105, 101,
+ 191, 187, 192, 192, 192, 192, 192, 192, 192, 192,
+ 192, 192, 119, 187, 357, 357, 193, 193, 193, 193,
+ 193, 187, 187, 187, 187, 187, 187, 187, 187, 187,
+ 187, 187, 187, 187, 187, 187, 187, 187, 358, 358,
+ 193, 193, 193, 193, 193, 193, 187, 187, 187, 187,
+
+ 187, 187, 187, 187, 187, 187, 187, 813, 377, 187,
+ 187, 187, 187, 187, 187, 187, 187, 187, 187, 813,
+ 341, 341, 341, 187, 187, 187, 187, 187, 330, 331,
+ 112, 332, 112, 112, 112, 394, 112, 112, 395, 437,
+ 112, 255, 255, 255, 255, 255, 255, 187, 187, 187,
+ 187, 187, 187, 187, 112, 112, 112, 187, 197, 197,
+ 197, 197, 197, 197, 197, 197, 197, 197, 119, 187,
+ 498, 101, 197, 197, 197, 197, 197, 198, 198, 198,
+ 198, 199, 198, 198, 198, 198, 198, 198, 198, 198,
+ 198, 198, 198, 198, 499, 200, 193, 193, 193, 193,
+
+ 193, 193, 187, 187, 187, 187, 187, 187, 187, 187,
+ 187, 187, 187, 198, 198, 198, 198, 198, 198, 198,
+ 198, 198, 198, 813, 105, 101, 443, 198, 198, 198,
+ 198, 198, 260, 218, 159, 159, 198, 261, 159, 159,
+ 386, 262, 513, 263, 282, 387, 369, 142, 101, 370,
+ 504, 187, 187, 187, 187, 187, 187, 813, 159, 193,
+ 193, 193, 193, 193, 193, 193, 193, 193, 193, 114,
+ 763, 100, 100, 114, 505, 100, 100, 143, 144, 114,
+ 101, 145, 160, 272, 272, 272, 272, 272, 273, 146,
+ 438, 442, 147, 114, 114, 100, 212, 213, 214, 212,
+
+ 212, 212, 212, 212, 212, 212, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 345, 218, 763, 158,
+ 101, 100, 100, 158, 101, 100, 100, 763, 347, 158,
+ 399, 444, 101, 215, 215, 215, 215, 215, 215, 215,
+ 215, 215, 215, 158, 158, 100, 506, 215, 215, 215,
+ 215, 215, 251, 252, 253, 251, 251, 251, 251, 251,
+ 251, 251, 100, 100, 100, 100, 496, 127, 101, 813,
+ 507, 215, 215, 215, 215, 215, 215, 221, 221, 221,
+ 221, 221, 221, 221, 221, 221, 221, 119, 119, 498,
+ 532, 221, 221, 221, 221, 221, 255, 255, 255, 255,
+
+ 255, 255, 255, 255, 255, 255, 350, 350, 350, 350,
+ 350, 351, 714, 499, 101, 215, 215, 215, 215, 215,
+ 215, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 813, 379, 622, 127, 127, 127, 127, 127, 127,
+ 182, 218, 182, 182, 101, 185, 182, 182, 101, 439,
+ 182, 185, 282, 445, 185, 813, 218, 185, 185, 100,
+ 100, 100, 100, 100, 100, 182, 182, 347, 218, 127,
+ 127, 187, 497, 185, 185, 562, 185, 185, 185, 347,
+ 185, 185, 498, 659, 185, 255, 255, 255, 255, 255,
+ 255, 255, 255, 255, 255, 525, 188, 185, 185, 185,
+
+ 185, 115, 345, 218, 115, 115, 499, 115, 115, 115,
+ 115, 115, 127, 115, 115, 115, 565, 502, 345, 218,
+ 127, 115, 345, 218, 127, 504, 500, 187, 115, 115,
+ 347, 501, 101, 127, 416, 115, 115, 211, 211, 211,
+ 211, 211, 211, 211, 211, 211, 211, 503, 101, 505,
+ 127, 198, 190, 115, 254, 254, 254, 254, 254, 254,
+ 254, 254, 254, 254, 746, 567, 584, 127, 254, 254,
+ 254, 254, 254, 211, 211, 211, 211, 211, 211, 211,
+ 211, 211, 211, 315, 105, 316, 316, 316, 316, 316,
+ 316, 101, 254, 254, 254, 254, 254, 254, 187, 746,
+
+ 101, 508, 187, 256, 256, 256, 256, 256, 256, 256,
+ 256, 256, 256, 119, 187, 105, 572, 256, 256, 256,
+ 256, 256, 198, 198, 198, 198, 198, 198, 198, 198,
+ 198, 198, 198, 198, 198, 198, 198, 198, 198, 570,
+ 200, 254, 254, 254, 254, 254, 254, 187, 187, 187,
+ 187, 187, 187, 187, 187, 187, 187, 187, 198, 198,
+ 198, 198, 198, 198, 198, 198, 198, 198, 813, 511,
+ 504, 506, 198, 198, 198, 198, 198, 271, 271, 271,
+ 271, 271, 271, 271, 271, 271, 271, 419, 419, 419,
+ 419, 419, 420, 506, 505, 507, 187, 187, 187, 187,
+
+ 187, 187, 269, 746, 270, 270, 270, 270, 270, 270,
+ 270, 270, 270, 270, 159, 520, 763, 507, 159, 101,
+ 521, 621, 763, 127, 159, 287, 287, 287, 287, 287,
+ 287, 287, 287, 287, 287, 127, 573, 218, 159, 159,
+ 101, 100, 101, 274, 274, 274, 274, 274, 274, 274,
+ 274, 274, 274, 512, 624, 627, 127, 274, 274, 274,
+ 274, 274, 349, 349, 349, 349, 349, 349, 349, 349,
+ 349, 349, 488, 488, 488, 488, 488, 489, 101, 628,
+ 633, 274, 274, 274, 274, 274, 274, 276, 277, 278,
+ 278, 278, 278, 278, 278, 278, 278, 279, 649, 649,
+
+ 649, 280, 280, 280, 280, 280, 381, 382, 383, 381,
+ 381, 381, 381, 381, 381, 381, 446, 218, 447, 447,
+ 447, 447, 447, 447, 218, 280, 280, 280, 280, 280,
+ 280, 218, 283, 284, 285, 283, 283, 283, 283, 283,
+ 283, 283, 286, 625, 813, 218, 287, 287, 287, 287,
+ 287, 410, 411, 412, 410, 410, 410, 410, 410, 410,
+ 410, 528, 528, 528, 528, 528, 529, 626, 679, 127,
+ 287, 287, 287, 287, 287, 287, 288, 288, 288, 288,
+ 288, 288, 288, 288, 288, 288, 119, 627, 625, 127,
+ 288, 288, 288, 288, 288, 356, 356, 356, 356, 356,
+
+ 356, 356, 356, 356, 356, 537, 537, 537, 537, 537,
+ 538, 628, 626, 218, 274, 274, 274, 274, 274, 274,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 813, 683, 684, 127, 127, 127, 127, 127, 127, 345,
+ 218, 414, 414, 414, 414, 414, 414, 678, 659, 127,
+ 399, 347, 400, 400, 400, 400, 400, 400, 100, 100,
+ 100, 100, 100, 100, 315, 627, 318, 318, 318, 318,
+ 318, 319, 316, 316, 316, 316, 320, 320, 320, 320,
+ 320, 320, 320, 320, 320, 320, 119, 597, 101, 628,
+ 320, 320, 320, 320, 320, 418, 418, 418, 418, 418,
+
+ 418, 418, 418, 418, 418, 476, 746, 477, 477, 477,
+ 477, 477, 477, 746, 320, 320, 320, 320, 320, 320,
+ 321, 321, 321, 321, 321, 321, 321, 321, 321, 321,
+ 100, 100, 100, 100, 321, 321, 321, 321, 321, 425,
+ 425, 425, 425, 425, 425, 425, 425, 425, 425, 554,
+ 554, 554, 554, 554, 555, 345, 218, 695, 320, 320,
+ 320, 320, 320, 320, 334, 335, 336, 334, 334, 334,
+ 334, 334, 334, 334, 813, 218, 345, 218, 483, 483,
+ 483, 483, 483, 483, 731, 127, 416, 813, 416, 487,
+ 487, 487, 487, 487, 487, 487, 487, 487, 487, 534,
+
+ 101, 339, 339, 340, 341, 341, 341, 341, 341, 341,
+ 341, 279, 345, 218, 346, 346, 346, 346, 346, 346,
+ 346, 346, 346, 346, 347, 101, 683, 684, 348, 348,
+ 348, 348, 348, 631, 105, 514, 515, 516, 517, 515,
+ 515, 515, 515, 515, 515, 515, 600, 600, 600, 600,
+ 600, 601, 348, 348, 348, 348, 348, 348, 218, 352,
+ 353, 354, 352, 352, 352, 352, 352, 352, 352, 355,
+ 730, 695, 127, 356, 356, 356, 356, 356, 527, 527,
+ 527, 527, 527, 527, 527, 527, 527, 527, 632, 623,
+ 695, 680, 675, 218, 127, 127, 127, 356, 356, 356,
+
+ 356, 356, 356, 813, 347, 348, 348, 348, 348, 348,
+ 348, 348, 348, 348, 348, 384, 384, 384, 384, 384,
+ 384, 384, 384, 384, 384, 695, 676, 676, 813, 384,
+ 384, 384, 384, 384, 475, 475, 475, 475, 475, 475,
+ 475, 475, 475, 475, 618, 618, 618, 618, 618, 619,
+ 677, 677, 813, 384, 384, 384, 384, 384, 384, 385,
+ 385, 385, 385, 385, 385, 385, 385, 385, 385, 703,
+ 634, 694, 127, 385, 385, 385, 385, 385, 536, 536,
+ 536, 536, 536, 536, 536, 536, 536, 536, 100, 100,
+ 100, 100, 634, 218, 634, 634, 734, 384, 384, 384,
+
+ 384, 384, 384, 399, 416, 400, 400, 400, 400, 400,
+ 400, 400, 400, 400, 400, 399, 532, 401, 401, 401,
+ 401, 401, 401, 401, 401, 401, 401, 399, 534, 402,
+ 402, 402, 402, 402, 403, 400, 400, 400, 400, 405,
+ 405, 405, 405, 405, 405, 405, 405, 405, 405, 279,
+ 345, 218, 414, 414, 414, 414, 414, 414, 414, 414,
+ 414, 414, 347, 634, 105, 101, 413, 413, 413, 413,
+ 413, 544, 545, 546, 544, 544, 544, 544, 544, 544,
+ 544, 686, 761, 107, 127, 634, 107, 634, 635, 644,
+ 413, 413, 413, 413, 413, 413, 345, 218, 415, 415,
+
+ 415, 415, 415, 415, 415, 415, 415, 415, 416, 345,
+ 218, 101, 417, 417, 417, 417, 417, 345, 218, 813,
+ 218, 416, 127, 127, 127, 762, 105, 101, 733, 485,
+ 676, 485, 561, 564, 101, 566, 417, 417, 417, 417,
+ 417, 417, 218, 421, 422, 423, 421, 421, 421, 421,
+ 421, 421, 421, 424, 677, 684, 813, 425, 425, 425,
+ 425, 425, 494, 494, 494, 494, 494, 494, 494, 494,
+ 494, 494, 662, 662, 662, 662, 662, 663, 101, 105,
+ 813, 425, 425, 425, 425, 425, 425, 813, 571, 417,
+ 417, 417, 417, 417, 417, 417, 417, 417, 417, 446,
+
+ 701, 449, 449, 449, 449, 449, 450, 447, 447, 447,
+ 447, 384, 384, 384, 384, 384, 384, 384, 384, 384,
+ 384, 781, 782, 781, 782, 384, 384, 384, 384, 384,
+ 345, 218, 549, 549, 549, 549, 549, 549, 685, 575,
+ 575, 607, 485, 608, 608, 608, 608, 608, 608, 384,
+ 384, 384, 384, 384, 384, 464, 465, 466, 464, 464,
+ 464, 464, 464, 464, 464, 553, 553, 553, 553, 553,
+ 553, 553, 553, 553, 553, 591, 592, 593, 591, 591,
+ 591, 591, 591, 591, 591, 695, 732, 700, 700, 700,
+ 644, 101, 399, 532, 400, 400, 400, 400, 400, 400,
+
+ 400, 400, 400, 400, 399, 597, 400, 400, 400, 400,
+ 400, 400, 400, 400, 400, 400, 471, 472, 473, 471,
+ 471, 471, 471, 471, 471, 471, 474, 728, 101, 728,
+ 475, 475, 475, 475, 475, 543, 543, 543, 543, 543,
+ 543, 543, 543, 543, 543, 127, 211, 741, 786, 211,
+ 218, 729, 218, 729, 475, 475, 475, 475, 475, 475,
+ 476, 416, 479, 479, 479, 479, 479, 480, 477, 477,
+ 477, 477, 345, 218, 483, 483, 483, 483, 483, 483,
+ 483, 483, 483, 483, 416, 101, 101, 218, 482, 482,
+ 482, 482, 482, 532, 813, 595, 595, 595, 595, 595,
+
+ 595, 169, 169, 169, 218, 534, 597, 688, 759, 689,
+ 690, 691, 482, 482, 482, 482, 482, 482, 345, 218,
+ 484, 484, 484, 484, 484, 484, 484, 484, 484, 484,
+ 485, 316, 760, 316, 486, 486, 486, 486, 486, 599,
+ 599, 599, 599, 599, 599, 599, 599, 599, 599, 574,
+ 575, 575, 575, 575, 575, 575, 597, 692, 486, 486,
+ 486, 486, 486, 486, 218, 490, 491, 492, 490, 490,
+ 490, 490, 490, 490, 490, 493, 218, 345, 218, 494,
+ 494, 494, 494, 494, 345, 218, 218, 485, 218, 485,
+ 813, 218, 169, 169, 169, 534, 551, 485, 532, 551,
+
+ 759, 813, 551, 494, 494, 494, 494, 494, 494, 813,
+ 597, 486, 486, 486, 486, 486, 486, 486, 486, 486,
+ 486, 100, 650, 778, 760, 813, 317, 100, 317, 735,
+ 100, 100, 735, 100, 100, 100, 127, 127, 127, 127,
+ 127, 127, 127, 127, 127, 127, 702, 779, 650, 100,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 127, 127, 495, 127, 127, 127, 127, 127,
+ 127, 127, 101, 127, 100, 100, 100, 100, 100, 100,
+ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
+ 100, 525, 526, 526, 526, 526, 526, 526, 526, 526,
+
+ 526, 526, 345, 218, 614, 614, 614, 614, 614, 614,
+ 447, 650, 447, 532, 551, 617, 617, 617, 617, 617,
+ 617, 617, 617, 617, 617, 659, 576, 576, 101, 532,
+ 813, 533, 533, 533, 533, 533, 533, 533, 533, 533,
+ 533, 534, 659, 695, 813, 535, 535, 535, 535, 535,
+ 636, 637, 638, 639, 636, 636, 636, 636, 636, 636,
+ 345, 218, 674, 674, 674, 674, 674, 674, 813, 535,
+ 535, 535, 535, 535, 535, 539, 540, 541, 539, 539,
+ 539, 539, 539, 539, 539, 542, 778, 695, 739, 543,
+ 543, 543, 543, 543, 646, 646, 646, 646, 646, 646,
+
+ 646, 646, 646, 646, 448, 477, 448, 477, 345, 218,
+ 779, 575, 575, 543, 543, 543, 543, 543, 543, 813,
+ 551, 535, 535, 535, 535, 535, 535, 535, 535, 535,
+ 535, 345, 218, 549, 549, 549, 549, 549, 549, 549,
+ 549, 549, 549, 485, 728, 681, 813, 548, 548, 548,
+ 548, 548, 647, 647, 647, 647, 647, 648, 649, 649,
+ 649, 649, 688, 607, 689, 690, 691, 478, 729, 478,
+ 813, 548, 548, 548, 548, 548, 548, 345, 218, 550,
+ 550, 550, 550, 550, 550, 550, 550, 550, 550, 551,
+ 127, 740, 813, 552, 552, 552, 552, 552, 606, 606,
+
+ 606, 606, 606, 606, 606, 606, 606, 606, 447, 477,
+ 447, 477, 694, 608, 607, 608, 813, 552, 552, 552,
+ 552, 552, 552, 218, 556, 557, 558, 556, 556, 556,
+ 556, 556, 556, 556, 607, 609, 768, 609, 559, 559,
+ 559, 559, 559, 532, 534, 657, 657, 657, 657, 657,
+ 657, 651, 650, 651, 650, 597, 651, 651, 651, 651,
+ 651, 651, 559, 559, 559, 559, 559, 559, 813, 532,
+ 552, 552, 552, 552, 552, 552, 552, 552, 552, 552,
+ 100, 659, 652, 608, 652, 608, 100, 687, 687, 100,
+ 100, 687, 100, 100, 100, 127, 127, 127, 127, 127,
+
+ 127, 127, 127, 127, 127, 687, 687, 687, 100, 127,
+ 127, 127, 127, 127, 127, 127, 560, 127, 127, 127,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 101, 127, 100, 100, 100, 100, 100, 100, 100,
+ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
+ 574, 577, 577, 577, 577, 577, 578, 575, 575, 575,
+ 575, 187, 723, 723, 532, 187, 198, 198, 198, 198,
+ 198, 198, 198, 198, 198, 198, 714, 187, 724, 724,
+ 198, 198, 198, 583, 198, 198, 198, 198, 198, 198,
+ 198, 198, 198, 198, 198, 198, 198, 198, 198, 198,
+
+ 198, 198, 650, 200, 187, 187, 187, 187, 187, 187,
+ 187, 187, 187, 187, 187, 187, 187, 187, 187, 187,
+ 187, 586, 587, 588, 589, 586, 586, 586, 586, 586,
+ 586, 661, 661, 661, 661, 661, 661, 661, 661, 661,
+ 661, 669, 670, 671, 669, 669, 669, 669, 669, 669,
+ 669, 717, 717, 717, 717, 717, 718, 101, 525, 526,
+ 526, 526, 526, 526, 526, 526, 526, 526, 526, 707,
+ 708, 709, 707, 707, 707, 707, 707, 707, 707, 668,
+ 668, 668, 668, 668, 668, 668, 668, 668, 668, 757,
+ 757, 757, 757, 757, 758, 101, 532, 813, 595, 595,
+
+ 595, 595, 595, 595, 595, 595, 595, 595, 534, 714,
+ 470, 643, 594, 594, 594, 594, 594, 532, 532, 712,
+ 712, 712, 712, 712, 712, 696, 697, 696, 697, 659,
+ 714, 813, 218, 813, 813, 813, 594, 594, 594, 594,
+ 594, 594, 532, 551, 596, 596, 596, 596, 596, 596,
+ 596, 596, 596, 596, 597, 759, 642, 641, 598, 598,
+ 598, 598, 598, 716, 716, 716, 716, 716, 716, 716,
+ 716, 716, 716, 688, 640, 689, 690, 691, 651, 760,
+ 651, 692, 598, 598, 598, 598, 598, 598, 602, 603,
+ 604, 602, 602, 602, 602, 602, 602, 602, 605, 574,
+
+ 574, 127, 606, 606, 606, 606, 606, 736, 737, 738,
+ 736, 736, 736, 736, 736, 736, 736, 791, 791, 791,
+ 791, 791, 791, 692, 574, 101, 606, 606, 606, 606,
+ 606, 606, 813, 630, 598, 598, 598, 598, 598, 598,
+ 598, 598, 598, 598, 607, 629, 610, 610, 610, 610,
+ 610, 611, 608, 608, 608, 608, 345, 218, 614, 614,
+ 614, 614, 614, 614, 614, 614, 614, 614, 551, 101,
+ 218, 778, 613, 613, 613, 613, 613, 813, 607, 689,
+ 690, 691, 813, 607, 813, 813, 691, 695, 470, 696,
+ 696, 696, 696, 696, 696, 779, 613, 613, 613, 613,
+
+ 613, 613, 345, 218, 615, 615, 615, 615, 615, 615,
+ 615, 615, 615, 615, 747, 343, 747, 127, 616, 616,
+ 616, 616, 616, 748, 764, 748, 764, 692, 765, 797,
+ 765, 797, 692, 218, 723, 723, 723, 723, 723, 723,
+ 585, 582, 616, 616, 616, 616, 616, 616, 813, 581,
+ 616, 616, 616, 616, 616, 616, 616, 616, 616, 616,
+ 100, 693, 580, 693, 693, 693, 100, 693, 693, 100,
+ 100, 693, 100, 100, 100, 127, 127, 127, 127, 127,
+ 127, 127, 127, 127, 127, 693, 693, 693, 100, 127,
+ 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+
+ 127, 127, 127, 127, 127, 127, 127, 620, 127, 127,
+ 127, 101, 127, 100, 100, 100, 100, 100, 100, 100,
+ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100,
+ 625, 746, 579, 747, 747, 747, 747, 747, 747, 187,
+ 798, 574, 798, 187, 198, 198, 198, 198, 198, 198,
+ 198, 198, 198, 198, 626, 187, 574, 569, 198, 198,
+ 198, 198, 198, 198, 198, 198, 198, 198, 198, 198,
+ 198, 198, 198, 198, 198, 198, 198, 198, 198, 198,
+ 568, 200, 187, 187, 187, 187, 187, 187, 187, 187,
+ 187, 187, 187, 187, 187, 187, 187, 187, 187, 644,
+
+ 476, 645, 645, 645, 645, 645, 645, 645, 645, 645,
+ 645, 722, 722, 722, 722, 722, 722, 722, 722, 722,
+ 722, 532, 476, 753, 753, 753, 753, 753, 753, 755,
+ 476, 470, 755, 714, 343, 279, 755, 101, 650, 524,
+ 653, 653, 653, 653, 653, 654, 651, 651, 651, 651,
+ 532, 523, 657, 657, 657, 657, 657, 657, 657, 657,
+ 657, 657, 597, 522, 519, 518, 656, 656, 656, 656,
+ 656, 756, 756, 756, 756, 756, 756, 756, 756, 756,
+ 756, 532, 446, 777, 777, 777, 777, 777, 777, 446,
+ 656, 656, 656, 656, 656, 656, 532, 446, 658, 658,
+
+ 658, 658, 658, 658, 658, 658, 658, 658, 659, 510,
+ 509, 101, 660, 660, 660, 660, 660, 735, 735, 735,
+ 735, 735, 735, 735, 735, 735, 735, 763, 101, 764,
+ 764, 764, 764, 764, 764, 101, 660, 660, 660, 660,
+ 660, 660, 664, 665, 666, 664, 664, 664, 664, 664,
+ 664, 664, 667, 101, 476, 476, 668, 668, 668, 668,
+ 668, 735, 735, 735, 735, 735, 735, 735, 735, 735,
+ 735, 470, 741, 343, 742, 742, 742, 742, 742, 742,
+ 668, 668, 668, 668, 668, 668, 813, 279, 660, 660,
+ 660, 660, 660, 660, 660, 660, 660, 660, 345, 218,
+
+ 674, 674, 674, 674, 674, 674, 674, 674, 674, 674,
+ 101, 279, 463, 462, 673, 673, 673, 673, 673, 772,
+ 773, 774, 772, 772, 772, 772, 772, 772, 772, 796,
+ 461, 797, 797, 797, 797, 797, 797, 460, 673, 673,
+ 673, 673, 673, 673, 695, 459, 698, 698, 698, 698,
+ 698, 699, 700, 700, 700, 700, 704, 705, 706, 704,
+ 704, 704, 704, 704, 704, 704, 783, 784, 785, 783,
+ 783, 783, 783, 783, 783, 783, 791, 791, 791, 791,
+ 791, 791, 791, 791, 791, 791, 810, 810, 810, 810,
+ 810, 810, 101, 644, 458, 645, 645, 645, 645, 645,
+
+ 645, 645, 645, 645, 645, 792, 792, 792, 792, 792,
+ 792, 792, 792, 792, 792, 793, 793, 793, 793, 793,
+ 794, 791, 791, 791, 791, 457, 795, 456, 455, 795,
+ 454, 101, 532, 795, 712, 712, 712, 712, 712, 712,
+ 712, 712, 712, 712, 659, 453, 452, 451, 711, 711,
+ 711, 711, 711, 786, 813, 787, 787, 787, 787, 787,
+ 787, 791, 791, 791, 791, 791, 791, 791, 791, 791,
+ 791, 446, 711, 711, 711, 711, 711, 711, 532, 446,
+ 713, 713, 713, 713, 713, 713, 713, 713, 713, 713,
+ 714, 101, 374, 441, 715, 715, 715, 715, 715, 791,
+
+ 791, 791, 791, 791, 791, 791, 791, 791, 791, 440,
+ 434, 433, 432, 431, 430, 429, 428, 427, 715, 715,
+ 715, 715, 715, 715, 719, 720, 721, 719, 719, 719,
+ 719, 719, 719, 719, 426, 408, 343, 279, 722, 722,
+ 722, 722, 722, 804, 805, 806, 804, 804, 804, 804,
+ 804, 804, 804, 404, 279, 125, 807, 807, 807, 807,
+ 807, 807, 722, 722, 722, 722, 722, 722, 813, 398,
+ 715, 715, 715, 715, 715, 715, 715, 715, 715, 715,
+ 218, 725, 725, 725, 725, 725, 726, 723, 723, 723,
+ 723, 741, 101, 742, 742, 742, 742, 742, 742, 742,
+
+ 742, 742, 742, 741, 397, 743, 743, 743, 743, 743,
+ 743, 743, 743, 743, 743, 741, 396, 744, 744, 744,
+ 744, 744, 745, 742, 742, 742, 742, 746, 393, 749,
+ 749, 749, 749, 749, 750, 747, 747, 747, 747, 532,
+ 392, 753, 753, 753, 753, 753, 753, 753, 753, 753,
+ 753, 714, 391, 390, 389, 752, 752, 752, 752, 752,
+ 810, 810, 810, 810, 810, 810, 810, 810, 810, 810,
+ 388, 315, 315, 315, 374, 376, 374, 375, 374, 752,
+ 752, 752, 752, 752, 752, 532, 368, 754, 754, 754,
+ 754, 754, 754, 754, 754, 754, 754, 367, 366, 365,
+
+ 364, 755, 755, 755, 755, 755, 804, 804, 804, 804,
+ 804, 804, 804, 804, 804, 804, 363, 362, 359, 119,
+ 279, 343, 279, 125, 105, 755, 755, 755, 755, 755,
+ 755, 763, 333, 766, 766, 766, 766, 766, 767, 764,
+ 764, 764, 764, 100, 329, 769, 770, 771, 769, 769,
+ 769, 769, 769, 769, 769, 741, 328, 742, 742, 742,
+ 742, 742, 742, 742, 742, 742, 742, 741, 327, 742,
+ 742, 742, 742, 742, 742, 742, 742, 742, 742, 532,
+ 326, 777, 777, 777, 777, 777, 777, 777, 777, 777,
+ 777, 786, 325, 787, 787, 787, 787, 787, 787, 787,
+
+ 787, 787, 787, 786, 324, 788, 788, 788, 788, 788,
+ 788, 788, 788, 788, 788, 786, 323, 789, 789, 789,
+ 789, 789, 790, 787, 787, 787, 787, 796, 322, 799,
+ 799, 799, 799, 799, 800, 797, 797, 797, 797, 100,
+ 191, 801, 802, 803, 801, 801, 801, 801, 801, 801,
+ 801, 786, 315, 787, 787, 787, 787, 787, 787, 787,
+ 787, 787, 787, 786, 315, 787, 787, 787, 787, 787,
+ 787, 787, 787, 787, 787, 807, 807, 807, 807, 807,
+ 807, 807, 807, 807, 807, 811, 811, 811, 811, 811,
+ 812, 810, 810, 810, 810, 810, 810, 810, 810, 810,
+
+ 810, 810, 810, 810, 810, 250, 312, 309, 308, 307,
+ 306, 101, 801, 801, 801, 801, 801, 801, 801, 801,
+ 801, 801, 305, 300, 299, 298, 297, 296, 295, 294,
+ 293, 292, 291, 290, 289, 125, 117, 105, 105, 267,
+ 266, 265, 264, 259, 258, 257, 813, 188, 101, 808,
+ 808, 808, 808, 808, 809, 807, 807, 807, 807, 250,
+ 176, 177, 171, 171, 163, 248, 157, 157, 241, 240,
+ 239, 238, 237, 234, 233, 232, 231, 230, 225, 224,
+ 223, 222, 125, 100, 125, 101, 807, 807, 807, 807,
+ 807, 807, 807, 807, 807, 807, 190, 113, 210, 105,
+
+ 103, 102, 101, 205, 204, 203, 202, 198, 177, 171,
+ 163, 133, 131, 157, 156, 153, 151, 137, 136, 135,
+ 132, 127, 101, 61, 61, 61, 61, 61, 61, 61,
+ 61, 61, 61, 61, 61, 61, 61, 61, 61, 61,
+ 61, 61, 61, 61, 33, 33, 33, 33, 33, 33,
+ 33, 33, 33, 33, 33, 33, 33, 33, 33, 33,
+ 33, 33, 33, 33, 33, 70, 70, 70, 70, 70,
+ 70, 70, 70, 70, 70, 70, 70, 70, 70, 70,
+ 70, 70, 70, 70, 70, 70, 77, 77, 77, 77,
+ 77, 77, 77, 77, 77, 77, 77, 77, 77, 77,
+
+ 77, 77, 77, 77, 77, 77, 77, 100, 125, 113,
+ 103, 102, 101, 813, 100, 813, 100, 100, 100, 100,
+ 813, 813, 100, 100, 100, 100, 100, 100, 104, 104,
+ 104, 104, 104, 104, 104, 104, 104, 104, 104, 104,
+ 104, 104, 104, 104, 104, 104, 104, 104, 104, 108,
+ 813, 813, 813, 813, 108, 813, 108, 813, 108, 108,
+ 108, 108, 108, 813, 108, 108, 108, 108, 108, 108,
+ 112, 813, 813, 813, 813, 813, 813, 112, 813, 112,
+ 112, 112, 112, 813, 813, 112, 112, 112, 112, 112,
+ 112, 114, 813, 813, 114, 114, 813, 114, 114, 813,
+
+ 114, 114, 114, 114, 813, 813, 114, 114, 114, 114,
+ 114, 114, 124, 124, 813, 124, 813, 813, 813, 124,
+ 158, 813, 813, 158, 158, 813, 158, 158, 813, 158,
+ 158, 158, 158, 813, 813, 158, 158, 158, 158, 158,
+ 158, 162, 813, 813, 162, 162, 813, 162, 162, 813,
+ 162, 162, 162, 162, 813, 162, 162, 162, 813, 162,
+ 162, 162, 170, 813, 813, 170, 813, 813, 170, 170,
+ 813, 170, 170, 170, 170, 170, 813, 170, 170, 170,
+ 170, 170, 170, 174, 174, 174, 174, 174, 174, 174,
+ 174, 174, 174, 174, 174, 174, 174, 174, 174, 174,
+
+ 174, 174, 174, 174, 176, 176, 813, 176, 813, 176,
+ 176, 176, 176, 176, 176, 176, 176, 176, 176, 176,
+ 176, 176, 176, 176, 176, 182, 813, 813, 813, 813,
+ 182, 813, 182, 813, 182, 182, 182, 182, 182, 813,
+ 182, 182, 182, 182, 182, 182, 186, 813, 813, 813,
+ 813, 813, 813, 186, 813, 186, 186, 186, 186, 813,
+ 186, 186, 186, 186, 186, 186, 186, 189, 813, 813,
+ 189, 189, 813, 189, 189, 813, 189, 189, 189, 189,
+ 813, 189, 189, 189, 189, 189, 189, 189, 208, 208,
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
+
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 209,
+ 209, 813, 209, 209, 209, 209, 209, 209, 209, 209,
+ 209, 209, 209, 209, 209, 209, 209, 209, 209, 209,
+ 115, 813, 813, 115, 115, 813, 115, 115, 813, 115,
+ 115, 115, 115, 813, 813, 115, 115, 115, 115, 115,
+ 115, 124, 124, 813, 124, 813, 813, 813, 124, 217,
+ 217, 813, 217, 813, 813, 813, 217, 219, 219, 219,
+ 813, 219, 813, 813, 813, 219, 158, 813, 813, 158,
+ 158, 813, 158, 158, 813, 158, 158, 158, 158, 813,
+ 813, 158, 158, 158, 158, 158, 158, 159, 813, 813,
+
+ 159, 159, 813, 159, 159, 813, 159, 159, 159, 159,
+ 813, 813, 159, 159, 159, 159, 159, 159, 162, 813,
+ 813, 162, 162, 813, 162, 162, 813, 162, 162, 162,
+ 162, 813, 162, 162, 162, 813, 162, 162, 162, 170,
+ 813, 813, 170, 813, 813, 170, 170, 813, 170, 170,
+ 170, 170, 170, 813, 170, 170, 170, 170, 170, 170,
+ 185, 813, 813, 813, 813, 813, 813, 185, 813, 185,
+ 185, 185, 185, 813, 813, 185, 185, 185, 185, 185,
+ 185, 186, 813, 813, 813, 813, 813, 813, 186, 813,
+ 186, 186, 186, 186, 813, 186, 186, 186, 186, 186,
+
+ 186, 186, 189, 813, 813, 189, 189, 813, 189, 189,
+ 813, 189, 189, 189, 189, 813, 189, 189, 189, 189,
+ 189, 189, 189, 200, 813, 813, 200, 200, 813, 200,
+ 268, 268, 268, 268, 268, 268, 268, 268, 268, 268,
+ 268, 268, 268, 268, 268, 268, 268, 268, 268, 268,
+ 268, 275, 275, 813, 275, 813, 813, 813, 275, 281,
+ 281, 281, 813, 281, 813, 813, 813, 281, 337, 337,
+ 813, 337, 813, 813, 813, 337, 338, 338, 813, 338,
+ 813, 813, 813, 338, 342, 342, 813, 342, 813, 813,
+ 813, 342, 344, 344, 344, 813, 344, 813, 813, 813,
+
+ 344, 200, 813, 813, 200, 200, 813, 200, 404, 404,
+ 813, 404, 813, 813, 813, 404, 406, 406, 813, 406,
+ 813, 813, 813, 406, 407, 407, 813, 407, 813, 813,
+ 813, 407, 409, 409, 409, 813, 409, 813, 813, 813,
+ 409, 413, 413, 413, 413, 813, 413, 813, 813, 813,
+ 413, 467, 467, 813, 467, 813, 813, 813, 467, 468,
+ 468, 813, 468, 813, 813, 813, 468, 469, 469, 813,
+ 469, 813, 813, 813, 469, 481, 481, 481, 813, 481,
+ 813, 813, 813, 481, 482, 482, 482, 482, 813, 482,
+ 813, 813, 813, 482, 208, 208, 208, 208, 208, 208,
+
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
+ 208, 208, 208, 208, 208, 530, 530, 813, 530, 813,
+ 813, 813, 530, 531, 531, 813, 531, 813, 813, 813,
+ 531, 547, 547, 547, 813, 547, 813, 813, 813, 547,
+ 548, 548, 548, 548, 813, 548, 813, 813, 813, 548,
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
+ 208, 200, 813, 813, 200, 200, 813, 200, 187, 813,
+ 813, 813, 187, 187, 813, 187, 187, 187, 813, 813,
+ 187, 187, 590, 590, 813, 590, 813, 813, 813, 590,
+
+ 594, 813, 594, 594, 813, 594, 813, 813, 813, 594,
+ 612, 612, 612, 813, 612, 813, 813, 813, 612, 613,
+ 613, 613, 613, 813, 613, 813, 813, 813, 613, 559,
+ 559, 813, 813, 559, 813, 813, 813, 559, 208, 208,
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 208,
+ 208, 208, 208, 208, 208, 208, 208, 208, 208, 200,
+ 813, 813, 200, 200, 813, 200, 187, 813, 813, 813,
+ 187, 187, 813, 187, 187, 187, 813, 813, 187, 187,
+ 655, 655, 813, 655, 813, 813, 813, 655, 656, 813,
+ 656, 656, 813, 656, 813, 813, 813, 656, 672, 672,
+
+ 672, 813, 672, 813, 813, 813, 672, 673, 673, 673,
+ 813, 813, 673, 813, 813, 813, 673, 682, 682, 682,
+ 682, 682, 682, 682, 682, 682, 682, 682, 682, 682,
+ 682, 682, 682, 682, 682, 682, 682, 682, 687, 687,
+ 813, 687, 687, 687, 813, 687, 813, 687, 687, 687,
+ 687, 813, 813, 687, 687, 687, 687, 687, 687, 693,
+ 693, 813, 693, 693, 693, 813, 693, 813, 693, 693,
+ 693, 693, 813, 813, 693, 693, 693, 693, 693, 693,
+ 200, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 200, 200, 813, 200, 200, 813, 200, 710, 710,
+
+ 813, 710, 813, 813, 813, 710, 711, 813, 711, 711,
+ 813, 711, 813, 813, 813, 711, 727, 727, 813, 813,
+ 727, 813, 813, 813, 727, 693, 813, 813, 813, 813,
+ 813, 813, 693, 813, 693, 693, 693, 693, 813, 813,
+ 693, 693, 693, 693, 693, 693, 751, 751, 813, 751,
+ 813, 813, 813, 751, 752, 813, 752, 752, 813, 752,
+ 813, 813, 813, 752, 775, 775, 813, 775, 813, 813,
+ 813, 775, 776, 813, 776, 813, 813, 776, 813, 813,
+ 813, 776, 780, 780, 780, 780, 780, 780, 780, 780,
+ 780, 780, 780, 780, 780, 780, 780, 780, 780, 780,
+
+ 780, 780, 780, 15, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813
} ;
-static yyconst short int yy_chk[3663] =
+static yyconst short int yy_chk[5675] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 2, 618, 3,
- 20, 2, 70, 3, 47, 36, 50, 4, 34, 3,
- 36, 4, 3, 11, 11, 11, 11, 4, 20, 34,
- 4, 12, 12, 12, 12, 2, 2, 70, 47, 2,
-
- 77, 38, 602, 50, 3, 599, 44, 2, 3, 3,
- 2, 3, 4, 597, 20, 38, 4, 4, 52, 4,
- 5, 5, 5, 44, 5, 6, 6, 6, 52, 6,
- 5, 11, 3, 25, 25, 6, 120, 25, 25, 12,
- 4, 120, 5, 5, 66, 66, 77, 6, 6, 9,
- 9, 9, 9, 9, 58, 25, 74, 74, 9, 9,
- 9, 28, 28, 28, 28, 28, 28, 19, 5, 143,
- 143, 58, 9, 6, 7, 7, 7, 19, 7, 25,
- 19, 19, 19, 19, 19, 19, 19, 19, 27, 27,
- 27, 27, 27, 27, 27, 27, 105, 9, 10, 10,
-
- 10, 10, 10, 76, 583, 105, 90, 10, 10, 10,
- 43, 165, 43, 43, 43, 43, 43, 43, 43, 43,
- 45, 10, 7, 7, 7, 7, 7, 7, 7, 7,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 2, 533, 3, 38, 2, 52, 3, 49, 38, 50,
+ 4, 36, 3, 533, 4, 3, 11, 11, 11, 11,
+ 4, 22, 36, 4, 40, 5, 5, 5, 50, 5,
+
+ 2, 2, 49, 52, 2, 5, 68, 68, 40, 3,
+ 807, 22, 2, 3, 3, 2, 3, 4, 54, 5,
+ 5, 4, 4, 148, 4, 6, 6, 6, 54, 6,
+ 799, 12, 12, 12, 12, 6, 11, 22, 3, 76,
+ 76, 72, 46, 27, 27, 5, 4, 27, 27, 6,
+ 6, 46, 47, 78, 9, 9, 9, 9, 9, 74,
+ 46, 164, 164, 9, 9, 9, 72, 27, 30, 30,
+ 30, 30, 30, 30, 79, 6, 7, 7, 7, 9,
+ 7, 12, 47, 47, 74, 148, 47, 60, 141, 81,
+ 81, 27, 81, 141, 47, 91, 60, 47, 10, 10,
+
+ 10, 10, 10, 78, 9, 60, 91, 10, 10, 10,
+ 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+ 161, 798, 79, 10, 179, 161, 7, 7, 7, 7,
7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
- 8, 8, 8, 48, 8, 128, 10, 72, 45, 45,
- 90, 76, 45, 79, 79, 165, 79, 128, 582, 127,
- 45, 53, 48, 45, 53, 53, 53, 53, 53, 53,
- 53, 53, 72, 86, 86, 86, 86, 86, 86, 86,
- 86, 103, 103, 103, 103, 103, 103, 580, 8, 8,
- 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 7, 7, 7, 7, 7, 8, 8, 8, 10, 8,
+ 86, 86, 86, 86, 86, 86, 86, 86, 86, 86,
+ 87, 87, 87, 87, 87, 87, 99, 101, 274, 101,
+ 101, 101, 179, 101, 101, 99, 149, 101, 106, 106,
+ 106, 106, 106, 106, 106, 106, 106, 106, 140, 149,
+ 140, 101, 101, 101, 274, 8, 8, 8, 8, 8,
- 8, 8, 8, 8, 8, 8, 26, 131, 26, 26,
- 26, 26, 26, 26, 26, 26, 26, 88, 127, 131,
- 26, 26, 26, 26, 26, 130, 191, 112, 579, 55,
- 55, 129, 112, 55, 55, 88, 112, 132, 112, 191,
- 130, 202, 26, 132, 26, 26, 26, 26, 26, 26,
- 32, 55, 140, 147, 147, 202, 32, 140, 575, 32,
- 32, 88, 32, 32, 32, 32, 32, 32, 32, 32,
- 32, 32, 32, 32, 129, 55, 32, 32, 32, 32,
- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
-
- 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
- 32, 32, 32, 32, 32, 32, 32, 35, 35, 35,
- 35, 35, 35, 35, 35, 35, 65, 118, 118, 35,
- 35, 35, 35, 35, 159, 159, 65, 133, 35, 65,
- 65, 65, 65, 65, 65, 65, 65, 133, 154, 154,
- 201, 208, 201, 35, 35, 35, 35, 35, 35, 42,
- 42, 42, 42, 42, 158, 42, 42, 175, 157, 42,
- 64, 64, 64, 200, 64, 118, 175, 219, 64, 197,
- 64, 42, 42, 42, 46, 198, 219, 208, 212, 200,
- 198, 227, 64, 64, 46, 564, 154, 46, 46, 46,
-
- 46, 46, 46, 46, 46, 81, 560, 81, 81, 81,
- 158, 81, 81, 227, 212, 81, 157, 245, 64, 87,
- 87, 87, 87, 87, 87, 87, 87, 81, 81, 81,
- 197, 94, 94, 556, 229, 94, 94, 204, 89, 229,
- 46, 89, 89, 89, 89, 89, 89, 89, 89, 91,
- 204, 91, 91, 94, 544, 91, 91, 239, 93, 91,
- 93, 93, 93, 239, 93, 93, 246, 246, 93, 216,
- 216, 216, 91, 91, 245, 289, 248, 94, 249, 260,
- 93, 93, 93, 96, 249, 96, 96, 96, 260, 96,
- 96, 248, 543, 96, 97, 97, 97, 97, 97, 97,
-
- 97, 97, 273, 290, 294, 96, 96, 96, 101, 101,
- 101, 101, 101, 101, 101, 101, 102, 102, 102, 102,
- 102, 102, 102, 102, 273, 290, 482, 291, 97, 98,
- 98, 98, 98, 98, 98, 98, 98, 291, 247, 289,
- 294, 98, 98, 98, 98, 98, 135, 135, 135, 135,
- 135, 135, 135, 135, 332, 433, 285, 433, 137, 137,
- 121, 285, 137, 137, 247, 98, 98, 98, 98, 98,
- 98, 106, 106, 106, 106, 106, 106, 106, 106, 106,
- 137, 247, 482, 106, 106, 106, 106, 106, 121, 121,
- 303, 139, 121, 139, 139, 139, 307, 139, 139, 303,
-
- 121, 139, 528, 121, 137, 307, 332, 106, 106, 106,
- 106, 106, 106, 139, 139, 139, 146, 146, 146, 146,
- 146, 146, 146, 146, 150, 292, 324, 150, 150, 334,
- 292, 324, 383, 524, 150, 163, 163, 163, 163, 163,
- 163, 163, 163, 323, 523, 334, 385, 150, 164, 164,
- 164, 164, 164, 164, 164, 164, 166, 522, 166, 166,
- 167, 385, 166, 166, 167, 323, 166, 262, 262, 211,
- 167, 211, 211, 211, 211, 211, 211, 262, 166, 166,
- 166, 521, 167, 167, 168, 383, 168, 168, 168, 168,
- 168, 168, 168, 168, 169, 327, 169, 169, 169, 169,
-
- 169, 169, 169, 169, 170, 211, 170, 170, 170, 170,
- 170, 170, 170, 170, 203, 264, 264, 327, 203, 388,
- 168, 308, 308, 380, 203, 264, 329, 515, 309, 309,
- 169, 308, 311, 311, 498, 329, 203, 203, 309, 380,
- 170, 171, 311, 171, 171, 171, 171, 171, 171, 171,
- 171, 400, 400, 497, 388, 171, 171, 171, 171, 171,
- 207, 207, 207, 207, 207, 207, 207, 207, 209, 335,
- 209, 209, 209, 209, 209, 209, 209, 209, 335, 171,
- 171, 171, 171, 171, 171, 174, 174, 174, 174, 174,
- 174, 174, 174, 174, 207, 451, 451, 174, 174, 174,
-
- 174, 174, 527, 210, 209, 210, 210, 210, 210, 210,
- 210, 210, 210, 220, 220, 220, 220, 220, 220, 220,
- 220, 174, 174, 174, 174, 174, 174, 176, 176, 176,
- 176, 176, 176, 176, 176, 176, 176, 465, 465, 210,
- 176, 176, 176, 176, 176, 215, 215, 215, 215, 215,
- 215, 215, 215, 215, 222, 222, 222, 222, 222, 222,
- 222, 222, 386, 527, 176, 176, 176, 176, 176, 176,
- 177, 177, 177, 177, 177, 177, 177, 177, 386, 466,
- 466, 328, 177, 177, 177, 177, 177, 223, 223, 223,
- 223, 223, 223, 225, 333, 225, 225, 225, 225, 225,
-
- 225, 225, 225, 328, 333, 493, 177, 177, 177, 177,
- 177, 177, 221, 221, 221, 221, 221, 221, 221, 221,
- 221, 221, 221, 353, 469, 469, 221, 221, 221, 221,
- 221, 250, 353, 250, 250, 250, 250, 250, 250, 250,
- 250, 255, 255, 255, 255, 255, 255, 255, 255, 255,
- 221, 221, 221, 221, 221, 221, 224, 224, 224, 224,
- 224, 224, 224, 224, 224, 224, 354, 250, 479, 224,
- 224, 224, 224, 224, 251, 354, 251, 251, 251, 251,
- 251, 251, 251, 251, 261, 261, 261, 261, 261, 261,
- 261, 261, 474, 224, 224, 224, 224, 224, 224, 252,
-
- 473, 252, 252, 252, 252, 252, 252, 252, 252, 370,
- 251, 263, 263, 263, 263, 263, 263, 263, 263, 267,
- 267, 267, 267, 267, 267, 267, 267, 481, 481, 267,
- 472, 370, 505, 505, 470, 252, 265, 265, 265, 265,
- 265, 265, 265, 265, 265, 265, 265, 268, 268, 268,
- 268, 268, 268, 268, 268, 268, 268, 268, 376, 378,
- 427, 268, 268, 268, 268, 268, 269, 269, 269, 269,
- 269, 269, 269, 269, 270, 270, 270, 270, 270, 270,
- 376, 378, 427, 516, 516, 268, 268, 268, 268, 268,
- 268, 271, 271, 271, 271, 271, 271, 271, 271, 271,
-
- 271, 384, 525, 525, 271, 271, 271, 271, 271, 272,
- 384, 272, 272, 272, 272, 272, 272, 272, 272, 293,
- 293, 293, 293, 293, 293, 293, 293, 458, 271, 271,
- 271, 271, 271, 271, 295, 395, 295, 295, 295, 295,
- 295, 295, 295, 295, 297, 395, 297, 297, 297, 297,
- 297, 297, 296, 293, 296, 296, 296, 296, 296, 296,
- 296, 296, 317, 317, 317, 317, 317, 317, 444, 304,
- 295, 304, 304, 304, 304, 304, 304, 304, 304, 440,
- 297, 345, 345, 345, 345, 345, 345, 435, 296, 302,
- 302, 302, 302, 302, 302, 302, 302, 302, 409, 551,
-
- 551, 302, 302, 302, 302, 302, 305, 409, 305, 305,
- 305, 305, 305, 305, 305, 305, 310, 310, 310, 310,
- 310, 310, 310, 310, 431, 302, 302, 302, 302, 302,
- 302, 306, 430, 306, 306, 306, 306, 306, 306, 306,
- 306, 312, 312, 312, 312, 312, 312, 312, 312, 312,
- 312, 312, 314, 314, 314, 314, 314, 314, 314, 314,
- 483, 429, 314, 315, 315, 315, 315, 315, 315, 315,
- 315, 315, 315, 315, 426, 483, 425, 315, 315, 315,
- 315, 315, 316, 316, 316, 316, 316, 316, 316, 316,
- 319, 410, 319, 319, 319, 319, 319, 319, 319, 319,
-
- 410, 315, 315, 315, 315, 315, 315, 318, 318, 318,
- 318, 318, 318, 318, 318, 318, 318, 566, 566, 424,
- 318, 318, 318, 318, 318, 336, 336, 336, 336, 336,
- 336, 336, 336, 336, 337, 337, 337, 337, 337, 337,
- 337, 337, 337, 423, 318, 318, 318, 318, 318, 318,
- 338, 338, 338, 338, 338, 338, 338, 338, 338, 422,
- 336, 342, 342, 342, 342, 342, 342, 342, 342, 337,
- 344, 344, 344, 344, 344, 344, 344, 344, 364, 364,
- 364, 364, 364, 364, 428, 338, 343, 397, 343, 343,
- 343, 343, 343, 343, 343, 343, 343, 397, 586, 586,
-
- 343, 343, 343, 343, 343, 347, 428, 347, 347, 347,
- 347, 347, 347, 347, 347, 348, 348, 348, 348, 348,
- 348, 348, 348, 393, 343, 343, 343, 343, 343, 343,
- 346, 346, 346, 346, 346, 346, 346, 346, 346, 392,
- 432, 432, 346, 346, 346, 346, 346, 350, 445, 350,
- 350, 350, 350, 350, 350, 350, 350, 352, 445, 352,
- 352, 352, 352, 352, 352, 382, 346, 346, 346, 346,
- 346, 346, 351, 381, 351, 351, 351, 351, 351, 351,
- 351, 351, 355, 355, 356, 356, 403, 403, 403, 403,
- 403, 403, 355, 432, 356, 357, 357, 357, 357, 357,
-
- 357, 357, 357, 358, 358, 363, 363, 363, 363, 363,
- 363, 363, 363, 358, 359, 359, 359, 359, 359, 359,
- 359, 359, 359, 359, 359, 361, 361, 361, 361, 361,
- 361, 361, 361, 590, 590, 361, 362, 362, 362, 362,
- 362, 362, 362, 362, 362, 362, 362, 462, 603, 603,
- 362, 362, 362, 362, 362, 366, 462, 366, 366, 366,
- 366, 366, 366, 366, 366, 387, 387, 387, 387, 387,
- 387, 387, 387, 375, 362, 362, 362, 362, 362, 362,
- 365, 365, 365, 365, 365, 365, 365, 365, 365, 463,
- 634, 634, 374, 365, 365, 365, 365, 365, 463, 387,
-
- 389, 389, 389, 389, 389, 389, 389, 389, 389, 391,
- 391, 391, 391, 391, 391, 391, 373, 365, 365, 365,
- 365, 365, 365, 390, 390, 390, 390, 390, 390, 390,
- 390, 390, 471, 434, 372, 389, 394, 394, 394, 394,
- 394, 394, 394, 394, 391, 396, 396, 396, 396, 396,
- 396, 396, 396, 434, 471, 434, 434, 398, 390, 398,
- 398, 398, 398, 398, 398, 398, 398, 398, 401, 487,
- 401, 401, 401, 401, 401, 401, 401, 401, 401, 434,
- 369, 368, 401, 401, 401, 401, 401, 402, 402, 402,
- 402, 402, 402, 402, 402, 405, 367, 405, 405, 405,
-
- 405, 405, 405, 405, 405, 487, 401, 401, 401, 401,
- 401, 401, 404, 404, 404, 404, 404, 404, 404, 404,
- 404, 514, 349, 341, 404, 404, 404, 404, 404, 406,
- 514, 406, 406, 406, 406, 406, 406, 406, 406, 420,
- 420, 420, 420, 420, 420, 411, 411, 340, 404, 404,
- 404, 404, 404, 404, 407, 411, 407, 407, 407, 407,
- 407, 407, 407, 407, 408, 339, 408, 408, 408, 408,
- 408, 408, 408, 408, 412, 412, 413, 413, 413, 413,
- 413, 413, 413, 413, 412, 414, 414, 419, 419, 419,
- 419, 419, 419, 419, 419, 414, 415, 415, 415, 415,
-
- 415, 415, 415, 415, 415, 415, 415, 417, 417, 417,
- 417, 417, 417, 417, 417, 331, 330, 417, 418, 418,
- 418, 418, 418, 418, 418, 418, 418, 418, 446, 326,
- 325, 322, 418, 418, 418, 418, 418, 421, 446, 421,
- 421, 421, 421, 421, 421, 421, 421, 447, 447, 447,
- 447, 447, 447, 447, 447, 321, 418, 418, 418, 418,
- 418, 418, 436, 448, 436, 436, 436, 436, 436, 436,
- 436, 436, 437, 448, 437, 437, 437, 437, 437, 437,
- 437, 437, 438, 499, 438, 438, 438, 438, 438, 438,
- 438, 438, 491, 499, 570, 606, 320, 439, 436, 439,
-
- 439, 439, 439, 439, 439, 439, 439, 441, 437, 441,
- 441, 441, 441, 441, 441, 441, 441, 442, 438, 442,
- 442, 442, 442, 442, 442, 442, 442, 301, 491, 300,
- 570, 606, 443, 439, 443, 443, 443, 443, 443, 443,
- 443, 443, 449, 475, 449, 449, 449, 449, 449, 449,
- 449, 449, 449, 452, 299, 452, 452, 452, 452, 452,
- 452, 452, 452, 452, 477, 475, 518, 452, 452, 452,
- 452, 452, 453, 453, 453, 453, 453, 453, 453, 453,
- 454, 454, 454, 454, 454, 454, 477, 298, 518, 288,
- 287, 452, 452, 452, 452, 452, 452, 455, 455, 455,
-
- 455, 455, 455, 455, 455, 455, 286, 284, 282, 455,
- 455, 455, 455, 455, 456, 281, 456, 456, 456, 456,
- 456, 456, 456, 456, 457, 457, 457, 457, 457, 457,
- 457, 457, 280, 455, 455, 455, 455, 455, 455, 459,
- 279, 459, 459, 459, 459, 459, 459, 459, 459, 460,
- 480, 460, 460, 460, 460, 460, 460, 460, 460, 461,
- 278, 461, 461, 461, 461, 461, 461, 464, 464, 685,
- 480, 277, 480, 480, 685, 276, 275, 464, 467, 467,
- 467, 467, 467, 467, 467, 467, 467, 467, 484, 259,
- 484, 484, 484, 485, 258, 485, 485, 485, 486, 486,
-
- 486, 486, 486, 486, 486, 486, 488, 500, 488, 488,
- 488, 488, 488, 488, 488, 488, 489, 500, 489, 489,
- 489, 489, 489, 489, 489, 489, 257, 502, 545, 520,
- 546, 256, 486, 254, 548, 253, 484, 502, 545, 244,
- 546, 485, 488, 490, 548, 490, 490, 490, 490, 490,
- 490, 520, 489, 492, 492, 492, 492, 492, 492, 492,
- 492, 494, 243, 494, 494, 494, 494, 494, 494, 494,
- 494, 508, 508, 508, 508, 508, 508, 242, 495, 490,
- 495, 495, 495, 495, 495, 495, 495, 495, 496, 241,
- 496, 496, 496, 496, 496, 496, 501, 501, 501, 501,
-
- 501, 501, 501, 501, 503, 561, 503, 503, 503, 503,
- 503, 503, 503, 503, 503, 506, 581, 506, 506, 506,
- 506, 506, 506, 506, 506, 506, 581, 561, 240, 506,
- 506, 506, 506, 506, 507, 507, 507, 507, 507, 507,
- 507, 507, 510, 237, 510, 510, 510, 510, 510, 510,
- 510, 510, 235, 506, 506, 506, 506, 506, 506, 509,
- 509, 509, 509, 509, 509, 509, 509, 234, 233, 232,
- 231, 509, 509, 509, 509, 509, 511, 511, 511, 511,
- 511, 511, 511, 511, 511, 512, 512, 512, 512, 512,
- 512, 512, 512, 512, 563, 509, 509, 509, 509, 509,
-
- 509, 513, 513, 513, 513, 513, 513, 513, 513, 513,
- 529, 230, 529, 529, 529, 530, 563, 530, 530, 530,
- 531, 228, 531, 531, 531, 532, 226, 532, 532, 532,
- 533, 218, 217, 533, 533, 533, 533, 533, 533, 533,
- 533, 214, 587, 534, 534, 589, 535, 534, 535, 535,
- 535, 213, 206, 536, 536, 205, 199, 536, 529, 534,
- 534, 534, 196, 530, 587, 195, 194, 589, 531, 536,
- 536, 536, 537, 532, 537, 537, 537, 537, 537, 537,
- 537, 537, 538, 600, 538, 538, 538, 538, 538, 538,
- 538, 538, 193, 539, 535, 539, 539, 539, 539, 539,
-
- 539, 539, 539, 192, 190, 600, 189, 540, 537, 540,
- 540, 540, 540, 540, 540, 540, 540, 541, 538, 541,
- 541, 541, 541, 541, 541, 541, 541, 188, 542, 539,
- 542, 542, 542, 542, 542, 542, 542, 542, 547, 547,
- 547, 547, 547, 547, 547, 547, 549, 187, 549, 549,
- 549, 549, 549, 549, 549, 549, 549, 552, 186, 552,
- 552, 552, 552, 552, 552, 552, 552, 185, 184, 183,
- 182, 552, 552, 552, 552, 552, 553, 553, 553, 553,
- 553, 553, 553, 553, 554, 554, 554, 554, 554, 554,
- 181, 180, 179, 173, 172, 552, 552, 552, 552, 552,
-
- 552, 555, 162, 555, 555, 555, 555, 555, 555, 555,
- 555, 557, 557, 557, 557, 557, 557, 557, 557, 557,
- 558, 558, 558, 558, 558, 558, 558, 558, 558, 559,
- 559, 559, 559, 559, 559, 559, 567, 567, 567, 567,
- 567, 567, 567, 567, 568, 568, 568, 568, 568, 568,
- 568, 568, 569, 569, 569, 569, 569, 569, 569, 569,
- 571, 161, 571, 571, 571, 571, 571, 571, 571, 571,
- 572, 160, 572, 572, 572, 572, 572, 572, 572, 572,
- 156, 155, 153, 149, 142, 573, 569, 573, 573, 573,
- 573, 573, 573, 138, 136, 134, 571, 574, 574, 574,
-
- 574, 574, 574, 574, 574, 576, 572, 576, 576, 576,
- 576, 576, 576, 576, 576, 126, 125, 124, 123, 122,
- 577, 573, 577, 577, 577, 577, 577, 577, 577, 577,
- 578, 117, 578, 578, 578, 578, 578, 578, 584, 116,
- 584, 584, 584, 584, 584, 584, 584, 584, 591, 115,
- 591, 591, 591, 591, 591, 591, 591, 591, 592, 114,
- 592, 592, 592, 592, 592, 592, 592, 592, 593, 113,
- 593, 593, 593, 593, 593, 593, 593, 593, 613, 613,
- 613, 613, 613, 613, 591, 594, 594, 594, 594, 594,
- 594, 594, 594, 111, 592, 595, 595, 595, 595, 595,
-
- 595, 595, 595, 110, 593, 596, 596, 596, 596, 596,
- 596, 596, 596, 605, 605, 605, 605, 605, 605, 605,
- 605, 607, 109, 607, 607, 607, 607, 607, 607, 607,
- 607, 608, 108, 608, 608, 608, 608, 608, 608, 608,
- 608, 104, 100, 99, 95, 92, 609, 605, 609, 609,
- 609, 609, 609, 609, 84, 83, 82, 607, 611, 611,
- 611, 611, 611, 611, 611, 611, 80, 608, 612, 612,
- 612, 612, 612, 612, 612, 612, 75, 68, 61, 57,
- 56, 54, 609, 615, 615, 615, 615, 615, 615, 615,
- 615, 616, 616, 616, 616, 616, 616, 616, 616, 617,
-
- 617, 617, 617, 617, 617, 617, 617, 619, 619, 619,
- 619, 619, 619, 619, 619, 51, 49, 615, 620, 620,
- 620, 620, 620, 620, 41, 616, 40, 39, 37, 33,
- 29, 23, 17, 617, 15, 14, 13, 0, 0, 0,
- 0, 619, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 620, 622, 622, 622, 622, 622, 622, 622,
- 622, 622, 622, 622, 622, 622, 622, 622, 622, 623,
- 623, 623, 623, 623, 623, 623, 623, 623, 623, 623,
- 623, 623, 623, 623, 623, 624, 624, 624, 624, 624,
- 624, 624, 624, 624, 624, 624, 624, 624, 624, 624,
-
- 624, 625, 625, 625, 625, 625, 625, 625, 625, 625,
- 625, 625, 625, 625, 625, 625, 625, 626, 0, 0,
- 0, 0, 0, 0, 0, 626, 626, 626, 0, 0,
- 626, 626, 626, 627, 627, 627, 627, 627, 627, 627,
- 627, 627, 627, 627, 627, 627, 627, 627, 627, 628,
- 0, 0, 0, 0, 628, 0, 0, 628, 628, 628,
- 628, 0, 628, 628, 628, 629, 0, 0, 0, 0,
- 0, 0, 0, 629, 629, 629, 0, 0, 629, 629,
- 629, 630, 0, 0, 630, 630, 0, 630, 0, 630,
- 630, 630, 0, 0, 630, 630, 630, 631, 631, 0,
-
- 0, 0, 631, 632, 0, 0, 632, 632, 0, 632,
- 0, 632, 632, 632, 0, 0, 632, 632, 632, 633,
- 0, 0, 633, 633, 0, 633, 0, 633, 633, 633,
- 0, 633, 0, 633, 633, 635, 0, 0, 635, 0,
- 0, 635, 0, 635, 635, 635, 635, 0, 635, 635,
- 635, 636, 636, 636, 636, 636, 636, 636, 636, 636,
- 636, 636, 636, 636, 636, 636, 636, 637, 637, 0,
- 637, 0, 637, 637, 637, 637, 637, 637, 637, 637,
- 637, 637, 637, 638, 638, 638, 638, 638, 638, 638,
- 638, 638, 638, 638, 638, 638, 638, 638, 638, 639,
-
- 639, 0, 639, 639, 639, 639, 639, 639, 639, 639,
- 639, 639, 639, 639, 639, 640, 0, 0, 0, 0,
- 640, 0, 0, 640, 640, 640, 0, 0, 640, 640,
- 640, 641, 0, 0, 641, 641, 0, 641, 0, 641,
- 641, 641, 0, 0, 641, 641, 641, 642, 642, 0,
- 0, 0, 642, 643, 643, 643, 0, 0, 0, 643,
- 644, 0, 0, 644, 644, 0, 644, 0, 644, 644,
- 644, 0, 0, 644, 644, 644, 645, 645, 645, 645,
- 645, 645, 645, 645, 645, 645, 645, 645, 645, 645,
- 645, 645, 646, 646, 0, 0, 0, 646, 647, 647,
-
- 647, 0, 0, 0, 647, 648, 648, 0, 0, 0,
- 648, 649, 649, 0, 0, 0, 649, 650, 650, 0,
- 0, 0, 650, 651, 651, 651, 0, 0, 0, 651,
- 652, 652, 0, 0, 0, 652, 653, 653, 0, 0,
- 0, 653, 654, 654, 0, 0, 0, 654, 655, 655,
- 655, 0, 0, 0, 655, 656, 656, 656, 656, 0,
- 0, 0, 656, 657, 657, 0, 0, 0, 657, 658,
- 658, 0, 0, 0, 658, 659, 659, 0, 0, 0,
- 659, 660, 660, 660, 0, 0, 0, 660, 661, 661,
- 661, 661, 0, 0, 0, 661, 662, 662, 0, 0,
-
- 0, 662, 663, 663, 0, 0, 0, 663, 664, 664,
- 664, 0, 0, 0, 664, 665, 665, 665, 665, 0,
- 0, 0, 665, 666, 666, 0, 0, 0, 666, 667,
- 0, 667, 667, 0, 0, 0, 667, 668, 668, 668,
- 0, 0, 0, 668, 669, 669, 669, 669, 0, 0,
- 0, 669, 670, 670, 0, 0, 0, 670, 671, 0,
- 671, 671, 0, 0, 0, 671, 672, 672, 672, 0,
- 0, 0, 672, 673, 673, 673, 0, 0, 0, 0,
- 673, 674, 674, 674, 674, 674, 674, 674, 674, 674,
- 674, 674, 674, 674, 674, 674, 674, 675, 675, 0,
-
- 675, 675, 675, 0, 0, 675, 675, 675, 0, 0,
- 675, 675, 675, 676, 676, 0, 676, 676, 676, 0,
- 0, 676, 676, 676, 0, 0, 676, 676, 676, 677,
- 677, 0, 0, 0, 677, 678, 0, 678, 678, 0,
- 0, 0, 678, 679, 679, 0, 0, 0, 0, 679,
- 680, 680, 0, 0, 0, 680, 681, 0, 681, 681,
- 0, 0, 0, 681, 682, 682, 0, 0, 0, 682,
- 683, 0, 683, 0, 0, 0, 0, 683, 684, 684,
- 684, 684, 684, 684, 684, 684, 684, 684, 684, 684,
- 684, 684, 684, 684, 621, 621, 621, 621, 621, 621,
-
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621, 621, 621, 621, 621, 621, 621, 621, 621,
- 621, 621
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+ 13, 13, 13, 13, 21, 125, 153, 797, 82, 168,
+ 168, 270, 153, 178, 21, 784, 125, 21, 21, 21,
+
+ 21, 21, 21, 21, 21, 21, 21, 28, 82, 28,
+ 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+ 152, 180, 180, 28, 28, 28, 28, 28, 151, 270,
+ 289, 57, 57, 152, 82, 57, 57, 123, 123, 123,
+ 123, 123, 123, 178, 151, 28, 154, 28, 28, 28,
+ 28, 28, 28, 34, 289, 57, 154, 500, 246, 34,
+ 246, 500, 34, 34, 313, 34, 34, 34, 34, 34,
+ 34, 34, 34, 34, 34, 34, 34, 34, 34, 57,
+ 313, 34, 34, 34, 34, 34, 34, 34, 34, 34,
+ 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
+
+ 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
+ 34, 34, 34, 34, 34, 34, 34, 34, 34, 34,
+ 34, 34, 34, 37, 37, 37, 37, 37, 37, 37,
+ 37, 37, 37, 37, 219, 783, 242, 37, 37, 37,
+ 37, 37, 245, 150, 236, 219, 37, 107, 107, 107,
+ 107, 107, 107, 107, 107, 107, 107, 247, 236, 245,
+ 303, 37, 37, 37, 37, 37, 37, 44, 44, 44,
+ 44, 44, 247, 44, 44, 311, 311, 44, 121, 121,
+ 121, 121, 121, 121, 121, 121, 121, 121, 150, 242,
+ 108, 44, 44, 44, 45, 303, 45, 45, 45, 45,
+
+ 45, 45, 45, 45, 45, 45, 48, 66, 66, 66,
+ 108, 66, 304, 110, 370, 66, 48, 66, 304, 48,
+ 48, 48, 48, 48, 48, 48, 48, 48, 48, 132,
+ 243, 66, 66, 110, 132, 243, 108, 281, 132, 171,
+ 132, 83, 171, 171, 370, 138, 138, 83, 281, 171,
+ 83, 114, 114, 83, 83, 114, 114, 66, 182, 110,
+ 780, 302, 175, 175, 171, 48, 67, 83, 291, 83,
+ 183, 235, 235, 291, 235, 114, 67, 249, 182, 67,
+ 67, 67, 67, 67, 67, 67, 67, 67, 67, 302,
+ 183, 249, 83, 83, 84, 138, 777, 84, 84, 114,
+
+ 84, 84, 84, 84, 182, 235, 84, 84, 111, 775,
+ 111, 111, 175, 314, 111, 111, 183, 369, 111, 314,
+ 84, 84, 84, 122, 122, 122, 122, 122, 122, 122,
+ 122, 122, 122, 111, 111, 156, 156, 156, 156, 156,
+ 156, 156, 156, 156, 156, 84, 84, 85, 310, 369,
+ 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
+ 85, 85, 85, 85, 322, 357, 85, 85, 85, 85,
+ 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
+ 85, 85, 85, 85, 85, 85, 85, 85, 322, 357,
+ 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
+
+ 85, 85, 85, 85, 85, 85, 85, 88, 310, 88,
+ 88, 88, 88, 88, 88, 88, 88, 88, 88, 88,
+ 278, 278, 278, 88, 88, 88, 88, 88, 266, 266,
+ 113, 266, 113, 113, 113, 330, 113, 113, 330, 371,
+ 113, 196, 196, 196, 196, 196, 196, 88, 88, 88,
+ 88, 88, 88, 89, 113, 113, 113, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 453, 371, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 453, 89, 89, 89, 89, 89,
+
+ 89, 89, 89, 89, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 92, 92, 92, 92, 92, 92, 92,
+ 92, 92, 92, 92, 377, 444, 378, 92, 92, 92,
+ 92, 92, 203, 344, 158, 158, 92, 203, 158, 158,
+ 323, 203, 444, 203, 344, 323, 301, 142, 378, 301,
+ 457, 92, 92, 92, 92, 92, 92, 97, 158, 97,
+ 97, 97, 97, 97, 97, 97, 97, 97, 97, 116,
+ 766, 116, 116, 116, 457, 116, 116, 142, 142, 116,
+ 301, 142, 158, 214, 214, 214, 214, 214, 214, 142,
+ 372, 377, 142, 116, 116, 116, 117, 117, 117, 117,
+
+ 117, 117, 117, 117, 117, 117, 167, 167, 167, 167,
+ 167, 167, 167, 167, 167, 167, 346, 346, 765, 160,
+ 379, 160, 160, 160, 372, 160, 160, 764, 346, 160,
+ 400, 379, 117, 118, 118, 118, 118, 118, 118, 118,
+ 118, 118, 118, 160, 160, 160, 458, 118, 118, 118,
+ 118, 118, 191, 191, 191, 191, 191, 191, 191, 191,
+ 191, 191, 273, 273, 273, 273, 427, 427, 400, 755,
+ 458, 118, 118, 118, 118, 118, 118, 126, 126, 126,
+ 126, 126, 126, 126, 126, 126, 126, 126, 312, 498,
+ 754, 126, 126, 126, 126, 126, 194, 194, 194, 194,
+
+ 194, 194, 194, 194, 194, 194, 285, 285, 285, 285,
+ 285, 285, 752, 498, 312, 126, 126, 126, 126, 126,
+ 126, 127, 127, 127, 127, 127, 127, 127, 127, 127,
+ 127, 127, 312, 562, 562, 127, 127, 127, 127, 127,
+ 184, 409, 184, 184, 373, 186, 184, 184, 380, 373,
+ 184, 186, 409, 380, 186, 348, 348, 186, 186, 127,
+ 127, 127, 127, 127, 127, 184, 184, 348, 413, 497,
+ 428, 186, 428, 186, 188, 497, 188, 188, 188, 413,
+ 188, 188, 429, 751, 188, 195, 195, 195, 195, 195,
+ 195, 195, 195, 195, 195, 526, 186, 186, 188, 188,
+
+ 188, 189, 615, 615, 189, 189, 429, 189, 189, 189,
+ 189, 190, 431, 189, 189, 190, 502, 431, 414, 414,
+ 502, 190, 415, 415, 429, 433, 430, 189, 189, 189,
+ 414, 430, 526, 430, 415, 190, 190, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 432, 508, 433,
+ 432, 523, 189, 189, 192, 192, 192, 192, 192, 192,
+ 192, 192, 192, 192, 749, 508, 523, 433, 192, 192,
+ 192, 192, 192, 211, 211, 211, 211, 211, 211, 211,
+ 211, 211, 211, 319, 511, 319, 319, 319, 319, 319,
+ 319, 439, 192, 192, 192, 192, 192, 192, 197, 748,
+
+ 513, 439, 197, 197, 197, 197, 197, 197, 197, 197,
+ 197, 197, 197, 197, 197, 442, 513, 197, 197, 197,
+ 197, 197, 197, 197, 197, 197, 197, 197, 197, 197,
+ 197, 197, 197, 197, 197, 197, 197, 197, 197, 511,
+ 197, 197, 197, 197, 197, 197, 197, 197, 197, 197,
+ 197, 197, 197, 197, 197, 197, 197, 197, 198, 198,
+ 198, 198, 198, 198, 198, 198, 198, 198, 198, 442,
+ 504, 506, 198, 198, 198, 198, 198, 213, 213, 213,
+ 213, 213, 213, 213, 213, 213, 213, 354, 354, 354,
+ 354, 354, 354, 434, 504, 506, 198, 198, 198, 198,
+
+ 198, 198, 212, 747, 212, 212, 212, 212, 212, 212,
+ 212, 212, 212, 212, 248, 454, 737, 434, 248, 514,
+ 454, 561, 736, 561, 248, 282, 282, 282, 282, 282,
+ 282, 282, 282, 282, 282, 434, 514, 727, 248, 248,
+ 212, 215, 443, 215, 215, 215, 215, 215, 215, 215,
+ 215, 215, 215, 443, 564, 584, 564, 215, 215, 215,
+ 215, 215, 284, 284, 284, 284, 284, 284, 284, 284,
+ 284, 284, 423, 423, 423, 423, 423, 423, 571, 584,
+ 571, 215, 215, 215, 215, 215, 215, 218, 218, 218,
+ 218, 218, 218, 218, 218, 218, 218, 218, 589, 589,
+
+ 589, 218, 218, 218, 218, 218, 315, 315, 315, 315,
+ 315, 315, 315, 315, 315, 315, 450, 725, 450, 450,
+ 450, 450, 450, 450, 724, 218, 218, 218, 218, 218,
+ 218, 220, 220, 220, 220, 220, 220, 220, 220, 220,
+ 220, 220, 220, 565, 616, 616, 220, 220, 220, 220,
+ 220, 345, 345, 345, 345, 345, 345, 345, 345, 345,
+ 345, 466, 466, 466, 466, 466, 466, 565, 623, 623,
+ 220, 220, 220, 220, 220, 220, 221, 221, 221, 221,
+ 221, 221, 221, 221, 221, 221, 221, 566, 625, 565,
+ 221, 221, 221, 221, 221, 347, 347, 347, 347, 347,
+
+ 347, 347, 347, 347, 347, 473, 473, 473, 473, 473,
+ 473, 566, 625, 723, 221, 221, 221, 221, 221, 221,
+ 222, 222, 222, 222, 222, 222, 222, 222, 222, 222,
+ 222, 631, 631, 566, 222, 222, 222, 222, 222, 351,
+ 351, 351, 351, 351, 351, 351, 351, 622, 711, 622,
+ 403, 351, 403, 403, 403, 403, 403, 403, 222, 222,
+ 222, 222, 222, 222, 253, 627, 253, 253, 253, 253,
+ 253, 253, 253, 253, 253, 253, 254, 254, 254, 254,
+ 254, 254, 254, 254, 254, 254, 254, 710, 403, 627,
+ 254, 254, 254, 254, 254, 353, 353, 353, 353, 353,
+
+ 353, 353, 353, 353, 353, 480, 708, 480, 480, 480,
+ 480, 480, 480, 707, 254, 254, 254, 254, 254, 254,
+ 256, 256, 256, 256, 256, 256, 256, 256, 256, 256,
+ 529, 529, 529, 529, 256, 256, 256, 256, 256, 416,
+ 416, 416, 416, 416, 416, 416, 416, 416, 416, 492,
+ 492, 492, 492, 492, 492, 674, 674, 700, 256, 256,
+ 256, 256, 256, 256, 269, 269, 269, 269, 269, 269,
+ 269, 269, 269, 269, 417, 417, 420, 420, 420, 420,
+ 420, 420, 420, 420, 680, 680, 417, 535, 420, 422,
+ 422, 422, 422, 422, 422, 422, 422, 422, 422, 535,
+
+ 269, 277, 277, 277, 277, 277, 277, 277, 277, 277,
+ 277, 277, 283, 283, 283, 283, 283, 283, 283, 283,
+ 283, 283, 283, 283, 283, 445, 683, 683, 283, 283,
+ 283, 283, 283, 570, 570, 445, 446, 446, 446, 446,
+ 446, 446, 446, 446, 446, 446, 541, 541, 541, 541,
+ 541, 541, 283, 283, 283, 283, 283, 283, 286, 286,
+ 286, 286, 286, 286, 286, 286, 286, 286, 286, 286,
+ 679, 698, 679, 286, 286, 286, 286, 286, 465, 465,
+ 465, 465, 465, 465, 465, 465, 465, 465, 570, 563,
+ 697, 624, 620, 481, 563, 620, 624, 286, 286, 286,
+
+ 286, 286, 286, 287, 481, 287, 287, 287, 287, 287,
+ 287, 287, 287, 287, 287, 320, 320, 320, 320, 320,
+ 320, 320, 320, 320, 320, 696, 621, 640, 643, 320,
+ 320, 320, 320, 320, 470, 470, 470, 470, 470, 470,
+ 470, 470, 470, 470, 558, 558, 558, 558, 558, 558,
+ 621, 640, 643, 320, 320, 320, 320, 320, 320, 321,
+ 321, 321, 321, 321, 321, 321, 321, 321, 321, 643,
+ 630, 693, 621, 321, 321, 321, 321, 321, 472, 472,
+ 472, 472, 472, 472, 472, 472, 472, 472, 648, 648,
+ 648, 648, 630, 482, 630, 630, 691, 321, 321, 321,
+
+ 321, 321, 321, 334, 482, 334, 334, 334, 334, 334,
+ 334, 334, 334, 334, 334, 335, 595, 335, 335, 335,
+ 335, 335, 335, 335, 335, 335, 335, 336, 595, 336,
+ 336, 336, 336, 336, 336, 336, 336, 336, 336, 339,
+ 339, 339, 339, 339, 339, 339, 339, 339, 339, 339,
+ 349, 349, 349, 349, 349, 349, 349, 349, 349, 349,
+ 349, 349, 349, 572, 685, 633, 349, 349, 349, 349,
+ 349, 476, 476, 476, 476, 476, 476, 476, 476, 476,
+ 476, 633, 731, 824, 731, 572, 824, 572, 572, 645,
+ 349, 349, 349, 349, 349, 349, 352, 352, 352, 352,
+
+ 352, 352, 352, 352, 352, 352, 352, 352, 352, 483,
+ 483, 572, 352, 352, 352, 352, 352, 484, 484, 486,
+ 486, 483, 496, 501, 503, 733, 733, 645, 685, 484,
+ 676, 486, 496, 501, 686, 503, 352, 352, 352, 352,
+ 352, 352, 355, 355, 355, 355, 355, 355, 355, 355,
+ 355, 355, 355, 355, 676, 682, 641, 355, 355, 355,
+ 355, 355, 485, 485, 485, 485, 485, 485, 485, 485,
+ 485, 485, 604, 604, 604, 604, 604, 604, 512, 632,
+ 641, 355, 355, 355, 355, 355, 355, 356, 512, 356,
+ 356, 356, 356, 356, 356, 356, 356, 356, 356, 383,
+
+ 641, 383, 383, 383, 383, 383, 383, 383, 383, 383,
+ 383, 384, 384, 384, 384, 384, 384, 384, 384, 384,
+ 384, 762, 762, 781, 781, 384, 384, 384, 384, 384,
+ 489, 489, 489, 489, 489, 489, 489, 489, 632, 882,
+ 882, 611, 489, 611, 611, 611, 611, 611, 611, 384,
+ 384, 384, 384, 384, 384, 399, 399, 399, 399, 399,
+ 399, 399, 399, 399, 399, 491, 491, 491, 491, 491,
+ 491, 491, 491, 491, 491, 532, 532, 532, 532, 532,
+ 532, 532, 532, 532, 532, 639, 681, 639, 639, 639,
+ 649, 399, 401, 596, 401, 401, 401, 401, 401, 401,
+
+ 401, 401, 401, 401, 402, 596, 402, 402, 402, 402,
+ 402, 402, 402, 402, 402, 402, 408, 408, 408, 408,
+ 408, 408, 408, 408, 408, 408, 408, 701, 649, 728,
+ 408, 408, 408, 408, 408, 534, 534, 534, 534, 534,
+ 534, 534, 534, 534, 534, 675, 836, 742, 787, 836,
+ 547, 701, 673, 728, 408, 408, 408, 408, 408, 408,
+ 412, 547, 412, 412, 412, 412, 412, 412, 412, 412,
+ 412, 412, 418, 418, 418, 418, 418, 418, 418, 418,
+ 418, 418, 418, 418, 418, 742, 787, 670, 418, 418,
+ 418, 418, 418, 538, 598, 538, 538, 538, 538, 538,
+
+ 538, 827, 827, 827, 669, 538, 598, 634, 739, 634,
+ 634, 634, 418, 418, 418, 418, 418, 418, 421, 421,
+ 421, 421, 421, 421, 421, 421, 421, 421, 421, 421,
+ 421, 853, 739, 853, 421, 421, 421, 421, 421, 540,
+ 540, 540, 540, 540, 540, 540, 540, 540, 540, 578,
+ 578, 578, 578, 578, 578, 578, 656, 634, 421, 421,
+ 421, 421, 421, 421, 424, 424, 424, 424, 424, 424,
+ 424, 424, 424, 424, 424, 424, 548, 549, 549, 424,
+ 424, 424, 424, 424, 550, 550, 612, 548, 613, 549,
+ 552, 552, 844, 844, 844, 655, 550, 612, 657, 613,
+
+ 759, 642, 552, 424, 424, 424, 424, 424, 424, 425,
+ 657, 425, 425, 425, 425, 425, 425, 425, 425, 425,
+ 425, 426, 653, 768, 759, 642, 854, 426, 854, 916,
+ 426, 426, 916, 426, 426, 426, 426, 426, 426, 426,
+ 426, 426, 426, 426, 426, 426, 642, 768, 652, 426,
+ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
+ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
+ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
+ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426,
+ 426, 464, 464, 464, 464, 464, 464, 464, 464, 464,
+
+ 464, 464, 555, 555, 555, 555, 555, 555, 555, 555,
+ 865, 651, 865, 658, 555, 557, 557, 557, 557, 557,
+ 557, 557, 557, 557, 557, 658, 883, 883, 464, 471,
+ 660, 471, 471, 471, 471, 471, 471, 471, 471, 471,
+ 471, 471, 660, 637, 702, 471, 471, 471, 471, 471,
+ 574, 574, 574, 574, 574, 574, 574, 574, 574, 574,
+ 619, 619, 619, 619, 619, 619, 619, 619, 702, 471,
+ 471, 471, 471, 471, 471, 474, 474, 474, 474, 474,
+ 474, 474, 474, 474, 474, 474, 778, 636, 702, 474,
+ 474, 474, 474, 474, 587, 587, 587, 587, 587, 587,
+
+ 587, 587, 587, 587, 866, 870, 866, 870, 614, 614,
+ 778, 894, 894, 474, 474, 474, 474, 474, 474, 475,
+ 614, 475, 475, 475, 475, 475, 475, 475, 475, 475,
+ 475, 487, 487, 487, 487, 487, 487, 487, 487, 487,
+ 487, 487, 487, 487, 678, 629, 703, 487, 487, 487,
+ 487, 487, 588, 588, 588, 588, 588, 588, 588, 588,
+ 588, 588, 635, 610, 635, 635, 635, 871, 678, 871,
+ 703, 487, 487, 487, 487, 487, 487, 490, 490, 490,
+ 490, 490, 490, 490, 490, 490, 490, 490, 490, 490,
+ 678, 703, 740, 490, 490, 490, 490, 490, 597, 597,
+
+ 597, 597, 597, 597, 597, 597, 597, 597, 875, 878,
+ 875, 878, 635, 888, 609, 888, 740, 490, 490, 490,
+ 490, 490, 490, 493, 493, 493, 493, 493, 493, 493,
+ 493, 493, 493, 493, 608, 889, 740, 889, 493, 493,
+ 493, 493, 493, 601, 594, 601, 601, 601, 601, 601,
+ 601, 897, 592, 897, 654, 601, 654, 654, 654, 654,
+ 654, 654, 493, 493, 493, 493, 493, 493, 494, 712,
+ 494, 494, 494, 494, 494, 494, 494, 494, 494, 494,
+ 495, 712, 898, 901, 898, 901, 495, 692, 692, 495,
+ 495, 692, 495, 495, 495, 495, 495, 495, 495, 495,
+
+ 495, 495, 495, 495, 495, 692, 692, 692, 495, 495,
+ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
+ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
+ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
+ 495, 495, 495, 495, 495, 495, 495, 495, 495, 495,
+ 517, 517, 517, 517, 517, 517, 517, 517, 517, 517,
+ 517, 522, 913, 913, 713, 522, 522, 522, 522, 522,
+ 522, 522, 522, 522, 522, 522, 713, 522, 914, 914,
+ 522, 522, 522, 522, 522, 522, 522, 522, 522, 522,
+ 522, 522, 522, 522, 522, 522, 522, 522, 522, 522,
+
+ 522, 522, 591, 522, 522, 522, 522, 522, 522, 522,
+ 522, 522, 522, 522, 522, 522, 522, 522, 522, 522,
+ 522, 525, 525, 525, 525, 525, 525, 525, 525, 525,
+ 525, 603, 603, 603, 603, 603, 603, 603, 603, 603,
+ 603, 607, 607, 607, 607, 607, 607, 607, 607, 607,
+ 607, 666, 666, 666, 666, 666, 666, 525, 527, 527,
+ 527, 527, 527, 527, 527, 527, 527, 527, 527, 650,
+ 650, 650, 650, 650, 650, 650, 650, 650, 650, 659,
+ 659, 659, 659, 659, 659, 659, 659, 659, 659, 721,
+ 721, 721, 721, 721, 721, 527, 536, 715, 536, 536,
+
+ 536, 536, 536, 536, 536, 536, 536, 536, 536, 715,
+ 590, 582, 536, 536, 536, 536, 536, 663, 753, 663,
+ 663, 663, 663, 663, 663, 907, 908, 907, 908, 663,
+ 753, 687, 672, 687, 687, 687, 536, 536, 536, 536,
+ 536, 536, 539, 672, 539, 539, 539, 539, 539, 539,
+ 539, 539, 539, 539, 539, 730, 581, 580, 539, 539,
+ 539, 539, 539, 665, 665, 665, 665, 665, 665, 665,
+ 665, 665, 665, 688, 579, 688, 688, 688, 910, 730,
+ 910, 687, 539, 539, 539, 539, 539, 539, 542, 542,
+ 542, 542, 542, 542, 542, 542, 542, 542, 542, 577,
+
+ 576, 730, 542, 542, 542, 542, 542, 695, 695, 695,
+ 695, 695, 695, 695, 695, 695, 695, 794, 794, 794,
+ 794, 794, 794, 688, 575, 573, 542, 542, 542, 542,
+ 542, 542, 543, 569, 543, 543, 543, 543, 543, 543,
+ 543, 543, 543, 543, 546, 568, 546, 546, 546, 546,
+ 546, 546, 546, 546, 546, 546, 553, 553, 553, 553,
+ 553, 553, 553, 553, 553, 553, 553, 553, 553, 567,
+ 551, 761, 553, 553, 553, 553, 553, 689, 545, 689,
+ 689, 689, 690, 544, 690, 690, 690, 699, 531, 699,
+ 699, 699, 699, 699, 699, 761, 553, 553, 553, 553,
+
+ 553, 553, 556, 556, 556, 556, 556, 556, 556, 556,
+ 556, 556, 556, 556, 918, 530, 918, 761, 556, 556,
+ 556, 556, 556, 919, 923, 919, 923, 689, 924, 929,
+ 924, 929, 690, 726, 726, 726, 726, 726, 726, 726,
+ 524, 521, 556, 556, 556, 556, 556, 556, 559, 520,
+ 559, 559, 559, 559, 559, 559, 559, 559, 559, 559,
+ 560, 694, 519, 694, 694, 694, 560, 694, 694, 560,
+ 560, 694, 560, 560, 560, 560, 560, 560, 560, 560,
+ 560, 560, 560, 560, 560, 694, 694, 694, 560, 560,
+ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
+
+ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
+ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
+ 560, 560, 560, 560, 560, 560, 560, 560, 560, 560,
+ 583, 750, 518, 750, 750, 750, 750, 750, 750, 583,
+ 930, 516, 930, 583, 583, 583, 583, 583, 583, 583,
+ 583, 583, 583, 583, 583, 583, 515, 510, 583, 583,
+ 583, 583, 583, 583, 583, 583, 583, 583, 583, 583,
+ 583, 583, 583, 583, 583, 583, 583, 583, 583, 583,
+ 509, 583, 583, 583, 583, 583, 583, 583, 583, 583,
+ 583, 583, 583, 583, 583, 583, 583, 583, 583, 586,
+
+ 479, 586, 586, 586, 586, 586, 586, 586, 586, 586,
+ 586, 714, 714, 714, 714, 714, 714, 714, 714, 714,
+ 714, 718, 478, 718, 718, 718, 718, 718, 718, 922,
+ 477, 469, 922, 718, 468, 467, 922, 586, 593, 463,
+ 593, 593, 593, 593, 593, 593, 593, 593, 593, 593,
+ 599, 456, 599, 599, 599, 599, 599, 599, 599, 599,
+ 599, 599, 599, 455, 452, 451, 599, 599, 599, 599,
+ 599, 720, 720, 720, 720, 720, 720, 720, 720, 720,
+ 720, 758, 449, 758, 758, 758, 758, 758, 758, 448,
+ 599, 599, 599, 599, 599, 599, 602, 447, 602, 602,
+
+ 602, 602, 602, 602, 602, 602, 602, 602, 602, 441,
+ 440, 438, 602, 602, 602, 602, 602, 734, 734, 734,
+ 734, 734, 734, 734, 734, 734, 734, 767, 437, 767,
+ 767, 767, 767, 767, 767, 436, 602, 602, 602, 602,
+ 602, 602, 605, 605, 605, 605, 605, 605, 605, 605,
+ 605, 605, 605, 435, 411, 410, 605, 605, 605, 605,
+ 605, 735, 735, 735, 735, 735, 735, 735, 735, 735,
+ 735, 407, 745, 406, 745, 745, 745, 745, 745, 745,
+ 605, 605, 605, 605, 605, 605, 606, 405, 606, 606,
+ 606, 606, 606, 606, 606, 606, 606, 606, 617, 617,
+
+ 617, 617, 617, 617, 617, 617, 617, 617, 617, 617,
+ 745, 404, 398, 397, 617, 617, 617, 617, 617, 746,
+ 746, 746, 746, 746, 746, 746, 746, 746, 746, 800,
+ 396, 800, 800, 800, 800, 800, 800, 395, 617, 617,
+ 617, 617, 617, 617, 638, 394, 638, 638, 638, 638,
+ 638, 638, 638, 638, 638, 638, 644, 644, 644, 644,
+ 644, 644, 644, 644, 644, 644, 763, 763, 763, 763,
+ 763, 763, 763, 763, 763, 763, 772, 772, 772, 772,
+ 772, 772, 772, 772, 772, 772, 812, 812, 812, 812,
+ 812, 812, 644, 646, 393, 646, 646, 646, 646, 646,
+
+ 646, 646, 646, 646, 646, 773, 773, 773, 773, 773,
+ 773, 773, 773, 773, 773, 774, 774, 774, 774, 774,
+ 774, 774, 774, 774, 774, 392, 928, 391, 390, 928,
+ 389, 646, 661, 928, 661, 661, 661, 661, 661, 661,
+ 661, 661, 661, 661, 661, 388, 387, 386, 661, 661,
+ 661, 661, 661, 790, 385, 790, 790, 790, 790, 790,
+ 790, 792, 792, 792, 792, 792, 792, 792, 792, 792,
+ 792, 382, 661, 661, 661, 661, 661, 661, 664, 381,
+ 664, 664, 664, 664, 664, 664, 664, 664, 664, 664,
+ 664, 790, 376, 375, 664, 664, 664, 664, 664, 793,
+
+ 793, 793, 793, 793, 793, 793, 793, 793, 793, 374,
+ 368, 366, 365, 364, 363, 362, 361, 360, 664, 664,
+ 664, 664, 664, 664, 667, 667, 667, 667, 667, 667,
+ 667, 667, 667, 667, 359, 343, 342, 341, 667, 667,
+ 667, 667, 667, 796, 796, 796, 796, 796, 796, 796,
+ 796, 796, 796, 340, 338, 337, 809, 809, 809, 809,
+ 809, 809, 667, 667, 667, 667, 667, 667, 668, 333,
+ 668, 668, 668, 668, 668, 668, 668, 668, 668, 668,
+ 671, 671, 671, 671, 671, 671, 671, 671, 671, 671,
+ 671, 704, 809, 704, 704, 704, 704, 704, 704, 704,
+
+ 704, 704, 704, 705, 332, 705, 705, 705, 705, 705,
+ 705, 705, 705, 705, 705, 706, 331, 706, 706, 706,
+ 706, 706, 706, 706, 706, 706, 706, 709, 329, 709,
+ 709, 709, 709, 709, 709, 709, 709, 709, 709, 716,
+ 328, 716, 716, 716, 716, 716, 716, 716, 716, 716,
+ 716, 716, 327, 326, 325, 716, 716, 716, 716, 716,
+ 804, 804, 804, 804, 804, 804, 804, 804, 804, 804,
+ 324, 318, 317, 316, 309, 308, 307, 306, 305, 716,
+ 716, 716, 716, 716, 716, 719, 299, 719, 719, 719,
+ 719, 719, 719, 719, 719, 719, 719, 297, 296, 295,
+
+ 294, 719, 719, 719, 719, 719, 805, 805, 805, 805,
+ 805, 805, 805, 805, 805, 805, 293, 292, 290, 288,
+ 280, 279, 276, 275, 268, 719, 719, 719, 719, 719,
+ 719, 738, 267, 738, 738, 738, 738, 738, 738, 738,
+ 738, 738, 738, 741, 265, 741, 741, 741, 741, 741,
+ 741, 741, 741, 741, 741, 743, 264, 743, 743, 743,
+ 743, 743, 743, 743, 743, 743, 743, 744, 263, 744,
+ 744, 744, 744, 744, 744, 744, 744, 744, 744, 756,
+ 262, 756, 756, 756, 756, 756, 756, 756, 756, 756,
+ 756, 769, 261, 769, 769, 769, 769, 769, 769, 769,
+
+ 769, 769, 769, 770, 260, 770, 770, 770, 770, 770,
+ 770, 770, 770, 770, 770, 771, 259, 771, 771, 771,
+ 771, 771, 771, 771, 771, 771, 771, 785, 258, 785,
+ 785, 785, 785, 785, 785, 785, 785, 785, 785, 786,
+ 255, 786, 786, 786, 786, 786, 786, 786, 786, 786,
+ 786, 788, 252, 788, 788, 788, 788, 788, 788, 788,
+ 788, 788, 788, 789, 251, 789, 789, 789, 789, 789,
+ 789, 789, 789, 789, 789, 801, 801, 801, 801, 801,
+ 801, 801, 801, 801, 801, 806, 806, 806, 806, 806,
+ 806, 806, 806, 806, 806, 811, 811, 811, 811, 811,
+
+ 811, 811, 811, 811, 811, 250, 244, 241, 240, 239,
+ 238, 801, 802, 802, 802, 802, 802, 802, 802, 802,
+ 802, 802, 237, 234, 233, 232, 231, 230, 229, 228,
+ 227, 226, 225, 224, 223, 217, 216, 209, 208, 207,
+ 206, 205, 204, 202, 201, 199, 193, 185, 802, 803,
+ 803, 803, 803, 803, 803, 803, 803, 803, 803, 181,
+ 177, 176, 174, 170, 163, 159, 157, 155, 147, 146,
+ 145, 144, 143, 137, 136, 135, 134, 133, 131, 130,
+ 129, 128, 124, 120, 119, 803, 808, 808, 808, 808,
+ 808, 808, 808, 808, 808, 808, 115, 112, 109, 104,
+
+ 103, 102, 100, 96, 95, 94, 93, 90, 77, 70,
+ 63, 59, 58, 56, 55, 53, 51, 43, 42, 41,
+ 39, 35, 808, 814, 814, 814, 814, 814, 814, 814,
+ 814, 814, 814, 814, 814, 814, 814, 814, 814, 814,
+ 814, 814, 814, 814, 815, 815, 815, 815, 815, 815,
+ 815, 815, 815, 815, 815, 815, 815, 815, 815, 815,
+ 815, 815, 815, 815, 815, 816, 816, 816, 816, 816,
+ 816, 816, 816, 816, 816, 816, 816, 816, 816, 816,
+ 816, 816, 816, 816, 816, 816, 817, 817, 817, 817,
+ 817, 817, 817, 817, 817, 817, 817, 817, 817, 817,
+
+ 817, 817, 817, 817, 817, 817, 817, 818, 31, 25,
+ 19, 17, 16, 15, 818, 0, 818, 818, 818, 818,
+ 0, 0, 818, 818, 818, 818, 818, 818, 819, 819,
+ 819, 819, 819, 819, 819, 819, 819, 819, 819, 819,
+ 819, 819, 819, 819, 819, 819, 819, 819, 819, 820,
+ 0, 0, 0, 0, 820, 0, 820, 0, 820, 820,
+ 820, 820, 820, 0, 820, 820, 820, 820, 820, 820,
+ 821, 0, 0, 0, 0, 0, 0, 821, 0, 821,
+ 821, 821, 821, 0, 0, 821, 821, 821, 821, 821,
+ 821, 822, 0, 0, 822, 822, 0, 822, 822, 0,
+
+ 822, 822, 822, 822, 0, 0, 822, 822, 822, 822,
+ 822, 822, 823, 823, 0, 823, 0, 0, 0, 823,
+ 825, 0, 0, 825, 825, 0, 825, 825, 0, 825,
+ 825, 825, 825, 0, 0, 825, 825, 825, 825, 825,
+ 825, 826, 0, 0, 826, 826, 0, 826, 826, 0,
+ 826, 826, 826, 826, 0, 826, 826, 826, 0, 826,
+ 826, 826, 828, 0, 0, 828, 0, 0, 828, 828,
+ 0, 828, 828, 828, 828, 828, 0, 828, 828, 828,
+ 828, 828, 828, 829, 829, 829, 829, 829, 829, 829,
+ 829, 829, 829, 829, 829, 829, 829, 829, 829, 829,
+
+ 829, 829, 829, 829, 830, 830, 0, 830, 0, 830,
+ 830, 830, 830, 830, 830, 830, 830, 830, 830, 830,
+ 830, 830, 830, 830, 830, 831, 0, 0, 0, 0,
+ 831, 0, 831, 0, 831, 831, 831, 831, 831, 0,
+ 831, 831, 831, 831, 831, 831, 832, 0, 0, 0,
+ 0, 0, 0, 832, 0, 832, 832, 832, 832, 0,
+ 832, 832, 832, 832, 832, 832, 832, 833, 0, 0,
+ 833, 833, 0, 833, 833, 0, 833, 833, 833, 833,
+ 0, 833, 833, 833, 833, 833, 833, 833, 834, 834,
+ 834, 834, 834, 834, 834, 834, 834, 834, 834, 834,
+
+ 834, 834, 834, 834, 834, 834, 834, 834, 834, 835,
+ 835, 0, 835, 835, 835, 835, 835, 835, 835, 835,
+ 835, 835, 835, 835, 835, 835, 835, 835, 835, 835,
+ 837, 0, 0, 837, 837, 0, 837, 837, 0, 837,
+ 837, 837, 837, 0, 0, 837, 837, 837, 837, 837,
+ 837, 838, 838, 0, 838, 0, 0, 0, 838, 839,
+ 839, 0, 839, 0, 0, 0, 839, 840, 840, 840,
+ 0, 840, 0, 0, 0, 840, 841, 0, 0, 841,
+ 841, 0, 841, 841, 0, 841, 841, 841, 841, 0,
+ 0, 841, 841, 841, 841, 841, 841, 842, 0, 0,
+
+ 842, 842, 0, 842, 842, 0, 842, 842, 842, 842,
+ 0, 0, 842, 842, 842, 842, 842, 842, 843, 0,
+ 0, 843, 843, 0, 843, 843, 0, 843, 843, 843,
+ 843, 0, 843, 843, 843, 0, 843, 843, 843, 845,
+ 0, 0, 845, 0, 0, 845, 845, 0, 845, 845,
+ 845, 845, 845, 0, 845, 845, 845, 845, 845, 845,
+ 846, 0, 0, 0, 0, 0, 0, 846, 0, 846,
+ 846, 846, 846, 0, 0, 846, 846, 846, 846, 846,
+ 846, 847, 0, 0, 0, 0, 0, 0, 847, 0,
+ 847, 847, 847, 847, 0, 847, 847, 847, 847, 847,
+
+ 847, 847, 848, 0, 0, 848, 848, 0, 848, 848,
+ 0, 848, 848, 848, 848, 0, 848, 848, 848, 848,
+ 848, 848, 848, 849, 0, 0, 849, 849, 0, 849,
+ 850, 850, 850, 850, 850, 850, 850, 850, 850, 850,
+ 850, 850, 850, 850, 850, 850, 850, 850, 850, 850,
+ 850, 851, 851, 0, 851, 0, 0, 0, 851, 852,
+ 852, 852, 0, 852, 0, 0, 0, 852, 855, 855,
+ 0, 855, 0, 0, 0, 855, 856, 856, 0, 856,
+ 0, 0, 0, 856, 857, 857, 0, 857, 0, 0,
+ 0, 857, 858, 858, 858, 0, 858, 0, 0, 0,
+
+ 858, 859, 0, 0, 859, 859, 0, 859, 860, 860,
+ 0, 860, 0, 0, 0, 860, 861, 861, 0, 861,
+ 0, 0, 0, 861, 862, 862, 0, 862, 0, 0,
+ 0, 862, 863, 863, 863, 0, 863, 0, 0, 0,
+ 863, 864, 864, 864, 864, 0, 864, 0, 0, 0,
+ 864, 867, 867, 0, 867, 0, 0, 0, 867, 868,
+ 868, 0, 868, 0, 0, 0, 868, 869, 869, 0,
+ 869, 0, 0, 0, 869, 872, 872, 872, 0, 872,
+ 0, 0, 0, 872, 873, 873, 873, 873, 0, 873,
+ 0, 0, 0, 873, 874, 874, 874, 874, 874, 874,
+
+ 874, 874, 874, 874, 874, 874, 874, 874, 874, 874,
+ 874, 874, 874, 874, 874, 876, 876, 0, 876, 0,
+ 0, 0, 876, 877, 877, 0, 877, 0, 0, 0,
+ 877, 879, 879, 879, 0, 879, 0, 0, 0, 879,
+ 880, 880, 880, 880, 0, 880, 0, 0, 0, 880,
+ 881, 881, 881, 881, 881, 881, 881, 881, 881, 881,
+ 881, 881, 881, 881, 881, 881, 881, 881, 881, 881,
+ 881, 884, 0, 0, 884, 884, 0, 884, 885, 0,
+ 0, 0, 885, 885, 0, 885, 885, 885, 0, 0,
+ 885, 885, 886, 886, 0, 886, 0, 0, 0, 886,
+
+ 887, 0, 887, 887, 0, 887, 0, 0, 0, 887,
+ 890, 890, 890, 0, 890, 0, 0, 0, 890, 891,
+ 891, 891, 891, 0, 891, 0, 0, 0, 891, 892,
+ 892, 0, 0, 892, 0, 0, 0, 892, 893, 893,
+ 893, 893, 893, 893, 893, 893, 893, 893, 893, 893,
+ 893, 893, 893, 893, 893, 893, 893, 893, 893, 895,
+ 0, 0, 895, 895, 0, 895, 896, 0, 0, 0,
+ 896, 896, 0, 896, 896, 896, 0, 0, 896, 896,
+ 899, 899, 0, 899, 0, 0, 0, 899, 900, 0,
+ 900, 900, 0, 900, 0, 0, 0, 900, 902, 902,
+
+ 902, 0, 902, 0, 0, 0, 902, 903, 903, 903,
+ 0, 0, 903, 0, 0, 0, 903, 904, 904, 904,
+ 904, 904, 904, 904, 904, 904, 904, 904, 904, 904,
+ 904, 904, 904, 904, 904, 904, 904, 904, 905, 905,
+ 0, 905, 905, 905, 0, 905, 0, 905, 905, 905,
+ 905, 0, 0, 905, 905, 905, 905, 905, 905, 906,
+ 906, 0, 906, 906, 906, 0, 906, 0, 906, 906,
+ 906, 906, 0, 0, 906, 906, 906, 906, 906, 906,
+ 909, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 909, 909, 0, 909, 909, 0, 909, 911, 911,
+
+ 0, 911, 0, 0, 0, 911, 912, 0, 912, 912,
+ 0, 912, 0, 0, 0, 912, 915, 915, 0, 0,
+ 915, 0, 0, 0, 915, 917, 0, 0, 0, 0,
+ 0, 0, 917, 0, 917, 917, 917, 917, 0, 0,
+ 917, 917, 917, 917, 917, 917, 920, 920, 0, 920,
+ 0, 0, 0, 920, 921, 0, 921, 921, 0, 921,
+ 0, 0, 0, 921, 925, 925, 0, 925, 0, 0,
+ 0, 925, 926, 0, 926, 0, 0, 926, 0, 0,
+ 0, 926, 927, 927, 927, 927, 927, 927, 927, 927,
+ 927, 927, 927, 927, 927, 927, 927, 927, 927, 927,
+
+ 927, 927, 927, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813, 813, 813, 813, 813, 813, 813,
+ 813, 813, 813, 813
} ;
static yy_state_type yy_last_accepting_state;
#define INITIAL 0
#line 2 "toke.l"
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include "toke.h"
#include <gram.h>
#include "lbuf.h"
+#include "sha2.h"
#include "secure_path.h"
-extern YYSTYPE yylval;
+extern YYSTYPE sudoerslval;
extern bool parse_error;
extern bool sudoers_warnings;
int sudolineno;
static bool continued, sawspace;
static int prev_state;
+static int digest_len;
static bool _push_include(char *, bool);
static bool pop_include(void);
return (n); \
} while (0)
-#define ECHO ignore_result(fwrite(yytext, yyleng, 1, yyout))
+#define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout))
#define push_include(_p) (_push_include((_p), false))
#define push_includedir(_p) (_push_include((_p), true))
#define INSTR 5
-#line 1514 "lex.yy.c"
+#define WANTDIGEST 6
+
+#line 2056 "lex.sudoers.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
register char *yy_cp, *yy_bp;
register int yy_act;
-#line 132 "toke.l"
+#line 140 "toke.l"
-#line 1670 "lex.yy.c"
+#line 2212 "lex.sudoers.c"
if ( yy_init )
{
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 622 )
+ if ( yy_current_state >= 814 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++yy_cp;
}
- while ( yy_base[yy_current_state] != 3595 );
+ while ( yy_base[yy_current_state] != 5604 );
yy_find_action:
yy_act = yy_accept[yy_current_state];
case 1:
YY_RULE_SETUP
-#line 133 "toke.l"
+#line 141 "toke.l"
{
LEXTRACE(", ");
LEXRETURN(',');
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 138 "toke.l"
+#line 146 "toke.l"
BEGIN STARTDEFS;
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 140 "toke.l"
+#line 148 "toke.l"
{
BEGIN INDEFS;
LEXTRACE("DEFVAR ");
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXRETURN(DEFVAR);
}
case 4:
YY_RULE_SETUP
-#line 149 "toke.l"
+#line 157 "toke.l"
{
BEGIN STARTDEFS;
LEXTRACE(", ");
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 155 "toke.l"
+#line 163 "toke.l"
{
LEXTRACE("= ");
LEXRETURN('=');
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 160 "toke.l"
+#line 168 "toke.l"
{
LEXTRACE("+= ");
LEXRETURN('+');
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 165 "toke.l"
+#line 173 "toke.l"
{
LEXTRACE("-= ");
LEXRETURN('-');
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 170 "toke.l"
+#line 178 "toke.l"
{
LEXTRACE("BEGINSTR ");
- yylval.string = NULL;
+ sudoerslval.string = NULL;
prev_state = YY_START;
BEGIN INSTR;
}
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 177 "toke.l"
+#line 185 "toke.l"
{
LEXTRACE("WORD(2) ");
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXRETURN(WORD);
}
case 10:
YY_RULE_SETUP
-#line 186 "toke.l"
+#line 194 "toke.l"
{
/* Line continuation char followed by newline. */
sudolineno++;
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 192 "toke.l"
+#line 200 "toke.l"
{
LEXTRACE("ENDSTR ");
BEGIN prev_state;
- if (yylval.string == NULL) {
+ if (sudoerslval.string == NULL) {
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
if (prev_state == INITIAL) {
- switch (yylval.string[0]) {
+ switch (sudoerslval.string[0]) {
case '%':
- if (yylval.string[1] == '\0' ||
- (yylval.string[1] == ':' &&
- yylval.string[2] == '\0')) {
+ if (sudoerslval.string[1] == '\0' ||
+ (sudoerslval.string[1] == ':' &&
+ sudoerslval.string[2] == '\0')) {
LEXTRACE("ERROR "); /* empty group */
LEXRETURN(ERROR);
}
LEXTRACE("USERGROUP ");
LEXRETURN(USERGROUP);
case '+':
- if (yylval.string[1] == '\0') {
+ if (sudoerslval.string[1] == '\0') {
LEXTRACE("ERROR "); /* empty netgroup */
LEXRETURN(ERROR);
}
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 224 "toke.l"
+#line 232 "toke.l"
{
LEXTRACE("BACKSLASH ");
- if (!append(yytext, yyleng))
+ if (!append(sudoerstext, sudoersleng))
yyterminate();
}
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 230 "toke.l"
+#line 238 "toke.l"
{
LEXTRACE("STRBODY ");
- if (!append(yytext, yyleng))
+ if (!append(sudoerstext, sudoersleng))
yyterminate();
}
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 238 "toke.l"
+#line 246 "toke.l"
{
/* quoted fnmatch glob char, pass verbatim */
LEXTRACE("QUOTEDCHAR ");
- if (!fill_args(yytext, 2, sawspace))
+ if (!fill_args(sudoerstext, 2, sawspace))
yyterminate();
sawspace = false;
}
YY_BREAK
case 15:
YY_RULE_SETUP
-#line 246 "toke.l"
+#line 254 "toke.l"
{
/* quoted sudoers special char, strip backslash */
LEXTRACE("QUOTEDCHAR ");
- if (!fill_args(yytext + 1, 1, sawspace))
+ if (!fill_args(sudoerstext + 1, 1, sawspace))
yyterminate();
sawspace = false;
}
YY_BREAK
case 16:
YY_RULE_SETUP
-#line 254 "toke.l"
+#line 262 "toke.l"
{
BEGIN INITIAL;
yyless(0);
YY_BREAK
case 17:
YY_RULE_SETUP
-#line 260 "toke.l"
+#line 268 "toke.l"
{
LEXTRACE("ARG ");
- if (!fill_args(yytext, yyleng, sawspace))
+ if (!fill_args(sudoerstext, sudoersleng, sawspace))
yyterminate();
sawspace = false;
} /* a command line arg */
case 18:
YY_RULE_SETUP
-#line 268 "toke.l"
+#line 276 "toke.l"
+{
+ /* Only return DIGEST if the length is correct. */
+ if (sudoersleng == digest_len * 2) {
+ if (!fill(sudoerstext, sudoersleng))
+ yyterminate();
+ BEGIN INITIAL;
+ LEXTRACE("DIGEST ");
+ LEXRETURN(DIGEST);
+ }
+ BEGIN INITIAL;
+ yyless(sudoersleng);
+ } /* hex digest */
+ YY_BREAK
+case 19:
+YY_RULE_SETUP
+#line 289 "toke.l"
+{
+ /* Only return DIGEST if the length is correct. */
+ size_t len;
+ if (sudoerstext[sudoersleng - 1] == '=') {
+ /* use padding */
+ len = 4 * ((digest_len + 2) / 3);
+ } else {
+ /* no padding */
+ len = (4 * digest_len + 2) / 3;
+ }
+ if (sudoersleng == len) {
+ if (!fill(sudoerstext, sudoersleng))
+ yyterminate();
+ BEGIN INITIAL;
+ LEXTRACE("DIGEST ");
+ LEXRETURN(DIGEST);
+ }
+ BEGIN INITIAL;
+ yyless(sudoersleng);
+ } /* base64 digest */
+ YY_BREAK
+case 20:
+YY_RULE_SETUP
+#line 310 "toke.l"
{
char *path;
LEXRETURN(ERROR);
}
- if ((path = parse_include(yytext)) == NULL)
+ if ((path = parse_include(sudoerstext)) == NULL)
yyterminate();
LEXTRACE("INCLUDE\n");
yyterminate();
}
YY_BREAK
-case 19:
+case 21:
YY_RULE_SETUP
-#line 286 "toke.l"
+#line 328 "toke.l"
{
char *path;
LEXRETURN(ERROR);
}
- if ((path = parse_include(yytext)) == NULL)
+ if ((path = parse_include(sudoerstext)) == NULL)
yyterminate();
LEXTRACE("INCLUDEDIR\n");
yyterminate();
}
YY_BREAK
-case 20:
+case 22:
YY_RULE_SETUP
-#line 307 "toke.l"
+#line 349 "toke.l"
{
char deftype;
int n;
LEXRETURN(ERROR);
}
- for (n = 0; isblank((unsigned char)yytext[n]); n++)
+ for (n = 0; isblank((unsigned char)sudoerstext[n]); n++)
continue;
n += sizeof("Defaults") - 1;
- if ((deftype = yytext[n++]) != '\0') {
- while (isblank((unsigned char)yytext[n]))
+ if ((deftype = sudoerstext[n++]) != '\0') {
+ while (isblank((unsigned char)sudoerstext[n]))
n++;
}
BEGIN GOTDEFS;
}
}
YY_BREAK
-case 21:
+case 23:
YY_RULE_SETUP
-#line 347 "toke.l"
+#line 389 "toke.l"
{
int n;
LEXRETURN(ERROR);
}
- for (n = 0; isblank((unsigned char)yytext[n]); n++)
+ for (n = 0; isblank((unsigned char)sudoerstext[n]); n++)
continue;
- switch (yytext[n]) {
+ switch (sudoerstext[n]) {
case 'H':
LEXTRACE("HOSTALIAS ");
LEXRETURN(HOSTALIAS);
}
}
YY_BREAK
-case 22:
+case 24:
YY_RULE_SETUP
-#line 373 "toke.l"
+#line 415 "toke.l"
{
/* cmnd does not require passwd for this user */
LEXTRACE("NOPASSWD ");
LEXRETURN(NOPASSWD);
}
YY_BREAK
-case 23:
+case 25:
YY_RULE_SETUP
-#line 379 "toke.l"
+#line 421 "toke.l"
{
/* cmnd requires passwd for this user */
LEXTRACE("PASSWD ");
LEXRETURN(PASSWD);
}
YY_BREAK
-case 24:
+case 26:
YY_RULE_SETUP
-#line 385 "toke.l"
+#line 427 "toke.l"
{
LEXTRACE("NOEXEC ");
LEXRETURN(NOEXEC);
}
YY_BREAK
-case 25:
+case 27:
YY_RULE_SETUP
-#line 390 "toke.l"
+#line 432 "toke.l"
{
LEXTRACE("EXEC ");
LEXRETURN(EXEC);
}
YY_BREAK
-case 26:
+case 28:
YY_RULE_SETUP
-#line 395 "toke.l"
+#line 437 "toke.l"
{
LEXTRACE("SETENV ");
LEXRETURN(SETENV);
}
YY_BREAK
-case 27:
+case 29:
YY_RULE_SETUP
-#line 400 "toke.l"
+#line 442 "toke.l"
{
LEXTRACE("NOSETENV ");
LEXRETURN(NOSETENV);
}
YY_BREAK
-case 28:
+case 30:
YY_RULE_SETUP
-#line 405 "toke.l"
+#line 447 "toke.l"
{
LEXTRACE("LOG_OUTPUT ");
LEXRETURN(LOG_OUTPUT);
}
YY_BREAK
-case 29:
+case 31:
YY_RULE_SETUP
-#line 410 "toke.l"
+#line 452 "toke.l"
{
LEXTRACE("NOLOG_OUTPUT ");
LEXRETURN(NOLOG_OUTPUT);
}
YY_BREAK
-case 30:
+case 32:
YY_RULE_SETUP
-#line 415 "toke.l"
+#line 457 "toke.l"
{
LEXTRACE("LOG_INPUT ");
LEXRETURN(LOG_INPUT);
}
YY_BREAK
-case 31:
+case 33:
YY_RULE_SETUP
-#line 420 "toke.l"
+#line 462 "toke.l"
{
LEXTRACE("NOLOG_INPUT ");
LEXRETURN(NOLOG_INPUT);
}
YY_BREAK
-case 32:
+case 34:
YY_RULE_SETUP
-#line 425 "toke.l"
+#line 467 "toke.l"
{
/* empty group or netgroup */
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
YY_BREAK
-case 33:
+case 35:
YY_RULE_SETUP
-#line 431 "toke.l"
+#line 473 "toke.l"
{
/* netgroup */
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NETGROUP ");
LEXRETURN(NETGROUP);
}
YY_BREAK
-case 34:
+case 36:
YY_RULE_SETUP
-#line 439 "toke.l"
+#line 481 "toke.l"
{
/* group */
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("USERGROUP ");
LEXRETURN(USERGROUP);
}
YY_BREAK
-case 35:
+case 37:
YY_RULE_SETUP
-#line 447 "toke.l"
+#line 489 "toke.l"
{
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
YY_BREAK
-case 36:
+case 38:
YY_RULE_SETUP
-#line 454 "toke.l"
+#line 496 "toke.l"
{
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
YY_BREAK
-case 37:
+case 39:
YY_RULE_SETUP
-#line 461 "toke.l"
+#line 503 "toke.l"
{
- if (!ipv6_valid(yytext)) {
+ if (!ipv6_valid(sudoerstext)) {
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
YY_BREAK
-case 38:
+case 40:
YY_RULE_SETUP
-#line 472 "toke.l"
+#line 514 "toke.l"
{
- if (!ipv6_valid(yytext)) {
+ if (!ipv6_valid(sudoerstext)) {
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
YY_BREAK
-case 39:
+case 41:
YY_RULE_SETUP
-#line 483 "toke.l"
+#line 525 "toke.l"
{
LEXTRACE("ALL ");
LEXRETURN(ALL);
}
YY_BREAK
-case 40:
+case 42:
YY_RULE_SETUP
-#line 489 "toke.l"
+#line 531 "toke.l"
{
#ifdef HAVE_SELINUX
LEXTRACE("ROLE ");
#endif
}
YY_BREAK
-case 41:
+case 43:
YY_RULE_SETUP
-#line 498 "toke.l"
+#line 540 "toke.l"
{
#ifdef HAVE_SELINUX
LEXTRACE("TYPE ");
#endif
}
YY_BREAK
-case 42:
+case 44:
YY_RULE_SETUP
-#line 506 "toke.l"
+#line 548 "toke.l"
{
#ifdef HAVE_PRIV_SET
LEXTRACE("PRIVS ");
#endif
}
YY_BREAK
-case 43:
+case 45:
YY_RULE_SETUP
-#line 515 "toke.l"
+#line 557 "toke.l"
{
#ifdef HAVE_PRIV_SET
LEXTRACE("LIMITPRIVS ");
#endif
}
YY_BREAK
-case 44:
+case 46:
YY_RULE_SETUP
-#line 524 "toke.l"
+#line 566 "toke.l"
{
got_alias:
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("ALIAS ");
LEXRETURN(ALIAS);
}
YY_BREAK
-case 45:
+case 47:
YY_RULE_SETUP
-#line 532 "toke.l"
+#line 574 "toke.l"
{
+ /* XXX - no way to specify digest for command */
/* no command args allowed for Defaults!/path */
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("COMMAND ");
LEXRETURN(COMMAND);
}
YY_BREAK
-case 46:
+case 48:
YY_RULE_SETUP
-#line 540 "toke.l"
+#line 583 "toke.l"
+{
+ digest_len = SHA224_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA224 ");
+ LEXRETURN(SHA224);
+ }
+ YY_BREAK
+case 49:
+YY_RULE_SETUP
+#line 590 "toke.l"
+{
+ digest_len = SHA256_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA256 ");
+ LEXRETURN(SHA256);
+ }
+ YY_BREAK
+case 50:
+YY_RULE_SETUP
+#line 597 "toke.l"
+{
+ digest_len = SHA384_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA384 ");
+ LEXRETURN(SHA384);
+ }
+ YY_BREAK
+case 51:
+YY_RULE_SETUP
+#line 604 "toke.l"
+{
+ digest_len = SHA512_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA512 ");
+ LEXRETURN(SHA512);
+ }
+ YY_BREAK
+case 52:
+YY_RULE_SETUP
+#line 611 "toke.l"
{
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
} /* sudo -e */
YY_BREAK
-case 47:
+case 53:
YY_RULE_SETUP
-#line 547 "toke.l"
+#line 618 "toke.l"
{
/* directories can't have args... */
- if (yytext[yyleng - 1] == '/') {
+ if (sudoerstext[sudoersleng - 1] == '/') {
LEXTRACE("COMMAND ");
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
LEXRETURN(COMMAND);
} else {
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
}
} /* a pathname */
YY_BREAK
-case 48:
+case 54:
YY_RULE_SETUP
-#line 562 "toke.l"
+#line 633 "toke.l"
{
LEXTRACE("BEGINSTR ");
- yylval.string = NULL;
+ sudoerslval.string = NULL;
prev_state = YY_START;
BEGIN INSTR;
}
YY_BREAK
-case 49:
+case 55:
YY_RULE_SETUP
-#line 569 "toke.l"
+#line 640 "toke.l"
{
/* a word */
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("WORD(5) ");
LEXRETURN(WORD);
}
YY_BREAK
-case 50:
+case 56:
YY_RULE_SETUP
-#line 577 "toke.l"
+#line 648 "toke.l"
{
LEXTRACE("( ");
LEXRETURN('(');
}
YY_BREAK
-case 51:
+case 57:
YY_RULE_SETUP
-#line 582 "toke.l"
+#line 653 "toke.l"
{
LEXTRACE(") ");
LEXRETURN(')');
}
YY_BREAK
-case 52:
+case 58:
YY_RULE_SETUP
-#line 587 "toke.l"
+#line 658 "toke.l"
{
LEXTRACE(", ");
LEXRETURN(',');
} /* return ',' */
YY_BREAK
-case 53:
+case 59:
YY_RULE_SETUP
-#line 592 "toke.l"
+#line 663 "toke.l"
{
LEXTRACE("= ");
LEXRETURN('=');
} /* return '=' */
YY_BREAK
-case 54:
+case 60:
YY_RULE_SETUP
-#line 597 "toke.l"
+#line 668 "toke.l"
{
LEXTRACE(": ");
LEXRETURN(':');
} /* return ':' */
YY_BREAK
-case 55:
+case 61:
YY_RULE_SETUP
-#line 602 "toke.l"
+#line 673 "toke.l"
{
- if (yyleng & 1) {
+ if (sudoersleng & 1) {
LEXTRACE("!");
LEXRETURN('!'); /* return '!' */
}
}
YY_BREAK
-case 56:
+case 62:
YY_RULE_SETUP
-#line 609 "toke.l"
+#line 680 "toke.l"
{
if (YY_START == INSTR) {
LEXTRACE("ERROR ");
LEXRETURN(COMMENT);
} /* return newline */
YY_BREAK
-case 57:
+case 63:
YY_RULE_SETUP
-#line 621 "toke.l"
+#line 692 "toke.l"
{ /* throw away space/tabs */
sawspace = true; /* but remember for fill_args */
}
YY_BREAK
-case 58:
+case 64:
YY_RULE_SETUP
-#line 625 "toke.l"
+#line 696 "toke.l"
{
sawspace = true; /* remember for fill_args */
sudolineno++;
continued = true;
} /* throw away EOL after \ */
YY_BREAK
-case 59:
+case 65:
YY_RULE_SETUP
-#line 631 "toke.l"
+#line 702 "toke.l"
{
BEGIN INITIAL;
sudolineno++;
LEXRETURN(COMMENT);
} /* comment, not uid/gid */
YY_BREAK
-case 60:
+case 66:
YY_RULE_SETUP
-#line 639 "toke.l"
+#line 710 "toke.l"
{
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
case YY_STATE_EOF(STARTDEFS):
case YY_STATE_EOF(INDEFS):
case YY_STATE_EOF(INSTR):
-#line 644 "toke.l"
+case YY_STATE_EOF(WANTDIGEST):
+#line 715 "toke.l"
{
if (YY_START != INITIAL) {
BEGIN INITIAL;
yyterminate();
}
YY_BREAK
-case 61:
+case 67:
YY_RULE_SETUP
-#line 654 "toke.l"
+#line 725 "toke.l"
ECHO;
YY_BREAK
-#line 2468 "lex.yy.c"
+#line 3092 "lex.sudoers.c"
case YY_END_OF_BUFFER:
{
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 622 )
+ if ( yy_current_state >= 814 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 622 )
+ if ( yy_current_state >= 814 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 621);
+ yy_is_jam = (yy_current_state == 813);
return yy_is_jam ? 0 : yy_current_state;
}
return 0;
}
#endif
-#line 654 "toke.l"
+#line 725 "toke.l"
struct path_list {
char *path;
if (!(dir = opendir(dirpath))) {
if (errno != ENOENT) {
- char *errbuf;
- if (asprintf(&errbuf, _("%s: %s"), dirpath, strerror(errno)) != -1) {
- yyerror(errbuf);
- free(errbuf);
- } else {
- yyerror(_("unable to allocate memory"));
- }
+ warning("%s", dirpath);
+ sudoerserror(NULL);
}
goto done;
}
pl->path = path;
pl->next = first;
first = pl;
+ path = NULL;
count++;
}
closedir(dir);
while (first != NULL) {
pl = first;
first = pl->next;
- free(pl->path);
- free(pl);
+ efree(pl->path);
+ efree(pl);
}
efree(sorted);
efree(dirpath);
efree(istack[idepth].path);
if (idepth && !istack[idepth].keepopen)
fclose(istack[idepth].bs->yy_input_file);
- yy_delete_buffer(istack[idepth].bs);
+ sudoers_delete_buffer(istack[idepth].bs);
}
efree(istack);
istack = NULL;
/* push current state onto stack */
if (idepth >= istacksize) {
if (idepth > MAX_SUDOERS_DEPTH) {
- yyerror(_("too many levels of includes"));
+ sudoerserror(N_("too many levels of includes"));
debug_return_bool(false);
}
istacksize += SUDOERS_STACK_INCREMENT;
istack = (struct include_stack *) realloc(istack,
sizeof(*istack) * istacksize);
if (istack == NULL) {
- yyerror(_("unable to allocate memory"));
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
}
}
debug_return_bool(false);
}
if (!(path = switch_dir(&istack[idepth], path))) {
- /* switch_dir() called yyerror() for us */
+ /* switch_dir() called sudoerserror() for us */
debug_return_bool(false);
}
while ((fp = open_sudoers(path, false, &keepopen)) == NULL) {
} else {
if ((fp = open_sudoers(path, true, &keepopen)) == NULL) {
/* The error was already printed by open_sudoers() */
- yyerror(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
}
istack[idepth].more = NULL;
idepth++;
sudolineno = 1;
sudoers = path;
- yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+ sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE));
debug_return_bool(true);
}
if (!keepopen)
fclose(YY_CURRENT_BUFFER->yy_input_file);
- yy_delete_buffer(YY_CURRENT_BUFFER);
+ sudoers_delete_buffer(YY_CURRENT_BUFFER);
/* If we are in an include dir, move to the next file. */
while ((pl = istack[idepth - 1].more) != NULL) {
fp = open_sudoers(pl->path, false, &keepopen);
efree(sudoers);
sudoers = pl->path;
sudolineno = 1;
- yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+ sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE));
efree(pl);
break;
}
/* If no path list, just pop the last dir on the stack. */
if (pl == NULL) {
idepth--;
- yy_switch_to_buffer(istack[idepth].bs);
+ sudoers_switch_to_buffer(istack[idepth].bs);
efree(sudoers);
sudoers = istack[idepth].path;
sudolineno = istack[idepth].lineno;
len += (int)(ep - cp);
path = pp = malloc(len + dirlen + 1);
if (path == NULL) {
- yyerror(_("unable to allocate memory"));
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_str(NULL);
}
if (dirlen) {
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef _SUDO_TOKE_H
-#define _SUDO_TOKE_H
+#ifndef _SUDOERS_TOKE_H
+#define _SUDOERS_TOKE_H
bool append(const char *, int);
bool fill_args(const char *, int, int);
bool fill_txt(const char *, int, int);
bool ipv6_valid(const char *s);
int sudoers_trace_print(const char *msg);
-void yyerror(const char *);
+void sudoerserror(const char *);
#ifndef FLEX_SCANNER
extern int (*trace_print)(const char *msg);
(*trace_print)(msg); \
} while (0);
-#endif /* _SUDO_TOKE_H */
+#endif /* _SUDOERS_TOKE_H */
%{
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif /* HAVE_UNISTD_H */
#include "toke.h"
#include <gram.h>
#include "lbuf.h"
+#include "sha2.h"
#include "secure_path.h"
-extern YYSTYPE yylval;
+extern YYSTYPE sudoerslval;
extern bool parse_error;
extern bool sudoers_warnings;
int sudolineno;
static bool continued, sawspace;
static int prev_state;
+static int digest_len;
static bool _push_include(char *, bool);
static bool pop_include(void);
return (n); \
} while (0)
-#define ECHO ignore_result(fwrite(yytext, yyleng, 1, yyout))
+#define ECHO ignore_result(fwrite(sudoerstext, sudoersleng, 1, sudoersout))
#define push_include(_p) (_push_include((_p), false))
#define push_includedir(_p) (_push_include((_p), true))
%option noinput
%option nounput
%option noyywrap
+%option prefix="sudoers"
%s GOTDEFS
%x GOTCMND
%x STARTDEFS
%x INDEFS
%x INSTR
+%s WANTDIGEST
%%
<GOTDEFS>[[:blank:]]*,[[:blank:]]* {
<STARTDEFS>{DEFVAR} {
BEGIN INDEFS;
LEXTRACE("DEFVAR ");
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXRETURN(DEFVAR);
}
\" {
LEXTRACE("BEGINSTR ");
- yylval.string = NULL;
+ sudoerslval.string = NULL;
prev_state = YY_START;
BEGIN INSTR;
}
{ENVAR} {
LEXTRACE("WORD(2) ");
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXRETURN(WORD);
}
LEXTRACE("ENDSTR ");
BEGIN prev_state;
- if (yylval.string == NULL) {
+ if (sudoerslval.string == NULL) {
LEXTRACE("ERROR "); /* empty string */
LEXRETURN(ERROR);
}
if (prev_state == INITIAL) {
- switch (yylval.string[0]) {
+ switch (sudoerslval.string[0]) {
case '%':
- if (yylval.string[1] == '\0' ||
- (yylval.string[1] == ':' &&
- yylval.string[2] == '\0')) {
+ if (sudoerslval.string[1] == '\0' ||
+ (sudoerslval.string[1] == ':' &&
+ sudoerslval.string[2] == '\0')) {
LEXTRACE("ERROR "); /* empty group */
LEXRETURN(ERROR);
}
LEXTRACE("USERGROUP ");
LEXRETURN(USERGROUP);
case '+':
- if (yylval.string[1] == '\0') {
+ if (sudoerslval.string[1] == '\0') {
LEXTRACE("ERROR "); /* empty netgroup */
LEXRETURN(ERROR);
}
\\ {
LEXTRACE("BACKSLASH ");
- if (!append(yytext, yyleng))
+ if (!append(sudoerstext, sudoersleng))
yyterminate();
}
([^\"\n\\]|\\\")+ {
LEXTRACE("STRBODY ");
- if (!append(yytext, yyleng))
+ if (!append(sudoerstext, sudoersleng))
yyterminate();
}
}
\\[\*\?\[\]\!] {
/* quoted fnmatch glob char, pass verbatim */
LEXTRACE("QUOTEDCHAR ");
- if (!fill_args(yytext, 2, sawspace))
+ if (!fill_args(sudoerstext, 2, sawspace))
yyterminate();
sawspace = false;
}
\\[:\\,= \t#] {
/* quoted sudoers special char, strip backslash */
LEXTRACE("QUOTEDCHAR ");
- if (!fill_args(yytext + 1, 1, sawspace))
+ if (!fill_args(sudoerstext + 1, 1, sawspace))
yyterminate();
sawspace = false;
}
[^#\\:, \t\n]+ {
LEXTRACE("ARG ");
- if (!fill_args(yytext, yyleng, sawspace))
+ if (!fill_args(sudoerstext, sudoersleng, sawspace))
yyterminate();
sawspace = false;
} /* a command line arg */
}
+<WANTDIGEST>[[:xdigit:]]+ {
+ /* Only return DIGEST if the length is correct. */
+ if (sudoersleng == digest_len * 2) {
+ if (!fill(sudoerstext, sudoersleng))
+ yyterminate();
+ BEGIN INITIAL;
+ LEXTRACE("DIGEST ");
+ LEXRETURN(DIGEST);
+ }
+ BEGIN INITIAL;
+ yyless(sudoersleng);
+ } /* hex digest */
+
+<WANTDIGEST>[A-Za-z0-9\+/=]+ {
+ /* Only return DIGEST if the length is correct. */
+ size_t len;
+ if (sudoerstext[sudoersleng - 1] == '=') {
+ /* use padding */
+ len = 4 * ((digest_len + 2) / 3);
+ } else {
+ /* no padding */
+ len = (4 * digest_len + 2) / 3;
+ }
+ if (sudoersleng == len) {
+ if (!fill(sudoerstext, sudoersleng))
+ yyterminate();
+ BEGIN INITIAL;
+ LEXTRACE("DIGEST ");
+ LEXRETURN(DIGEST);
+ }
+ BEGIN INITIAL;
+ yyless(sudoersleng);
+ } /* base64 digest */
+
<INITIAL>^#include[[:blank:]]+.*\n {
char *path;
LEXRETURN(ERROR);
}
- if ((path = parse_include(yytext)) == NULL)
+ if ((path = parse_include(sudoerstext)) == NULL)
yyterminate();
LEXTRACE("INCLUDE\n");
LEXRETURN(ERROR);
}
- if ((path = parse_include(yytext)) == NULL)
+ if ((path = parse_include(sudoerstext)) == NULL)
yyterminate();
LEXTRACE("INCLUDEDIR\n");
LEXRETURN(ERROR);
}
- for (n = 0; isblank((unsigned char)yytext[n]); n++)
+ for (n = 0; isblank((unsigned char)sudoerstext[n]); n++)
continue;
n += sizeof("Defaults") - 1;
- if ((deftype = yytext[n++]) != '\0') {
- while (isblank((unsigned char)yytext[n]))
+ if ((deftype = sudoerstext[n++]) != '\0') {
+ while (isblank((unsigned char)sudoerstext[n]))
n++;
}
BEGIN GOTDEFS;
LEXRETURN(ERROR);
}
- for (n = 0; isblank((unsigned char)yytext[n]); n++)
+ for (n = 0; isblank((unsigned char)sudoerstext[n]); n++)
continue;
- switch (yytext[n]) {
+ switch (sudoerstext[n]) {
case 'H':
LEXTRACE("HOSTALIAS ");
LEXRETURN(HOSTALIAS);
\+{WORD} {
/* netgroup */
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NETGROUP ");
LEXRETURN(NETGROUP);
\%:?({WORD}|{ID}) {
/* group */
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("USERGROUP ");
LEXRETURN(USERGROUP);
}
{IPV4ADDR}(\/{IPV4ADDR})? {
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
{IPV4ADDR}\/([12]?[0-9]|3[0-2]) {
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
{IPV6ADDR}(\/{IPV6ADDR})? {
- if (!ipv6_valid(yytext)) {
+ if (!ipv6_valid(sudoerstext)) {
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
}
{IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) {
- if (!ipv6_valid(yytext)) {
+ if (!ipv6_valid(sudoerstext)) {
LEXTRACE("ERROR ");
LEXRETURN(ERROR);
}
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("NTWKADDR ");
LEXRETURN(NTWKADDR);
[[:upper:]][[:upper:][:digit:]_]* {
got_alias:
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("ALIAS ");
LEXRETURN(ALIAS);
}
<GOTDEFS>({PATH}|sudoedit) {
+ /* XXX - no way to specify digest for command */
/* no command args allowed for Defaults!/path */
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("COMMAND ");
LEXRETURN(COMMAND);
}
+sha224 {
+ digest_len = SHA224_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA224 ");
+ LEXRETURN(SHA224);
+ }
+
+sha256 {
+ digest_len = SHA256_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA256 ");
+ LEXRETURN(SHA256);
+ }
+
+sha384 {
+ digest_len = SHA384_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA384 ");
+ LEXRETURN(SHA384);
+ }
+
+sha512 {
+ digest_len = SHA512_DIGEST_LENGTH;
+ BEGIN WANTDIGEST;
+ LEXTRACE("SHA512 ");
+ LEXRETURN(SHA512);
+ }
+
sudoedit {
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
} /* sudo -e */
{PATH} {
/* directories can't have args... */
- if (yytext[yyleng - 1] == '/') {
+ if (sudoerstext[sudoersleng - 1] == '/') {
LEXTRACE("COMMAND ");
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
LEXRETURN(COMMAND);
} else {
BEGIN GOTCMND;
LEXTRACE("COMMAND ");
- if (!fill_cmnd(yytext, yyleng))
+ if (!fill_cmnd(sudoerstext, sudoersleng))
yyterminate();
}
} /* a pathname */
<INITIAL,GOTDEFS>\" {
LEXTRACE("BEGINSTR ");
- yylval.string = NULL;
+ sudoerslval.string = NULL;
prev_state = YY_START;
BEGIN INSTR;
}
<INITIAL,GOTDEFS>({ID}|{WORD}) {
/* a word */
- if (!fill(yytext, yyleng))
+ if (!fill(sudoerstext, sudoersleng))
yyterminate();
LEXTRACE("WORD(5) ");
LEXRETURN(WORD);
} /* return ':' */
<*>!+ {
- if (yyleng & 1) {
+ if (sudoersleng & 1) {
LEXTRACE("!");
LEXRETURN('!'); /* return '!' */
}
if (!(dir = opendir(dirpath))) {
if (errno != ENOENT) {
- char *errbuf;
- if (asprintf(&errbuf, _("%s: %s"), dirpath, strerror(errno)) != -1) {
- yyerror(errbuf);
- free(errbuf);
- } else {
- yyerror(_("unable to allocate memory"));
- }
+ warning("%s", dirpath);
+ sudoerserror(NULL);
}
goto done;
}
pl->path = path;
pl->next = first;
first = pl;
+ path = NULL;
count++;
}
closedir(dir);
while (first != NULL) {
pl = first;
first = pl->next;
- free(pl->path);
- free(pl);
+ efree(pl->path);
+ efree(pl);
}
efree(sorted);
efree(dirpath);
efree(istack[idepth].path);
if (idepth && !istack[idepth].keepopen)
fclose(istack[idepth].bs->yy_input_file);
- yy_delete_buffer(istack[idepth].bs);
+ sudoers_delete_buffer(istack[idepth].bs);
}
efree(istack);
istack = NULL;
/* push current state onto stack */
if (idepth >= istacksize) {
if (idepth > MAX_SUDOERS_DEPTH) {
- yyerror(_("too many levels of includes"));
+ sudoerserror(N_("too many levels of includes"));
debug_return_bool(false);
}
istacksize += SUDOERS_STACK_INCREMENT;
istack = (struct include_stack *) realloc(istack,
sizeof(*istack) * istacksize);
if (istack == NULL) {
- yyerror(_("unable to allocate memory"));
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
}
}
debug_return_bool(false);
}
if (!(path = switch_dir(&istack[idepth], path))) {
- /* switch_dir() called yyerror() for us */
+ /* switch_dir() called sudoerserror() for us */
debug_return_bool(false);
}
while ((fp = open_sudoers(path, false, &keepopen)) == NULL) {
} else {
if ((fp = open_sudoers(path, true, &keepopen)) == NULL) {
/* The error was already printed by open_sudoers() */
- yyerror(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
}
istack[idepth].more = NULL;
idepth++;
sudolineno = 1;
sudoers = path;
- yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+ sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE));
debug_return_bool(true);
}
if (!keepopen)
fclose(YY_CURRENT_BUFFER->yy_input_file);
- yy_delete_buffer(YY_CURRENT_BUFFER);
+ sudoers_delete_buffer(YY_CURRENT_BUFFER);
/* If we are in an include dir, move to the next file. */
while ((pl = istack[idepth - 1].more) != NULL) {
fp = open_sudoers(pl->path, false, &keepopen);
efree(sudoers);
sudoers = pl->path;
sudolineno = 1;
- yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+ sudoers_switch_to_buffer(sudoers_create_buffer(fp, YY_BUF_SIZE));
efree(pl);
break;
}
/* If no path list, just pop the last dir on the stack. */
if (pl == NULL) {
idepth--;
- yy_switch_to_buffer(istack[idepth].bs);
+ sudoers_switch_to_buffer(istack[idepth].bs);
efree(sudoers);
sudoers = istack[idepth].path;
sudolineno = istack[idepth].lineno;
len += (int)(ep - cp);
path = pp = malloc(len + dirlen + 1);
if (path == NULL) {
- yyerror(_("unable to allocate memory"));
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_str(NULL);
}
if (dirlen) {
/*
- * Copyright (c) 1996, 1998-2005, 2007-2011
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <malloc.h>
#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
#include <ctype.h>
+#include <errno.h>
#include "sudoers.h"
#include "parse.h"
static int arg_len = 0;
static int arg_size = 0;
-static int
-hexchar(const char *s)
-{
- int i, result = 0;
- debug_decl(hexchar, SUDO_DEBUG_PARSER)
-
- s += 2; /* skip \\x */
- for (i = 0; i < 2; i++) {
- switch (*s) {
- case 'A':
- case 'a':
- result += 10;
- break;
- case 'B':
- case 'b':
- result += 11;
- break;
- case 'C':
- case 'c':
- result += 12;
- break;
- case 'D':
- case 'd':
- result += 13;
- break;
- case 'E':
- case 'e':
- result += 14;
- break;
- case 'F':
- case 'f':
- result += 15;
- break;
- default:
- result += *s - '0';
- break;
- }
- if (i == 0) {
- result *= 16;
- s++;
- }
- }
- debug_return_int(result);
-}
-
bool
fill_txt(const char *src, int len, int olen)
{
char *dst;
debug_decl(fill_txt, SUDO_DEBUG_PARSER)
- dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1);
+ dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1);
if (dst == NULL) {
- yyerror(_("unable to allocate memory"));
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
}
- yylval.string = dst;
+ sudoerslval.string = dst;
/* Copy the string and collapse any escaped characters. */
dst += olen;
if (src[1] == 'x' && len >= 3 &&
isxdigit((unsigned char) src[2]) &&
isxdigit((unsigned char) src[3])) {
- *dst++ = hexchar(src);
+ *dst++ = hexchar(src + 2);
src += 4;
len -= 3;
} else {
int olen = 0;
debug_decl(append, SUDO_DEBUG_PARSER)
- if (yylval.string != NULL)
- olen = strlen(yylval.string);
+ if (sudoerslval.string != NULL)
+ olen = strlen(sudoerslval.string);
debug_return_bool(fill_txt(src, len, olen));
}
arg_len = arg_size = 0;
- dst = yylval.command.cmnd = (char *) malloc(len + 1);
- if (yylval.command.cmnd == NULL) {
- yyerror(_("unable to allocate memory"));
+ dst = sudoerslval.command.cmnd = (char *) malloc(len + 1);
+ if (sudoerslval.command.cmnd == NULL) {
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
}
}
*dst = '\0';
- yylval.command.args = NULL;
+ sudoerslval.command.args = NULL;
debug_return_bool(true);
}
char *p;
debug_decl(fill_args, SUDO_DEBUG_PARSER)
- if (yylval.command.args == NULL) {
+ if (sudoerslval.command.args == NULL) {
addspace = 0;
new_len = len;
} else
while (new_len >= (arg_size += COMMANDARGINC))
;
- p = yylval.command.args ?
- (char *) realloc(yylval.command.args, arg_size) :
+ p = sudoerslval.command.args ?
+ (char *) realloc(sudoerslval.command.args, arg_size) :
(char *) malloc(arg_size);
if (p == NULL) {
- efree(yylval.command.args);
- yyerror(_("unable to allocate memory"));
+ efree(sudoerslval.command.args);
+ warning(NULL);
+ sudoerserror(NULL);
debug_return_bool(false);
} else
- yylval.command.args = p;
+ sudoerslval.command.args = p;
}
/* Efficiently append the arg (with a leading space if needed). */
- p = yylval.command.args + arg_len;
+ p = sudoerslval.command.args + arg_len;
if (addspace)
*p++ = ' ';
- if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) {
- yyerror(_("fill_args: buffer overflow")); /* paranoia */
+ if (strlcpy(p, s, arg_size - (p - sudoerslval.command.args)) != len) {
+ warningx(_("fill_args: buffer overflow")); /* paranoia */
+ sudoerserror(NULL);
debug_return_bool(false);
}
arg_len = new_len;
/*
- * Copyright (c) 2005, 2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2005, 2008, 2010-2013
+ * Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif /* HAVE_STRINGS_H */
+#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#undef GRMEM_MAX
#define GRMEM_MAX 200
+#ifndef UID_MAX
+# define UID_MAX 0xffffffffU
+#endif
+
+#ifndef GID_MAX
+# define GID_MAX UID_MAX
+#endif
+
static FILE *pwf;
static const char *pwfile = "/etc/passwd";
static int pw_stayopen;
static struct passwd pw;
static char pwbuf[LINE_MAX];
size_t len;
- char *cp, *colon;
+ unsigned long id;
+ char *cp, *colon, *ep;
+next_entry:
if ((colon = fgets(pwbuf, sizeof(pwbuf), pwf)) == NULL)
return NULL;
zero_bytes(&pw, sizeof(pw));
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
pw.pw_name = cp;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
pw.pw_passwd = cp;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
- pw.pw_uid = atoi(cp);
+ id = strtoul(cp, &ep, 10);
+ if (*cp == '\0' || *ep != '\0')
+ goto next_entry;
+ if (id > UID_MAX || (id == ULONG_MAX && errno == ERANGE))
+ goto next_entry;
+ pw.pw_uid = (uid_t)id;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
- pw.pw_gid = atoi(cp);
+ id = strtoul(cp, &ep, 10);
+ if (*cp == '\0' || *ep != '\0')
+ goto next_entry;
+ if (id > GID_MAX || (id == ULONG_MAX && errno == ERANGE))
+ goto next_entry;
+ pw.pw_gid = (gid_t)id;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
pw.pw_gecos = cp;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
pw.pw_dir = cp;
pw.pw_shell = colon;
static struct group gr;
static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1];
size_t len;
- char *cp, *colon;
+ unsigned long id;
+ char *cp, *colon, *ep;
int n;
+next_entry:
if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL)
return NULL;
zero_bytes(&gr, sizeof(gr));
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
gr.gr_name = cp;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
gr.gr_passwd = cp;
if ((colon = strchr(cp = colon, ':')) == NULL)
- return NULL;
+ goto next_entry;
*colon++ = '\0';
- gr.gr_gid = atoi(cp);
+ id = strtoul(cp, &ep, 10);
+ if (*cp == '\0' || *ep != '\0')
+ goto next_entry;
+ if (id > GID_MAX || (id == ULONG_MAX && errno == ERANGE))
+ goto next_entry;
+ gr.gr_gid = (gid_t)id;
len = strlen(colon);
if (len > 0 && colon[len - 1] == '\n')
colon[len - 1] = '\0';
/*
- * Copyright (c) 1996, 1998-2005, 2007-2012
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/time.h>
+#include <sys/uio.h>
#ifndef __TANDEM
# include <sys/file.h>
#endif
#include <fcntl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <netdb.h>
#if TIME_WITH_SYS_TIME
# include <time.h>
#endif
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#include "sudoers.h"
-#include "interfaces.h"
#include "parse.h"
#include "redblack.h"
#include "gettext.h"
};
TQ_DECLARE(sudoersfile)
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
-
/*
* Function prototypes
*/
static bool edit_sudoers(struct sudoersfile *, char *, char *, int);
static bool install_sudoers(struct sudoersfile *, bool);
static int print_unused(void *, void *);
-static void reparse_sudoers(char *, char *, bool, bool);
+static bool reparse_sudoers(char *, char *, bool, bool);
static int run_command(char *, char **);
-static int visudo_printf(int msg_type, const char *fmt, ...);
static void setup_signals(void);
static void help(void) __attribute__((__noreturn__));
static void usage(int);
+static void visudo_cleanup(void);
-void cleanup(int);
-
-extern void yyerror(const char *);
-extern void yyrestart(FILE *);
+extern void sudoerserror(const char *);
+extern void sudoersrestart(FILE *);
/*
* External globals exported by the parser
*/
extern struct rbtree *aliases;
-extern FILE *yyin;
+extern FILE *sudoersin;
extern char *sudoers, *errorfile;
extern int errorlineno;
extern bool parse_error;
/*
* Globals
*/
-struct interface *interfaces;
struct sudo_user sudo_user;
struct passwd *list_pw;
-sudo_printf_t sudo_printf = visudo_printf;
static struct sudoersfile_list sudoerslist;
static struct rbtree *alias_freelist;
static bool checkonly;
+__dso_public int main(int argc, char *argv[]);
+
int
main(int argc, char *argv[])
{
setprogname(argc > 0 ? argv[0] : "visudo");
#endif
-#ifdef HAVE_SETLOCALE
- setlocale(LC_ALL, "");
-#endif
+ sudoers_setlocale(SUDOERS_LOCALE_USER, NULL);
bindtextdomain("sudoers", LOCALEDIR); /* XXX - should have visudo domain */
textdomain("sudoers");
if (argc < 1)
usage(1);
+ /* Register fatal/fatalx callback. */
+ fatal_callback_register(visudo_cleanup);
+
/* Read sudo.conf. */
- sudo_conf_read();
+ sudo_conf_read(NULL);
/*
* Arg handling.
/* Mock up a fake sudo_user struct. */
user_cmnd = "";
if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
- errorx(1, _("you do not exist in the %s database"), "passwd");
+ fatalx(_("you do not exist in the %s database"), "passwd");
get_hostname();
/* Setup defaults data structures. */
}
/*
- * Parse the existing sudoers file(s) in quiet mode to highlight any
- * existing errors and to pull in editor and env_editor conf values.
+ * Parse the existing sudoers file(s) to highlight any existing
+ * errors and to pull in editor and env_editor conf values.
*/
- if ((yyin = open_sudoers(sudoers_path, true, NULL)) == NULL) {
- error(1, "%s", sudoers_path);
- }
+ if ((sudoersin = open_sudoers(sudoers_path, true, NULL)) == NULL)
+ exit(1);
init_parser(sudoers_path, false);
- yyparse();
+ sudoersparse();
(void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER);
editor = get_editor(&args);
edit_sudoers(sp, editor, args, -1);
}
- /* Check edited files for a parse error and re-edit any that fail. */
- reparse_sudoers(editor, args, strict, quiet);
-
- /* Install the sudoers temp files as needed. */
- tq_foreach_fwd(&sudoerslist, sp) {
- (void) install_sudoers(sp, oldperms);
+ /*
+ * Check edited files for a parse error, re-edit any that fail
+ * and install the edited files as needed.
+ */
+ if (reparse_sudoers(editor, args, strict, quiet)) {
+ tq_foreach_fwd(&sudoerslist, sp) {
+ (void) install_sudoers(sp, oldperms);
+ }
}
done:
debug_decl(edit_sudoers, SUDO_DEBUG_UTIL)
if (fstat(sp->fd, &sb) == -1)
- error(1, _("unable to stat %s"), sp->path);
+ fatal(_("unable to stat %s"), sp->path);
orig_size = sb.st_size;
mtim_get(&sb, &orig_mtim);
easprintf(&sp->tpath, "%s.tmp", sp->path);
tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (tfd < 0)
- error(1, "%s", sp->tpath);
+ fatal("%s", sp->tpath);
/* Copy sp->path -> sp->tpath and reset the mtime. */
if (orig_size != 0) {
(void) lseek(sp->fd, (off_t)0, SEEK_SET);
while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
if (write(tfd, buf, nread) != nread)
- error(1, _("write error"));
+ fatal(_("write error"));
/* Add missing newline at EOF if needed. */
if (nread > 0 && buf[nread - 1] != '\n') {
buf[0] = '\n';
if (write(tfd, buf, 1) != 1)
- error(1, _("write error"));
+ fatal(_("write error"));
}
}
(void) close(tfd);
/*
* Parse sudoers after editing and re-edit any ones that caused a parse error.
*/
-static void
+static bool
reparse_sudoers(char *editor, char *args, bool strict, bool quiet)
{
struct sudoersfile *sp, *last;
int ch;
debug_decl(reparse_sudoers, SUDO_DEBUG_UTIL)
- if (tq_empty(&sudoerslist))
- debug_return;
-
/*
* Parse the edited sudoers files and do sanity checking
*/
- do {
- sp = tq_first(&sudoerslist);
+ while ((sp = tq_first(&sudoerslist)) != NULL) {
last = tq_last(&sudoerslist);
fp = fopen(sp->tpath, "r+");
if (fp == NULL)
- errorx(1, _("unable to re-open temporary file (%s), %s unchanged."),
+ fatalx(_("unable to re-open temporary file (%s), %s unchanged."),
sp->tpath, sp->path);
/* Clean slate for each parse */
init_defaults();
init_parser(sp->path, quiet);
- /* Parse the sudoers temp file */
- yyrestart(fp);
- if (yyparse() && !parse_error) {
+ /* Parse the sudoers temp file(s) */
+ sudoersrestart(fp);
+ if (sudoersparse() && !parse_error) {
warningx(_("unabled to parse temporary file (%s), unknown error"),
sp->tpath);
parse_error = true;
errorfile = sp->path;
}
- fclose(yyin);
+ fclose(sudoersin);
if (!parse_error) {
if (!check_defaults(SETDEF_ALL, quiet) ||
check_aliases(strict, quiet) != 0) {
}
/*
- * Got an error, prompt the user for what to do now
+ * Got an error, prompt the user for what to do now.
*/
if (parse_error) {
switch (whatnow()) {
- case 'Q' : parse_error = false; /* ignore parse error */
- break;
- case 'x' : /* XXX - should return instead of exiting */
- cleanup(0);
- sudo_debug_exit_int(__func__, __FILE__,
- __LINE__, sudo_debug_subsys, 0);
- exit(0);
- break;
- }
- }
- if (parse_error) {
- /* Edit file with the parse error */
- tq_foreach_fwd(&sudoerslist, sp) {
- if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
- edit_sudoers(sp, editor, args, errorlineno);
- if (errorfile != NULL)
- break;
+ case 'Q':
+ parse_error = false; /* ignore parse error */
+ break;
+ case 'x':
+ visudo_cleanup(); /* discard changes */
+ debug_return_bool(false);
+ case 'e':
+ default:
+ /* Edit file with the parse error */
+ tq_foreach_fwd(&sudoerslist, sp) {
+ if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
+ edit_sudoers(sp, editor, args, errorlineno);
+ if (errorfile != NULL)
+ break;
+ }
}
- }
- if (errorfile != NULL && sp == NULL) {
- errorx(1, _("internal error, unable to find %s in list!"),
- sudoers);
+ if (errorfile != NULL && sp == NULL) {
+ fatalx(_("internal error, unable to find %s in list!"),
+ sudoers);
+ }
+ break;
}
}
continue;
edit_sudoers(sp, editor, args, errorlineno);
}
- } while (parse_error);
- debug_return;
+ /* If all sudoers files parsed OK we are done. */
+ if (!parse_error)
+ break;
+ }
+
+ debug_return_bool(true);
}
/*
if (oldperms) {
/* Use perms of the existing file. */
if (fstat(sp->fd, &sb) == -1)
- error(1, _("unable to stat %s"), sp->path);
+ fatal(_("unable to stat %s"), sp->path);
if (chown(sp->tpath, sb.st_uid, sb.st_gid) != 0) {
warning(_("unable to set (uid, gid) of %s to (%u, %u)"),
sp->tpath, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid);
debug_return_bool(rval);
}
-/* STUB */
-void
-set_fqdn(void)
-{
- return;
-}
-
/* STUB */
void
init_envtables(void)
return false;
}
+/* STUB */
+struct interface *get_interfaces(void)
+{
+ return NULL;
+}
+
/*
* Assuming a parse error occurred, prompt the user for what they want
* to do now. Returns the first letter of their choice.
switch (pid = sudo_debug_fork()) {
case -1:
- error(1, _("unable to execute %s"), path);
+ fatal(_("unable to execute %s"), path);
break; /* NOTREACHED */
case 0:
sudo_endpwent();
debug_decl(check_syntax, SUDO_DEBUG_UTIL)
if (strcmp(sudoers_path, "-") == 0) {
- yyin = stdin;
+ sudoersin = stdin;
sudoers_path = "stdin";
- } else if ((yyin = fopen(sudoers_path, "r")) == NULL) {
+ } else if ((sudoersin = fopen(sudoers_path, "r")) == NULL) {
if (!quiet)
warning(_("unable to open %s"), sudoers_path);
goto done;
}
init_parser(sudoers_path, quiet);
- if (yyparse() && !parse_error) {
+ if (sudoersparse() && !parse_error) {
if (!quiet)
warningx(_("failed to parse %s file, unknown error"), sudoers_path);
parse_error = true;
debug_return_ptr(NULL);
}
if (!checkonly && !lock_file(entry->fd, SUDO_TLOCK))
- errorx(1, _("%s busy, try again later"), entry->path);
+ fatalx(_("%s busy, try again later"), entry->path);
if ((fp = fdopen(entry->fd, "r")) == NULL)
- error(1, "%s", entry->path);
+ fatal("%s", entry->path);
tq_append(&sudoerslist, entry);
} else {
/* Already exists, open .tmp version if there is one. */
if (entry->tpath != NULL) {
if ((fp = fopen(entry->tpath, "r")) == NULL)
- error(1, "%s", entry->tpath);
+ fatal("%s", entry->tpath);
} else {
if ((fp = fdopen(entry->fd, "r")) == NULL)
- error(1, "%s", entry->path);
+ fatal("%s", entry->path);
rewind(fp);
}
}
} else {
if (def_env_editor) {
/* If we are honoring $EDITOR this is a fatal error. */
- errorx(1, _("specified editor (%s) doesn't exist"), UserEditor);
+ fatalx(_("specified editor (%s) doesn't exist"), UserEditor);
} else {
/* Otherwise, just ignore $EDITOR. */
UserEditor = NULL;
if (stat(UserEditor, &user_editor_sb) != 0) {
/* Should never happen since we already checked above. */
- error(1, _("unable to stat editor (%s)"), UserEditor);
+ fatal(_("unable to stat editor (%s)"), UserEditor);
}
EditorPath = estrdup(def_editor);
Editor = strtok(EditorPath, ":");
/* Bleah, none of the editors existed! */
if (Editor == NULL || *Editor == '\0')
- errorx(1, _("no editor found (editor path = %s)"), def_editor);
+ fatalx(_("no editor found (editor path = %s)"), def_editor);
}
*args = EditorArgs;
debug_return_str(Editor);
static void
get_hostname(void)
{
- char *p, thost[MAXHOSTNAMELEN + 1];
+ char *p, thost[HOST_NAME_MAX + 1];
debug_decl(get_hostname, SUDO_DEBUG_UTIL)
if (gethostname(thost, sizeof(thost)) != -1) {
}
rbinsert(alias_freelist, a);
}
- alias_seqno++;
debug_return_bool(rval);
}
int errors = 0;
debug_decl(check_alias, SUDO_DEBUG_ALIAS)
- if ((a = alias_find(name, type)) != NULL) {
+ if ((a = alias_get(name, type)) != NULL) {
/* check alias contents */
tq_foreach_fwd(&a->members, m) {
if (m->type == ALIAS)
errors += check_alias(m->name, type, strict, quiet);
}
+ alias_put(a);
} else {
if (!quiet) {
char *fmt;
tq_foreach_fwd(&userspecs, us) {
tq_foreach_fwd(&us->users, m) {
if (m->type == ALIAS) {
- alias_seqno++;
errors += check_alias(m->name, USERALIAS, strict, quiet);
}
}
tq_foreach_fwd(&us->privileges, priv) {
tq_foreach_fwd(&priv->hostlist, m) {
if (m->type == ALIAS) {
- alias_seqno++;
errors += check_alias(m->name, HOSTALIAS, strict, quiet);
}
}
tq_foreach_fwd(&priv->cmndlist, cs) {
tq_foreach_fwd(&cs->runasuserlist, m) {
if (m->type == ALIAS) {
- alias_seqno++;
errors += check_alias(m->name, RUNASALIAS, strict, quiet);
}
}
if ((m = cs->cmnd)->type == ALIAS) {
- alias_seqno++;
errors += check_alias(m->name, CMNDALIAS, strict, quiet);
}
}
tq_foreach_fwd(&userspecs, us) {
tq_foreach_fwd(&us->users, m) {
if (m->type == ALIAS) {
- alias_seqno++;
if (!alias_remove_recursive(m->name, USERALIAS))
errors++;
}
tq_foreach_fwd(&us->privileges, priv) {
tq_foreach_fwd(&priv->hostlist, m) {
if (m->type == ALIAS) {
- alias_seqno++;
if (!alias_remove_recursive(m->name, HOSTALIAS))
errors++;
}
tq_foreach_fwd(&priv->cmndlist, cs) {
tq_foreach_fwd(&cs->runasuserlist, m) {
if (m->type == ALIAS) {
- alias_seqno++;
if (!alias_remove_recursive(m->name, RUNASALIAS))
errors++;
}
}
if ((m = cs->cmnd)->type == ALIAS) {
- alias_seqno++;
if (!alias_remove_recursive(m->name, CMNDALIAS))
errors++;
}
tq_foreach_fwd(&d->binding, binding) {
for (m = binding; m != NULL; m = m->next) {
if (m->type == ALIAS) {
- alias_seqno++;
if (!alias_remove_recursive(m->name, atype))
errors++;
}
struct alias *a = (struct alias *)v1;
char *prefix = (char *)v2;
- warningx2(_("%s: unused %s_Alias %s"), prefix,
+ warningx_nodebug(_("%s: unused %s_Alias %s"), prefix,
a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" :
a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" :
"Unknown", a->name);
/*
* Unlink any sudoers temp files that remain.
*/
-void
-cleanup(int gotsignal)
+static void
+visudo_cleanup(void)
{
struct sudoersfile *sp;
if (sp->tpath != NULL)
(void) unlink(sp->tpath);
}
- if (!gotsignal) {
- sudo_endpwent();
- sudo_endgrent();
- }
+ sudo_endpwent();
+ sudo_endgrent();
}
/*
static void
quit(int signo)
{
- const char *signame, *myname;
+ struct sudoersfile *sp;
+ struct iovec iov[4];
+
+ tq_foreach_fwd(&sudoerslist, sp) {
+ if (sp->tpath != NULL)
+ (void) unlink(sp->tpath);
+ }
- cleanup(signo);
#define emsg " exiting due to signal: "
- myname = getprogname();
- signame = strsignal(signo);
- ignore_result(write(STDERR_FILENO, myname, strlen(myname)));
- ignore_result(write(STDERR_FILENO, emsg, sizeof(emsg) - 1));
- ignore_result(write(STDERR_FILENO, signame, strlen(signame)));
- ignore_result(write(STDERR_FILENO, "\n", 1));
+ iov[0].iov_base = (char *)getprogname();
+ iov[0].iov_len = strlen(iov[0].iov_base);
+ iov[1].iov_base = emsg;
+ iov[1].iov_len = sizeof(emsg) - 1;
+ iov[2].iov_base = strsignal(signo);
+ iov[2].iov_len = strlen(iov[2].iov_base);
+ iov[3].iov_base = "\n";
+ iov[3].iov_len = 1;
+ ignore_result(writev(STDERR_FILENO, iov, 4));
_exit(signo);
}
" -V display version information and exit"));
exit(0);
}
-
-static int
-visudo_printf(int msg_type, const char *fmt, ...)
-{
- va_list ap;
- FILE *fp;
-
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- fp = stdout;
- break;
- case SUDO_CONV_ERROR_MSG:
- fp = stderr;
- break;
- default:
- errno = EINVAL;
- return -1;
- }
-
- va_start(ap, fmt);
- vfprintf(fp, fmt, ap);
- va_end(ap);
-
- return 0;
-}
#
-# Copyright (c) 2011-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
install-doc:
install-plugin: install-dirs system_group.la
- $(INSTALL) -b~ -m $(shlib_mode) .libs/system_group$(soext) $(DESTDIR)$(plugindir)
+ $(INSTALL) -b~ -m $(shlib_mode) .libs/system_group$(soext) $(DESTDIR)$(plugindir)/system_group.so
uninstall:
- -rm -f $(DESTDIR)$(plugindir)/system_group$(soext)
+ -rm -f $(DESTDIR)$(plugindir)/system_group.so
check:
/*
- * Copyright (c) 2010, 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
return false;
}
-struct sudoers_group_plugin group_plugin = {
+__dso_public struct sudoers_group_plugin group_plugin = {
GROUP_API_VERSION,
sysgroup_init,
sysgroup_cleanup,
#!/bin/sh
# Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED
-pp_revision="368"
+pp_revision="371"
# Copyright 2012 Quest Software, Inc. ALL RIGHTS RESERVED.
#
# Redistribution and use in source and binary forms, with or without
then
group_opt="--group $GROUP"
fi
- if [ "$VERBOSE" = no ]
- then
- quiet_opt="--quiet"
- else
- quiet_opt="--verbose"
- fi
- start-stop-daemon --start $quiet_opt $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \
+ start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \
|| return 1
# Note: there seems to be no way to tell whether the daemon will fork itself or not, so pass
# --background for now
- start-stop-daemon --start $quiet_opt $pidfile_opt $user_opt --exec $DAEMON -- \
+ start-stop-daemon --start --quiet $pidfile_opt $user_opt --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
then
signal_opt="--signal $STOP_SIGNAL"
fi
- if [ "$VERBOSE" = "no" ]
- then
- quiet_opt="--quiet"
- else
- quiet_opt="--verbose"
- fi
- start-stop-daemon --stop $quiet_opt $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME
+ start-stop-daemon --stop --quiet $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop $quiet_opt --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
test -z $PIDFILE || rm -f $PIDFILE
fi
if [ -n "$RELOAD_SIGNAL" ]
then
- start-stop-daemon --stop --signal $RELOAD_SIGNAL $quiet_opt $pidfile_opt --name $NAME
+ start-stop-daemon --stop --signal $RELOAD_SIGNAL --quiet $pidfile_opt --name $NAME
fi
return 0
}
pp_macos_pkg_readme=
pp_macos_pkg_welcome=
pp_macos_sudo=sudo
+ pp_macos_installer_plugin=
# OS X puts the library version *before* the .dylib extension
pp_shlib_suffix='*.dylib'
}
# Make sure we do not override system directories
if ($d =~ m:^\./(etc|var)$:) {
my $tgt = "private/$1";
- my $_ = `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`;
- my ($sum, $len) = split;
+ my ($sum, $len) = split(/\s+/, `/usr/bin/printf "$tgt" | /usr/bin/cksum /dev/stdin`);
print "$d\t120755\t0/0\t$len\t$sum\t$tgt\n";
} elsif ($d eq "." || $d eq "./Library") {
print "$d\t41775\t0/80\n";
awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $Contents/Archive.pax.gz
)
+ # Copy installer plugins if any
+ if test -n "$pp_macos_installer_plugin"; then
+ if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then
+ pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin"
+ fi
+ mkdir -p $pkgdir/Plugins
+ cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins
+ fi
+
test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage
rm -f ${name}-${version}.dmg
awk '{ print "." $6 }' $filelists | sed 's:/$::' | sort | /usr/bin/cpio -o | pp_macos_rewrite_cpio $filelists | gzip -9f -c > $bundledir/Payload
)
+ # Copy installer plugins if any
+ if test -n "$pp_macos_installer_plugin"; then
+ if test ! -f "$pp_macos_installer_plugin/InstallerSections.plist"; then
+ pp_error "Missing InstallerSections.plist file in $pp_macos_installer_plugin"
+ fi
+ mkdir -p $pkgdir/Plugins
+ cp -R "$pp_macos_installer_plugin"/* $pkgdir/Plugins
+ fi
+
test -d $pp_wrkdir/bom_stage && $pp_macos_sudo rm -rf $pp_wrkdir/bom_stage
# Create the flat package with xar (like pkgutil --flatten does)
#
-# Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+# Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# File mode to use for shared libraries/objects
shlib_mode = @SHLIB_MODE@
+TEST_PROGS = check_ttyname
+TEST_LIBS = @LIBS@ @LIBINTL@ $(LT_LIBS)
+TEST_LDFLAGS = @LDFLAGS@
+
# OS dependent defines
DEFS = @OSDEFS@ -DLOCALEDIR=\"$(localedir)\"
PROGS = @PROGS@
-OBJS = conversation.o env_hooks.o error.o exec.o exec_common.o exec_pty.o \
- get_pty.o hooks.o net_ifs.o load_plugins.o parse_args.o sudo.o \
+OBJS = conversation.o env_hooks.o exec.o exec_common.o exec_pty.o get_pty.o \
+ hooks.o net_ifs.o load_plugins.o parse_args.o signal.o sudo.o \
sudo_edit.o tgetpass.o ttyname.o utmp.o @SUDO_OBJS@
+SESH_OBJS = sesh.o locale_stub.o exec_common.o
+
+CHECK_TTYNAME_OBJS = check_ttyname.o locale_stub.o ttyname.o
+
LIBOBJDIR = $(top_builddir)/@ac_config_libobj_dir@/
VERSION = @PACKAGE_VERSION@
libsudo_noexec.la: sudo_noexec.lo
$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LT_LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
-sesh: sesh.o error.o exec_common.o @LIBINTL@ $(LT_LIBS)
- $(LIBTOOL) --mode=link $(CC) -o $@ sesh.o error.o exec_common.o $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) @LIBINTL@ $(LIBS)
+sesh: $(SESH_OBJS) @LIBINTL@ $(LT_LIBS)
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) @LIBINTL@ $(LIBS)
+
+check_ttyname: $(CHECK_TTYNAME_OBJS) $(top_builddir)/common/libcommon.la $(LIBOBJDIR)libreplace.la
+ $(LIBTOOL) --mode=link $(CC) -o $@ $(CHECK_TTYNAME_OBJS) $(TEST_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(TEST_LIBS)
pre-install:
install-dirs:
$(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(bindir) \
- $(DESTDIR)$(noexecdir)
+ $(DESTDIR)$(libexecdir)/sudo $(DESTDIR)$(noexecdir)
install-binaries: install-dirs $(PROGS)
$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -m 04755 sudo $(DESTDIR)$(bindir)/sudo
rm -f $(DESTDIR)$(bindir)/sudoedit
ln -s sudo $(DESTDIR)$(bindir)/sudoedit
- if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sesh; fi
+ if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 sesh $(DESTDIR)$(libexecdir)/sudo/sesh; fi
install-doc:
uninstall:
-rm -f $(DESTDIR)$(bindir)/sudo $(DESTDIR)$(bindir)/sudoedit \
- $(DESTDIR)$(libexecdir)/sesh \
+ $(DESTDIR)$(libexecdir)/sudo/sesh \
$(DESTDIR)$(noexecdir)/$(noexecfile)
-check:
+check: $(TEST_PROGS)
+ ./check_ttyname
clean:
- -$(LIBTOOL) --mode=clean rm -f $(PROGS) *.lo *.o *.la *.a stamp-* core *.core core.*
+ -$(LIBTOOL) --mode=clean rm -f $(PROGS) $(TEST_PROGS) *.lo *.o *.la *.a stamp-* core *.core core.*
mostlyclean: clean
cleandir: realclean
# Autogenerated dependencies, do not modify
+check_ttyname.o: $(srcdir)/regress/ttyname/check_ttyname.c \
+ $(top_builddir)/config.h $(incdir)/missing.h \
+ $(incdir)/alloc.h $(incdir)/error.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/ttyname/check_ttyname.c
conversation.o: $(srcdir)/conversation.c $(top_builddir)/config.h \
$(srcdir)/sudo.h $(top_builddir)/pathnames.h \
$(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
$(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h \
$(incdir)/sudo_plugin.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/env_hooks.c
-error.o: $(srcdir)/error.c $(top_builddir)/config.h $(incdir)/missing.h \
- $(incdir)/error.h $(incdir)/gettext.h
- $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/error.c
exec.o: $(srcdir)/exec.c $(top_builddir)/config.h $(srcdir)/sudo.h \
$(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \
$(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
$(incdir)/sudo_plugin.h $(srcdir)/sudo_plugin_int.h \
$(incdir)/sudo_conf.h $(incdir)/list.h $(incdir)/sudo_debug.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/load_plugins.c
+locale_stub.o: $(srcdir)/locale_stub.c $(top_builddir)/config.h \
+ $(incdir)/missing.h $(incdir)/error.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/locale_stub.c
net_ifs.o: $(srcdir)/net_ifs.c $(top_builddir)/config.h $(incdir)/missing.h \
$(incdir)/alloc.h $(incdir)/error.h $(incdir)/sudo_debug.h \
$(incdir)/gettext.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/net_ifs.c
+openbsd.o: $(srcdir)/openbsd.c $(top_builddir)/config.h $(srcdir)/sudo.h \
+ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \
+ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
+ $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \
+ $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/openbsd.c
parse_args.o: $(srcdir)/parse_args.c $(top_builddir)/config.h ./sudo_usage.h \
$(srcdir)/sudo.h $(top_builddir)/pathnames.h \
$(top_srcdir)/compat/stdbool.h $(incdir)/missing.h \
$(incdir)/list.h $(incdir)/sudo_debug.h $(srcdir)/sudo_exec.h \
$(incdir)/sudo_plugin.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sesh.c
+signal.o: $(srcdir)/signal.c $(top_builddir)/config.h $(srcdir)/sudo.h \
+ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \
+ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
+ $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \
+ $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/signal.c
+solaris.o: $(srcdir)/solaris.c $(top_builddir)/config.h $(srcdir)/sudo.h \
+ $(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \
+ $(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
+ $(incdir)/fileops.h $(incdir)/list.h $(incdir)/sudo_conf.h \
+ $(incdir)/list.h $(incdir)/sudo_debug.h $(incdir)/gettext.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris.c
sudo.o: $(srcdir)/sudo.c $(top_builddir)/config.h $(srcdir)/sudo.h \
$(top_builddir)/pathnames.h $(top_srcdir)/compat/stdbool.h \
$(incdir)/missing.h $(incdir)/alloc.h $(incdir)/error.h \
/*
- * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2007-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
extern int tgetpass_flags; /* XXX */
-#if defined(HAVE_DLOPEN) || defined(HAVE_SHL_LOAD)
-sudo_conv_t sudo_conv; /* NULL in sudo front-end */
-#endif
-
/*
* Sudo conversation function.
*/
return -1;
}
-
-int
-_sudo_printf(int msg_type, const char *fmt, ...)
-{
- va_list ap;
- FILE *fp;
- int len;
-
- switch (msg_type) {
- case SUDO_CONV_INFO_MSG:
- fp = stdout;
- break;
- case SUDO_CONV_ERROR_MSG:
- fp = stderr;
- break;
- default:
- errno = EINVAL;
- return -1;
- }
-
- va_start(ap, fmt);
- len = vfprintf(fp, fmt, ap);
- va_end(ap);
-
- return len;
-}
+++ /dev/null
-/*
- * Copyright (c) 2004-2005, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "missing.h"
-#include "error.h"
-
-#define DEFAULT_TEXT_DOMAIN "sudo"
-#include "gettext.h"
-
-static void _warning(int, const char *, va_list);
- void cleanup(int);
-
-void
-error2(int eval, const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- _warning(1, fmt, ap);
- va_end(ap);
- cleanup(0);
- exit(eval);
-}
-
-void
-errorx2(int eval, const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- _warning(0, fmt, ap);
- va_end(ap);
- cleanup(0);
- exit(eval);
-}
-
-void
-warning2(const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- _warning(1, fmt, ap);
- va_end(ap);
-}
-
-void
-warningx2(const char *fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- _warning(0, fmt, ap);
- va_end(ap);
-}
-
-static void
-_warning(int use_errno, const char *fmt, va_list ap)
-{
- int serrno = errno;
-
- fputs(getprogname(), stderr);
- if (fmt != NULL) {
- fputs(_(": "), stderr);
- vfprintf(stderr, fmt, ap);
- }
- if (use_errno) {
- fputs(_(": "), stderr);
- fputs(strerror(serrno), stderr);
- }
- putc('\n', stderr);
-}
/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h>
#endif
#if TIME_WITH_SYS_TIME
# include <time.h>
#endif
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"
-/* Shared with exec_pty.c for use with handler(). */
-int signal_pipe[2];
-
/* We keep a tailq of signals to forward to child. */
struct sigforward {
struct sigforward *prev, *next;
volatile pid_t cmnd_pid = -1;
-static int handle_signals(int sv[2], pid_t child, int log_io,
+static int dispatch_signals(int sv[2], pid_t child, int log_io,
struct command_status *cstat);
+static int dispatch_pending_signals(struct command_status *cstat);
static void forward_signals(int fd);
static void schedule_signal(int signo);
#ifdef SA_SIGINFO
* XXX - currently we send SIGCONT upon resume in some cases where
* we don't need to (e.g. command pgrp == parent pgrp).
*/
- zero_bytes(&sa, sizeof(sa));
- sigemptyset(&sa.sa_mask);
+ memset(&sa, 0, sizeof(sa));
+ sigfillset(&sa.sa_mask);
sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
#ifdef SA_SIGINFO
sa.sa_flags |= SA_SIGINFO;
#else
sa.sa_handler = handler;
#endif
- sigaction(SIGCONT, &sa, NULL);
+ sudo_sigaction(SIGCONT, &sa, NULL);
#ifdef SA_SIGINFO
sa.sa_sigaction = handler_user_only;
#endif
- sigaction(SIGTSTP, &sa, NULL);
+ sudo_sigaction(SIGTSTP, &sa, NULL);
/*
* The policy plugin's session init must be run before we fork
* or certain pam modules won't be able to track their state.
*/
if (policy_init_session(details) != true)
- errorx(1, _("policy plugin failed session initialization"));
+ fatalx(_("policy plugin failed session initialization"));
cmnd_pid = sudo_debug_fork();
switch (cmnd_pid) {
case -1:
- error(1, _("unable to fork"));
+ fatal(_("unable to fork"));
break;
case 0:
/* child */
close(signal_pipe[0]);
close(signal_pipe[1]);
fcntl(sv[1], F_SETFD, FD_CLOEXEC);
- restore_signals();
- if (exec_setup(details, NULL, -1) == true) {
- /* headed for execve() */
- sudo_debug_execve(SUDO_DEBUG_INFO, details->command,
- details->argv, details->envp);
- if (details->closefrom >= 0) {
- int maxfd = details->closefrom;
- dup2(sv[1], maxfd);
- (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC);
- sv[1] = maxfd++;
- if (sudo_debug_fd_set(maxfd) != -1)
- maxfd++;
- closefrom(maxfd);
- }
-#ifdef HAVE_SELINUX
- if (ISSET(details->flags, CD_RBAC_ENABLED)) {
- selinux_execve(details->command, details->argv, details->envp,
- ISSET(details->flags, CD_NOEXEC));
- } else
-#endif
- {
- sudo_execve(details->command, details->argv, details->envp,
- ISSET(details->flags, CD_NOEXEC));
- }
- sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s",
- details->command, strerror(errno));
- }
- cstat.type = CMD_ERRNO;
- cstat.val = errno;
+ exec_cmnd(details, &cstat, &sv[1]);
send(sv[1], &cstat, sizeof(cstat), 0);
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1);
_exit(1);
debug_return_int(cmnd_pid);
}
-static struct signal_state {
- int signo;
- sigaction_t sa;
-} saved_signals[] = {
- { SIGALRM },
- { SIGCHLD },
- { SIGCONT },
- { SIGHUP },
- { SIGINT },
- { SIGPIPE },
- { SIGQUIT },
- { SIGTERM },
- { SIGTSTP },
- { SIGTTIN },
- { SIGTTOU },
- { SIGUSR1 },
- { SIGUSR2 },
- { -1 }
-};
-
-/*
- * Save signal handler state so it can be restored before exec.
- */
-void
-save_signals(void)
-{
- struct signal_state *ss;
- debug_decl(save_signals, SUDO_DEBUG_EXEC)
-
- for (ss = saved_signals; ss->signo != -1; ss++)
- sigaction(ss->signo, NULL, &ss->sa);
-
- debug_return;
-}
-
/*
- * Restore signal handlers to initial state.
+ * Setup the execution environment and execute the command.
+ * If SELinux is enabled, run the command via sesh, otherwise
+ * execute it directly.
+ * If the exec fails, cstat is filled in with the value of errno.
*/
void
-restore_signals(void)
+exec_cmnd(struct command_details *details, struct command_status *cstat,
+ int *errfd)
{
- struct signal_state *ss;
- debug_decl(restore_signals, SUDO_DEBUG_EXEC)
-
- for (ss = saved_signals; ss->signo != -1; ss++)
- sigaction(ss->signo, &ss->sa, NULL);
-
+ debug_decl(exec_cmnd, SUDO_DEBUG_EXEC)
+
+ restore_signals();
+ if (exec_setup(details, NULL, -1) == true) {
+ /* headed for execve() */
+ sudo_debug_execve(SUDO_DEBUG_INFO, details->command,
+ details->argv, details->envp);
+ if (details->closefrom >= 0) {
+ int maxfd = details->closefrom;
+ /* Preserve back channel if present. */
+ if (errfd != NULL) {
+ dup2(*errfd, maxfd);
+ (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC);
+ *errfd = maxfd++;
+ }
+ if (sudo_debug_fd_set(maxfd) != -1)
+ maxfd++;
+ closefrom(maxfd);
+ }
+#ifdef HAVE_SELINUX
+ if (ISSET(details->flags, CD_RBAC_ENABLED)) {
+ selinux_execve(details->command, details->argv, details->envp,
+ ISSET(details->flags, CD_NOEXEC));
+ } else
+#endif
+ {
+ sudo_execve(details->command, details->argv, details->envp,
+ ISSET(details->flags, CD_NOEXEC));
+ }
+ cstat->type = CMD_ERRNO;
+ cstat->val = errno;
+ sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s",
+ details->command, strerror(errno));
+ }
debug_return;
}
/*
- * Execute a command, potentially in a pty with I/O loggging.
+ * Execute a command, potentially in a pty with I/O loggging, and
+ * wait for it to finish.
* This is a little bit tricky due to how POSIX job control works and
* we fact that we have two different controlling terminals to deal with.
*/
pid_t child;
debug_decl(sudo_execute, SUDO_DEBUG_EXEC)
+ dispatch_pending_signals(cstat);
+
/* If running in background mode, fork and exit. */
if (ISSET(details->flags, CD_BACKGROUND)) {
switch (sudo_debug_fork()) {
utmp_user = details->utmp_user ? details->utmp_user : user_details.username;
sudo_debug_printf(SUDO_DEBUG_INFO, "allocate pty for I/O logging");
pty_setup(details->euid, user_details.tty, utmp_user);
+ } else if (!ISSET(details->flags, CD_SET_TIMEOUT) &&
+ policy_plugin.u.policy->close == NULL) {
+ /* If no I/O logging, timeout or policy close we can exec directly. */
+ exec_cmnd(details, cstat, NULL);
+ goto done;
}
/*
* Parent sends signal info to child and child sends back wait status.
*/
if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) == -1)
- error(1, _("unable to create sockets"));
-
- /*
- * We use a pipe to atomically handle signal notification within
- * the select() loop.
- */
- if (pipe_nonblock(signal_pipe) != 0)
- error(1, _("unable to create pipe"));
-
- zero_bytes(&sa, sizeof(sa));
- sigemptyset(&sa.sa_mask);
+ fatal(_("unable to create sockets"));
/*
* Signals to forward to the child process (excluding SIGALRM and SIGCHLD).
+ * We block all other signals while running the signal handler.
* Note: HP-UX select() will not be interrupted if SA_RESTART set.
*/
+ memset(&sa, 0, sizeof(sa));
+ sigfillset(&sa.sa_mask);
sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
#ifdef SA_SIGINFO
sa.sa_flags |= SA_SIGINFO;
#else
sa.sa_handler = handler;
#endif
- sigaction(SIGALRM, &sa, NULL);
- sigaction(SIGCHLD, &sa, NULL);
- sigaction(SIGPIPE, &sa, NULL);
- sigaction(SIGTERM, &sa, NULL);
- sigaction(SIGUSR1, &sa, NULL);
- sigaction(SIGUSR2, &sa, NULL);
+ sudo_sigaction(SIGTERM, &sa, NULL);
+ sudo_sigaction(SIGALRM, &sa, NULL); /* XXX - only if there is a timeout */
+ sudo_sigaction(SIGCHLD, &sa, NULL);
+ sudo_sigaction(SIGPIPE, &sa, NULL);
+ sudo_sigaction(SIGUSR1, &sa, NULL);
+ sudo_sigaction(SIGUSR2, &sa, NULL);
/*
* When not running the command in a pty, we do not want to
sa.sa_sigaction = handler_user_only;
}
#endif
- sigaction(SIGHUP, &sa, NULL);
- sigaction(SIGINT, &sa, NULL);
- sigaction(SIGQUIT, &sa, NULL);
+ sudo_sigaction(SIGHUP, &sa, NULL);
+ sudo_sigaction(SIGINT, &sa, NULL);
+ sudo_sigaction(SIGQUIT, &sa, NULL);
/* Max fd we will be selecting on. */
maxfd = MAX(sv[0], signal_pipe[0]);
if (ISSET(details->flags, CD_SET_TIMEOUT))
alarm(details->timeout);
-#ifdef HAVE_SETLOCALE
/*
* I/O logging must be in the C locale for floating point numbers
* to be logged consistently.
*/
setlocale(LC_ALL, "C");
-#endif
/*
* In the event loop we pass input from user tty to master
forward_signals(sv[0]);
}
if (FD_ISSET(signal_pipe[0], fdsr)) {
- n = handle_signals(sv, child, log_io, cstat);
+ n = dispatch_signals(sv, child, log_io, cstat);
if (n == 0) {
/* Child has exited, cstat is set, we are done. */
break;
tq_remove(&sigfwd_list, sigfwd);
efree(sigfwd);
}
-
+done:
debug_return_int(cstat->type == CMD_ERRNO ? -1 : 0);
}
/*
- * Read signals on fd written to by handler().
+ * Read signals on signal_pipe written by handler().
* Returns -1 on error, 0 on child exit, else 1.
*/
static int
-handle_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat)
+dispatch_signals(int sv[2], pid_t child, int log_io, struct command_status *cstat)
{
char signame[SIG2STR_MAX];
unsigned char signo;
ssize_t nread;
int status;
pid_t pid;
- debug_decl(handle_signals, SUDO_DEBUG_EXEC)
+ debug_decl(dispatch_signals, SUDO_DEBUG_EXEC)
for (;;) {
/* read signal pipe */
saved_pgrp = -1;
}
if (signo == SIGTSTP) {
- zero_bytes(&sa, sizeof(sa));
+ memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
sa.sa_handler = SIG_DFL;
- sigaction(SIGTSTP, &sa, &osa);
+ sudo_sigaction(SIGTSTP, &sa, &osa);
}
if (kill(getpid(), signo) != 0)
warning("kill(%d, SIG%s)", (int)getpid(), signame);
if (signo == SIGTSTP)
- sigaction(SIGTSTP, &osa, NULL);
+ sudo_sigaction(SIGTSTP, &osa, NULL);
if (fd != -1) {
/*
* Restore command's process group if different.
debug_return_int(1);
}
+/*
+ * Drain pending signals from signale_pipe written by sudo_handler().
+ * Handles the case where the signal was sent to us before
+ * we have executed the command.
+ * Returns 1 if we should terminate, else 0.
+ */
+static int
+dispatch_pending_signals(struct command_status *cstat)
+{
+ ssize_t nread;
+ struct sigaction sa;
+ unsigned char signo = 0;
+ int rval = 0;
+ debug_decl(dispatch_pending_signals, SUDO_DEBUG_EXEC)
+
+ for (;;) {
+ nread = read(signal_pipe[0], &signo, sizeof(signo));
+ if (nread <= 0) {
+ /* It should not be possible to get EOF but just in case. */
+ if (nread == 0)
+ errno = ECONNRESET;
+ /* Restart if interrupted by signal so the pipe doesn't fill. */
+ if (errno == EINTR)
+ continue;
+ /* If pipe is empty, we are done. */
+ if (errno == EAGAIN)
+ break;
+ sudo_debug_printf(SUDO_DEBUG_ERROR, "error reading signal pipe %s",
+ strerror(errno));
+ cstat->type = CMD_ERRNO;
+ cstat->val = errno;
+ rval = 1;
+ break;
+ }
+ /* Take the first terminal signal. */
+ if (signo == SIGINT || signo == SIGQUIT) {
+ cstat->type = CMD_WSTATUS;
+ cstat->val = signo + 128;
+ rval = 1;
+ break;
+ }
+ }
+ /* Only stop if we haven't already been terminated. */
+ if (signo == SIGTSTP)
+ {
+ memset(&sa, 0, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ sudo_sigaction(SIGTSTP, &sa, NULL);
+ if (kill(getpid(), SIGTSTP) != 0)
+ warning("kill(%d, SIGTSTP)", (int)getpid());
+ /* No need to reinstall SIGTSTP handler. */
+ }
+ debug_return_int(rval);
+}
+
/*
* Forward signals in sigfwd_list to child listening on fd.
*/
while (!tq_empty(&sigfwd_list)) {
sigfwd = tq_first(&sigfwd_list);
- if (sig2str(sigfwd->signo, signame) == -1)
+ if (sigfwd->signo == SIGCONT_FG)
+ strlcpy(signame, "CONT_FG", sizeof(signame));
+ else if (sigfwd->signo == SIGCONT_BG)
+ strlcpy(signame, "CONT_BG", sizeof(signame));
+ else if (sig2str(sigfwd->signo, signame) == -1)
snprintf(signame, sizeof(signame), "%d", sigfwd->signo);
sudo_debug_printf(SUDO_DEBUG_INFO,
"sending SIG%s to child over backchannel", signame);
char signame[SIG2STR_MAX];
debug_decl(schedule_signal, SUDO_DEBUG_EXEC)
- if (sig2str(signo, signame) == -1)
+ if (signo == SIGCONT_FG)
+ strlcpy(signame, "CONT_FG", sizeof(signame));
+ else if (signo == SIGCONT_BG)
+ strlcpy(signame, "CONT_BG", sizeof(signame));
+ else if (sig2str(signo, signame) == -1)
snprintf(signame, sizeof(signame), "%d", signo);
- sudo_debug_printf(SUDO_DEBUG_DIAG, "forwarding SIG%s to child", signame);
+ sudo_debug_printf(SUDO_DEBUG_DIAG, "scheduled SIG%s for child", signame);
sigfwd = ecalloc(1, sizeof(*sigfwd));
sigfwd->prev = sigfwd;
/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <priv.h>
#endif
#include <errno.h>
+#include <fcntl.h>
#include <signal.h>
#include "sudo.h"
preload = fmt_string(RTLD_PRELOAD_VAR, sudo_conf_noexec_path());
# endif
if (preload == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
nenvp[env_len++] = preload;
nenvp[env_len] = NULL;
} else {
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h>
#endif
int rfd; /* reader (producer) */
int wfd; /* writer (consumer) */
bool (*action)(const char *buf, unsigned int len);
- char buf[16 * 1024];
+ char buf[32 * 1024];
};
static char slavename[PATH_MAX];
static void flush_output(void);
static int exec_monitor(struct command_details *details, int backchannel);
-static void exec_pty(struct command_details *detail, int *errfd);
+static void exec_pty(struct command_details *details,
+ struct command_status *cstat, int *errfd);
static void sigwinch(int s);
static void sync_ttysize(int src, int dst);
static void deliver_signal(pid_t pid, int signo, bool from_parent);
static void check_foreground(void);
/*
- * Cleanup hook for error()/errorx()
+ * Cleanup hook for fatal()/fatalx()
*/
-void
-cleanup(int gotsignal)
+static void
+pty_cleanup(void)
{
debug_decl(cleanup, SUDO_DEBUG_EXEC);
if (io_fds[SFD_USERTTY] != -1) {
if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
slavename, sizeof(slavename), uid))
- error(1, _("unable to allocate pty"));
+ fatal(_("unable to allocate pty"));
/* Add entry to utmp/utmpx? */
if (utmp_user != NULL)
utmp_login(tty, slavename, io_fds[SFD_SLAVE], utmp_user);
{
char signame[SIG2STR_MAX];
sigaction_t sa, osa;
- int n, oldmode = ttymode, rval = 0;
+ int n, rval = 0;
debug_decl(suspend_parent, SUDO_DEBUG_EXEC);
switch (signo) {
case SIGTTOU:
case SIGTTIN:
/*
- * If we are the foreground process, just resume the command.
- * Otherwise, re-send the signal with the handler disabled.
+ * If sudo is already the foreground process, just resume the command
+ * in the foreground. If not, we'll suspend sudo and resume later.
*/
if (!foreground)
check_foreground();
rval = SIGCONT_FG; /* resume command in foreground */
break;
}
- ttymode = TERM_RAW;
/* FALLTHROUGH */
case SIGSTOP:
case SIGTSTP:
flush_output();
/* Restore original tty mode before suspending. */
- if (oldmode != TERM_COOKED) {
+ if (ttymode != TERM_COOKED) {
do {
n = term_restore(io_fds[SFD_USERTTY], 0);
} while (!n && errno == EINTR);
snprintf(signame, sizeof(signame), "%d", signo);
/* Suspend self and continue command when we resume. */
- zero_bytes(&sa, sizeof(sa));
- sigemptyset(&sa.sa_mask);
- sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
- sa.sa_handler = SIG_DFL;
- sigaction(signo, &sa, &osa);
+ if (signo != SIGSTOP) {
+ memset(&sa, 0, sizeof(sa));
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ sudo_sigaction(signo, &sa, &osa);
+ }
sudo_debug_printf(SUDO_DEBUG_INFO, "kill parent SIG%s", signame);
if (killpg(ppgrp, signo) != 0)
warning("killpg(%d, SIG%s)", (int)ppgrp, signame);
check_foreground();
/*
- * Only modify term if we are foreground process and either
- * the old tty mode was not cooked or command got SIGTT{IN,OU}
+ * We always resume the command in the foreground if sudo itself
+ * is the foreground process. This helps work around poorly behaved
+ * programs that catch SIGTTOU/SIGTTIN but suspend themselves with
+ * SIGSTOP. At worst, sudo will go into the background but upon
+ * resume the command will be runnable. Otherwise, we can get into
+ * a situation where the command will immediately suspend itself.
*/
sudo_debug_printf(SUDO_DEBUG_INFO, "parent is in %s, ttymode %d -> %d",
- foreground ? "foreground" : "background", oldmode, ttymode);
+ foreground ? "foreground" : "background", ttymode,
+ foreground ? TERM_RAW : TERM_COOKED);
- if (ttymode != TERM_COOKED) {
- if (foreground) {
- /* Set raw mode. */
- do {
- n = term_raw(io_fds[SFD_USERTTY], 0);
- } while (!n && errno == EINTR);
- } else {
- /* Background process, no access to tty. */
- ttymode = TERM_COOKED;
- }
+ if (foreground) {
+ /* Foreground process, set tty to raw mode. */
+ do {
+ n = term_raw(io_fds[SFD_USERTTY], 0);
+ } while (!n && errno == EINTR);
+ ttymode = TERM_RAW;
+ } else {
+ /* Background process, no access to tty. */
+ ttymode = TERM_COOKED;
}
- sigaction(signo, &osa, NULL);
+ if (signo != SIGSTOP)
+ sudo_sigaction(signo, &osa, NULL);
rval = ttymode == TERM_RAW ? SIGCONT_FG : SIGCONT_BG;
break;
}
sigset_t mask;
pid_t child;
debug_decl(fork_pty, SUDO_DEBUG_EXEC);
-
+
ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */
-
- zero_bytes(&sa, sizeof(sa));
+
+ memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
-
+
if (io_fds[SFD_USERTTY] != -1) {
sa.sa_flags = SA_RESTART;
sa.sa_handler = sigwinch;
- sigaction(SIGWINCH, &sa, NULL);
+ sudo_sigaction(SIGWINCH, &sa, NULL);
}
/* So we can block tty-generated signals */
sudo_debug_printf(SUDO_DEBUG_INFO, "stdin not a tty, creating a pipe");
pipeline = true;
if (pipe(io_pipe[STDIN_FILENO]) != 0)
- error(1, _("unable to create pipe"));
+ fatal(_("unable to create pipe"));
iobufs = io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1],
log_stdin, iobufs);
io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0];
sudo_debug_printf(SUDO_DEBUG_INFO, "stdout not a tty, creating a pipe");
pipeline = true;
if (pipe(io_pipe[STDOUT_FILENO]) != 0)
- error(1, _("unable to create pipe"));
+ fatal(_("unable to create pipe"));
iobufs = io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO,
log_stdout, iobufs);
io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1];
if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) {
sudo_debug_printf(SUDO_DEBUG_INFO, "stderr not a tty, creating a pipe");
if (pipe(io_pipe[STDERR_FILENO]) != 0)
- error(1, _("unable to create pipe"));
+ fatal(_("unable to create pipe"));
iobufs = io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO,
log_stderr, iobufs);
io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1];
}
+ /* We don't want to receive SIGTTIN/SIGTTOU, getting EIO is preferable. */
+ sa.sa_handler = SIG_IGN;
+ sudo_sigaction(SIGTTIN, &sa, NULL);
+ sudo_sigaction(SIGTTOU, &sa, NULL);
+
/* Job control signals to relay from parent to child. */
+ sigfillset(&sa.sa_mask);
sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
#ifdef SA_SIGINFO
sa.sa_flags |= SA_SIGINFO;
#else
sa.sa_handler = handler;
#endif
- sigaction(SIGTSTP, &sa, NULL);
-
- /* We don't want to receive SIGTTIN/SIGTTOU, getting EIO is preferable. */
- sa.sa_handler = SIG_IGN;
- sigaction(SIGTTIN, &sa, NULL);
- sigaction(SIGTTOU, &sa, NULL);
+ sudo_sigaction(SIGTSTP, &sa, NULL);
if (foreground) {
/* Copy terminal attrs from user tty -> pty slave. */
sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
}
- /* Start out in raw mode if we are not part of a pipeline. */
- if (!pipeline) {
+ /* Start out in raw mode unless part of a pipeline or backgrounded. */
+ if (!pipeline && !ISSET(details->flags, CD_EXEC_BG)) {
ttymode = TERM_RAW;
do {
n = term_raw(io_fds[SFD_USERTTY], 0);
} while (!n && errno == EINTR);
if (!n)
- error(1, _("unable to set terminal to raw mode"));
+ fatal(_("unable to set terminal to raw mode"));
}
}
* or certain pam modules won't be able to track their state.
*/
if (policy_init_session(details) != true)
- errorx(1, _("policy plugin failed session initialization"));
+ fatalx(_("policy plugin failed session initialization"));
/*
* Block some signals until cmnd_pid is set in the parent to avoid a
child = sudo_debug_fork();
switch (child) {
case -1:
- error(1, _("unable to fork"));
+ fatal(_("unable to fork"));
break;
case 0:
/* child */
close(signal_pipe[1]);
fcntl(sv[1], F_SETFD, FD_CLOEXEC);
sigprocmask(SIG_SETMASK, omask, NULL);
- if (exec_setup(details, slavename, io_fds[SFD_SLAVE]) == true) {
- /* Close the other end of the stdin/stdout/stderr pipes and exec. */
- if (io_pipe[STDIN_FILENO][1])
- close(io_pipe[STDIN_FILENO][1]);
- if (io_pipe[STDOUT_FILENO][0])
- close(io_pipe[STDOUT_FILENO][0]);
- if (io_pipe[STDERR_FILENO][0])
- close(io_pipe[STDERR_FILENO][0]);
- exec_monitor(details, sv[1]);
- }
+ /* Close the other end of the stdin/stdout/stderr pipes and exec. */
+ if (io_pipe[STDIN_FILENO][1])
+ close(io_pipe[STDIN_FILENO][1]);
+ if (io_pipe[STDOUT_FILENO][0])
+ close(io_pipe[STDOUT_FILENO][0]);
+ if (io_pipe[STDERR_FILENO][0])
+ close(io_pipe[STDERR_FILENO][0]);
+ exec_monitor(details, sv[1]);
cstat.type = CMD_ERRNO;
cstat.val = errno;
ignore_result(send(sv[1], &cstat, sizeof(cstat), 0));
close(io_pipe[STDIN_FILENO][0]);
if (io_pipe[STDOUT_FILENO][1])
close(io_pipe[STDOUT_FILENO][1]);
- if (io_pipe[STDERR_FILENO][1])
+ if (io_pipe[STDERR_FILENO][1])
close(io_pipe[STDERR_FILENO][1]);
for (iob = iobufs; iob; iob = iob->next) {
int status;
debug_decl(deliver_signal, SUDO_DEBUG_EXEC);
- if (sig2str(signo, signame) == -1)
+ if (signo == SIGCONT_FG)
+ strlcpy(signame, "CONT_FG", sizeof(signame));
+ else if (signo == SIGCONT_BG)
+ strlcpy(signame, "CONT_BG", sizeof(signame));
+ else if (sig2str(signo, signame) == -1)
snprintf(signame, sizeof(signame), "%d", signo);
/* Handle signal from parent. */
* the select() loop.
*/
if (pipe_nonblock(signal_pipe) != 0)
- error(1, _("unable to create pipe"));
+ fatal(_("unable to create pipe"));
/* Reset SIGWINCH and SIGALRM. */
- zero_bytes(&sa, sizeof(sa));
+ memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = SIG_DFL;
- sigaction(SIGWINCH, &sa, NULL);
- sigaction(SIGALRM, &sa, NULL);
+ sudo_sigaction(SIGWINCH, &sa, NULL);
+ sudo_sigaction(SIGALRM, &sa, NULL);
/* Ignore any SIGTTIN or SIGTTOU we get. */
sa.sa_handler = SIG_IGN;
- sigaction(SIGTTIN, &sa, NULL);
- sigaction(SIGTTOU, &sa, NULL);
+ sudo_sigaction(SIGTTIN, &sa, NULL);
+ sudo_sigaction(SIGTTOU, &sa, NULL);
+
+ /* Block all signals in mon_handler(). */
+ sigfillset(&sa.sa_mask);
/* Note: HP-UX select() will not be interrupted if SA_RESTART set */
sa.sa_flags = SA_INTERRUPT;
#else
sa.sa_handler = mon_handler;
#endif
- sigaction(SIGCHLD, &sa, NULL);
+ sudo_sigaction(SIGCHLD, &sa, NULL);
/* Catch common signals so we can cleanup properly. */
sa.sa_flags = SA_RESTART;
#else
sa.sa_handler = mon_handler;
#endif
- sigaction(SIGHUP, &sa, NULL);
- sigaction(SIGINT, &sa, NULL);
- sigaction(SIGQUIT, &sa, NULL);
- sigaction(SIGTERM, &sa, NULL);
- sigaction(SIGTSTP, &sa, NULL);
- sigaction(SIGUSR1, &sa, NULL);
- sigaction(SIGUSR2, &sa, NULL);
+ sudo_sigaction(SIGHUP, &sa, NULL);
+ sudo_sigaction(SIGINT, &sa, NULL);
+ sudo_sigaction(SIGQUIT, &sa, NULL);
+ sudo_sigaction(SIGTERM, &sa, NULL);
+ sudo_sigaction(SIGTSTP, &sa, NULL);
+ sudo_sigaction(SIGUSR1, &sa, NULL);
+ sudo_sigaction(SIGUSR2, &sa, NULL);
/*
* Start a new session with the parent as the session leader
if (io_fds[SFD_SLAVE] != -1) {
#ifdef TIOCSCTTY
if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0)
- error(1, _("unable to set controlling tty"));
+ fatal(_("unable to set controlling tty"));
#else
/* Set controlling tty by reopening slave. */
if ((n = open(slavename, O_RDWR)) >= 0)
/* Start command and wait for it to stop or exit */
if (pipe(errpipe) == -1)
- error(1, _("unable to create pipe"));
+ fatal(_("unable to create pipe"));
cmnd_pid = sudo_debug_fork();
if (cmnd_pid == -1) {
warning(_("unable to fork"));
restore_signals();
/* setup tty and exec command */
- exec_pty(details, &errpipe[1]);
- cstat.type = CMD_ERRNO;
- cstat.val = errno;
+ exec_pty(details, &cstat, &errpipe[1]);
ignore_result(write(errpipe[1], &cstat, sizeof(cstat)));
_exit(1);
}
if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDERR]);
- /*
- * Put command in its own process group. If we are starting the command
- * in the foreground, assign its pgrp to the tty.
- */
+ /* Put command in its own process group. */
cmnd_pgrp = cmnd_pid;
setpgid(cmnd_pid, cmnd_pgrp);
- if (foreground) {
+
+ /* Make the command the foreground process for the pty slave. */
+ if (foreground && !ISSET(details->flags, CD_EXEC_BG)) {
do {
n = tcsetpgrp(io_fds[SFD_SLAVE], cmnd_pgrp);
} while (n == -1 && errno == EINTR);
* Returns only if execve() fails.
*/
static void
-exec_pty(struct command_details *details, int *errfd)
+exec_pty(struct command_details *details,
+ struct command_status *cstat, int *errfd)
{
pid_t self = getpid();
debug_decl(exec_pty, SUDO_DEBUG_EXEC);
+ /* Register cleanup function */
+ fatal_callback_register(pty_cleanup);
+
/* Set command process group here too to avoid a race. */
setpgid(0, self);
if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 ||
dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 ||
dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
/* Wait for parent to grant us the tty if we are foreground. */
- if (foreground) {
+ if (foreground && !ISSET(details->flags, CD_EXEC_BG)) {
while (tcgetpgrp(io_fds[SFD_SLAVE]) != self)
; /* spin */
}
if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDERR]);
- sudo_debug_execve(SUDO_DEBUG_INFO, details->command,
- details->argv, details->envp);
-
- if (details->closefrom >= 0) {
- int maxfd = details->closefrom;
- dup2(*errfd, maxfd);
- (void)fcntl(maxfd, F_SETFD, FD_CLOEXEC);
- *errfd = maxfd++;
- if (sudo_debug_fd_set(maxfd) != -1)
- maxfd++;
- closefrom(maxfd);
- }
-#ifdef HAVE_SELINUX
- if (ISSET(details->flags, CD_RBAC_ENABLED)) {
- selinux_execve(details->command, details->argv, details->envp,
- ISSET(details->flags, CD_NOEXEC));
- } else
-#endif
- {
- sudo_execve(details->command, details->argv, details->envp,
- ISSET(details->flags, CD_NOEXEC));
- }
- sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to exec %s: %s",
- details->command, strerror(errno));
+ /* Execute command; only returns on error. */
+ exec_cmnd(details, cstat, errfd);
+
debug_return;
}
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#ifdef HAVE_SYS_STROPTS_H
case SUDO_HOOK_RET_STOP:
goto done;
default:
- warningx2("invalid setenv hook return value: %d", rc);
+ warningx_nodebug("invalid setenv hook return value: %d", rc);
break;
}
}
case SUDO_HOOK_RET_STOP:
goto done;
default:
- warningx2("invalid putenv hook return value: %d", rc);
+ warningx_nodebug("invalid putenv hook return value: %d", rc);
break;
}
}
case SUDO_HOOK_RET_STOP:
goto done;
default:
- warningx2("invalid getenv hook return value: %d", rc);
+ warningx_nodebug("invalid getenv hook return value: %d", rc);
break;
}
}
case SUDO_HOOK_RET_STOP:
goto done;
default:
- warningx2("invalid unsetenv hook return value: %d", rc);
+ warningx_nodebug("invalid unsetenv hook return value: %d", rc);
break;
}
}
/*
- * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# define RTLD_GLOBAL 0
#endif
-/*
- * Load the plugin specified by "info".
- */
-static bool
-sudo_load_plugin(struct plugin_container *policy_plugin,
- struct plugin_container_list *io_plugins, struct plugin_info *info)
+#ifndef SUDOERS_PLUGIN
+# define SUDOERS_PLUGIN "sudoers.la"
+#endif
+
+#ifdef _PATH_SUDO_PLUGIN_DIR
+static int
+sudo_stat_plugin(struct plugin_info *info, char *fullpath,
+ size_t pathsize, struct stat *sb)
{
- struct plugin_container *container;
- struct generic_plugin *plugin;
- struct stat sb;
- void *handle;
- char path[PATH_MAX];
- bool rval = false;
- debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN)
+ int status = -1;
+ debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN)
if (info->path[0] == '/') {
- if (strlcpy(path, info->path, sizeof(path)) >= sizeof(path)) {
+ if (strlcpy(fullpath, info->path, pathsize) >= pathsize) {
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
warningx(_("%s: %s"), info->path, strerror(ENAMETOOLONG));
goto done;
}
+ status = stat(fullpath, sb);
} else {
- if (snprintf(path, sizeof(path), "%s%s", _PATH_SUDO_PLUGIN_DIR,
- info->path) >= sizeof(path)) {
+ if (snprintf(fullpath, pathsize, "%s%s", _PATH_SUDO_PLUGIN_DIR,
+ info->path) >= pathsize) {
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
warningx(_("%s%s: %s"), _PATH_SUDO_PLUGIN_DIR, info->path,
strerror(ENAMETOOLONG));
goto done;
}
+ /* Try parent dir for compatibility with old plugindir default. */
+ if ((status = stat(fullpath, sb)) != 0) {
+ char *cp = strrchr(fullpath, '/');
+ if (cp > fullpath + 4 && cp[-5] == '/' && cp[-4] == 's' &&
+ cp[-3] == 'u' && cp[-2] == 'd' && cp[-1] == 'o') {
+ int serrno = errno;
+ strlcpy(cp - 4, info->path, pathsize - (cp - 4 - fullpath));
+ if ((status = stat(fullpath, sb)) != 0)
+ errno = serrno;
+ }
+ }
+# ifdef __hpux
+ /* Try .sl instead of .so on HP-UX for backwards compatibility. */
+ if (status != 0) {
+ size_t len = strlen(info->path);
+ if (len >= 3 && info->path[len - 3] == '.' &&
+ info->path[len - 2] == 's' && info->path[len - 1] == 'o') {
+ const char *sopath = info->path;
+ char *slpath = estrdup(info->path);
+ int serrno = errno;
+
+ slpath[len - 1] = 'l';
+ info->path = slpath;
+ status = sudo_stat_plugin(info, fullpath, pathsize, sb);
+ if (status == 0) {
+ efree((void *)sopath);
+ } else {
+ efree(slpath);
+ info->path = sopath;
+ errno = serrno;
+ }
+ }
+ }
+# endif /* __hpux */
}
- if (stat(path, &sb) != 0) {
- warning("%s", path);
+done:
+ debug_return_int(status);
+}
+
+static bool
+sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize)
+{
+ struct stat sb;
+ int rval = false;
+ debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN)
+
+ if (sudo_stat_plugin(info, fullpath, pathsize, &sb) != 0) {
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
+ warning("%s%s", _PATH_SUDO_PLUGIN_DIR, info->path);
goto done;
}
if (sb.st_uid != ROOT_UID) {
- warningx(_("%s must be owned by uid %d"), path, ROOT_UID);
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
+ warningx(_("%s must be owned by uid %d"), fullpath, ROOT_UID);
goto done;
}
if ((sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
- warningx(_("%s must be only be writable by owner"), path);
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
+ warningx(_("%s must be only be writable by owner"), fullpath);
goto done;
}
+ rval = true;
+
+done:
+ debug_return_bool(rval);
+}
+#else
+static bool
+sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize)
+{
+ debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN)
+ (void)strlcpy(fullpath, info->path, pathsize);
+ debug_return_bool(true);
+}
+#endif /* _PATH_SUDO_PLUGIN_DIR */
+
+/*
+ * Load the plugin specified by "info".
+ */
+static bool
+sudo_load_plugin(struct plugin_container *policy_plugin,
+ struct plugin_container_list *io_plugins, struct plugin_info *info)
+{
+ struct plugin_container *container;
+ struct generic_plugin *plugin;
+ char path[PATH_MAX];
+ bool rval = false;
+ void *handle;
+ debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN)
+
+ /* Sanity check plugin and fill in path */
+ if (!sudo_check_plugin(info, path, sizeof(path)))
+ goto done;
/* Open plugin and map in symbol */
handle = dlopen(path, RTLD_LAZY|RTLD_GLOBAL);
if (!handle) {
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
warningx(_("unable to dlopen %s: %s"), path, dlerror());
goto done;
}
plugin = dlsym(handle, info->symbol_name);
if (!plugin) {
- warningx(_("%s: unable to find symbol %s"), path,
- info->symbol_name);
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
+ warningx(_("unable to find symbol `%s' in %s"), info->symbol_name, path);
goto done;
}
if (plugin->type != SUDO_POLICY_PLUGIN && plugin->type != SUDO_IO_PLUGIN) {
- warningx(_("%s: unknown policy type %d"), path, plugin->type);
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
+ warningx(_("unknown policy type %d found in %s"), plugin->type, path);
goto done;
}
if (SUDO_API_VERSION_GET_MAJOR(plugin->version) != SUDO_API_VERSION_MAJOR) {
- warningx(_("%s: incompatible policy major version %d, expected %d"),
- path, SUDO_API_VERSION_GET_MAJOR(plugin->version),
- SUDO_API_VERSION_MAJOR);
+ warningx(_("error in %s, line %d while loading plugin `%s'"),
+ _PATH_SUDO_CONF, info->lineno, info->symbol_name);
+ warningx(_("incompatible plugin major version %d (expected %d) found in %s"),
+ SUDO_API_VERSION_GET_MAJOR(plugin->version),
+ SUDO_API_VERSION_MAJOR, path);
goto done;
}
if (plugin->type == SUDO_POLICY_PLUGIN) {
if (policy_plugin->handle) {
- warningx(_("%s: only a single policy plugin may be loaded"),
- _PATH_SUDO_CONF);
- goto done;
+ /* Ignore duplicate entries. */
+ if (strcmp(policy_plugin->name, info->symbol_name) != 0) {
+ warningx(_("ignoring policy plugin `%s' in %s, line %d"),
+ info->symbol_name, _PATH_SUDO_CONF, info->lineno);
+ warningx(_("only a single policy plugin may be specified"));
+ goto done;
+ }
+ warningx(_("ignoring duplicate policy plugin `%s' in %s, line %d"),
+ info->symbol_name, _PATH_SUDO_CONF, info->lineno);
+ dlclose(handle);
+ handle = NULL;
+ }
+ if (handle != NULL) {
+ policy_plugin->handle = handle;
+ policy_plugin->name = info->symbol_name;
+ policy_plugin->options = info->options;
+ policy_plugin->u.generic = plugin;
}
- policy_plugin->handle = handle;
- policy_plugin->name = info->symbol_name;
- policy_plugin->options = info->options;
- policy_plugin->u.generic = plugin;
} else if (plugin->type == SUDO_IO_PLUGIN) {
- container = ecalloc(1, sizeof(*container));
- container->prev = container;
- /* container->next = NULL; */
- container->handle = handle;
- container->name = info->symbol_name;
- container->options = info->options;
- container->u.generic = plugin;
- tq_append(io_plugins, container);
+ /* Check for duplicate entries. */
+ tq_foreach_fwd(io_plugins, container) {
+ if (strcmp(container->name, info->symbol_name) == 0) {
+ warningx(_("ignoring duplicate I/O plugin `%s' in %s, line %d"),
+ info->symbol_name, _PATH_SUDO_CONF, info->lineno);
+ dlclose(handle);
+ handle = NULL;
+ break;
+ }
+ }
+ if (handle != NULL) {
+ container = ecalloc(1, sizeof(*container));
+ container->prev = container;
+ /* container->next = NULL; */
+ container->handle = handle;
+ container->name = info->symbol_name;
+ container->options = info->options;
+ container->u.generic = plugin;
+ tq_append(io_plugins, container);
+ }
}
rval = true;
--- /dev/null
+/*
+ * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "missing.h"
+#include "error.h"
+
+/* No need to swap locales in the front end. */
+void
+warning_set_locale(void)
+{
+ return;
+}
+
+void
+warning_restore_locale(void)
+{
+ return;
+}
/*
- * Copyright (c) 1996, 1998-2005, 2007-2010
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <sys/types.h>
#include <sys/socket.h>
-#include <sys/param.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF)
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0)
- error(1, _("unable to open socket"));
+ fatal(_("unable to open socket"));
/*
* Get interface configuration or return.
--- /dev/null
+/*
+ * Copyright (c) 2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+
+#include "sudo.h"
+
+int
+os_init(int argc, char *argv[], char *envp[])
+{
+#ifdef SUDO_DEVEL
+ extern char *malloc_options;
+ malloc_options = "AFGJPR";
+#endif
+ return os_init_common(argc, argv, envp);
+}
/*
- * Copyright (c) 1993-1996, 1998-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1993-1996, 1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
#include <grp.h>
#include <pwd.h>
-#include <sudo_usage.h>
+#include "sudo_usage.h"
#include "sudo.h"
#include "lbuf.h"
{ "closefrom" },
#define ARG_NET_ADDRS 19
{ "network_addrs" },
-#define NUM_SETTINGS 20
+#define ARG_MAX_GROUPS 20
+ { "max_groups" },
+#define ARG_PLUGIN_DIR 21
+ { "plugin_dir" },
+#define NUM_SETTINGS 22
{ NULL }
};
if (debug_flags != NULL)
sudo_settings[ARG_DEBUG_FLAGS].value = debug_flags;
+ /* Set max_groups from sudo.conf. */
+ i = sudo_conf_max_groups();
+ if (i != -1) {
+ easprintf(&cp, "%d", i);
+ sudo_settings[ARG_MAX_GROUPS].value = cp;
+ }
+
/* Returns true if the last option string was "--" */
#define got_end_of_args (optind > 1 && argv[optind - 1][0] == '-' && \
argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0')
break;
case 'U':
if ((getpwnam(optarg)) == NULL)
- errorx(1, _("unknown user: %s"), optarg);
+ fatalx(_("unknown user: %s"), optarg);
list_user = optarg;
break;
case 'u':
/*
* Format setting_pairs into settings array.
*/
+#ifdef _PATH_SUDO_PLUGIN_DIR
+ sudo_settings[ARG_PLUGIN_DIR].value = _PATH_SUDO_PLUGIN_DIR;
+#endif
settings = emalloc2(NUM_SETTINGS + 1, sizeof(char *));
for (i = 0, j = 0; i < NUM_SETTINGS; i++) {
if (sudo_settings[i].value) {
settings[j] = fmt_string(sudo_settings[i].name,
sudo_settings[i].value);
if (settings[j] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
j++;
}
}
argv--;
argv[0] = "sudoedit";
#else
- errorx(1, _("sudoedit is not supported on this platform"));
+ fatalx(_("sudoedit is not supported on this platform"));
#endif
}
# Danish translation of sudo.
# This file is put in the public domain.
-# Joe Hansen <joedalton2@yahoo.dk>, 2011, 2012.
+# Joe Hansen <joedalton2@yahoo.dk>, 2011, 2012, 2013.
#
# audit -> overvågning
# overflow -> overløb
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b3\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-04-24 13:41-0400\n"
-"PO-Revision-Date: 2012-08-06 23:06+0100\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-13 23:06+0100\n"
"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
"Language: da\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: common/aix.c:149
+#: common/aix.c:150
#, c-format
msgid "unable to open userdb"
msgstr "kan ikke åbne userdb"
-#: common/aix.c:152
+#: common/aix.c:153
#, c-format
msgid "unable to switch to registry \"%s\" for %s"
msgstr "kan ikke skifte til register »%s« for %s"
-#: common/aix.c:169
+#: common/aix.c:170
#, c-format
msgid "unable to restore registry"
msgstr "kan ikke gendanne register"
msgid "internal error, tried to emalloc(0)"
msgstr "intern fejl, forsøgte at emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:737
-#, c-format
-msgid "unable to allocate memory"
-msgstr "kunne ikke allokere hukommelse"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "intern fejl, forsøgte at emalloc2(0)"
-#: common/alloc.c:101
-msgid "internal error, emalloc2() overflow"
-msgstr "intern fejl, emalloc2()-overløb"
+#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "intern fejl, %s-overløb"
#: common/alloc.c:120
msgid "internal error, tried to ecalloc(0)"
msgstr "intern fejl, forsøgte at ecalloc(0)"
-#: common/alloc.c:123
-msgid "internal error, ecalloc() overflow"
-msgstr "intern fejl, ecalloc()-overløb"
-
#: common/alloc.c:142
msgid "internal error, tried to erealloc(0)"
msgstr "intern fejl, forsøgte at erealloc(0)"
-#: common/alloc.c:161 common/alloc.c:185
+#: common/alloc.c:161
msgid "internal error, tried to erealloc3(0)"
msgstr "intern fejl, forsøgte at erealloc3(0)"
-#: common/alloc.c:163 common/alloc.c:187
-msgid "internal error, erealloc3() overflow"
-msgstr "intern fejl, erealloc3()-overløb"
+#: common/alloc.c:185
+msgid "internal error, tried to erecalloc(0)"
+msgstr "intern fejl, forsøgte at erecalloc(0)"
+
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
-#: common/sudo_conf.c:306
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "ikke understøttet gruppekilde »%s« i %s, linje %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "ugyldige maks grupper »%s« i %s, linje %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "kan ikke køre stat %s"
-#: common/sudo_conf.c:309
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s er ikke en regulær fil"
-#: common/sudo_conf.c:312
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s er ejet af uid %u, burde være %u"
-#: common/sudo_conf.c:316
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s er skrivbar for alle"
-#: common/sudo_conf.c:319
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s er skrivbar for gruppe"
-#: common/sudo_conf.c:328 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "kan ikke åbne %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "ukendt signal"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:107 src/exec_pty.c:628
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "udvidelsesmodul for politik mislykkedes i sessionsinitialisering"
-#: src/exec.c:112 src/exec_pty.c:633 src/exec_pty.c:967 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "kunne ikke forgrene"
msgid "unable to create sockets"
msgstr "kunne ikke oprette sokler"
-#: src/exec.c:266 src/exec_pty.c:572 src/exec_pty.c:581 src/exec_pty.c:589
-#: src/exec_pty.c:902 src/exec_pty.c:964 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "kunne ikke oprette datakanal (pipe)"
-
-#: src/exec.c:351 src/exec_pty.c:1029 src/exec_pty.c:1167
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "select fejlede"
-#: src/exec.c:441
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "kunne ikke gendanne tty-etiket"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "kan ikke fjerne PRIV_PROC_EXEC fra PRIV_LIMIT"
-#: src/exec_pty.c:144
+#: src/exec_pty.c:183
#, c-format
msgid "unable to allocate pty"
msgstr "kunne ikke allokere pty"
-#: src/exec_pty.c:619
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "kunne ikke oprette datakanal (pipe)"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "kunne ikke angive terminal til tilstanden rå (raw)"
-#: src/exec_pty.c:945
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "kunne ikke angive kontrollerende tty"
-#: src/exec_pty.c:1038
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "fejl under læsning fra signaldatakanal"
-#: src/exec_pty.c:1059
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "fejl ved læsning fra datakanal"
-#: src/exec_pty.c:1075
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "fejl ved læsning fra socketpair"
-#: src/exec_pty.c:1079
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "uventet svartype på bagkanal (backchannel): %d"
-#: src/load_plugins.c:79
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "fejl i %s, linje %d under indlæsning af udvidelsesmodulet »%s«"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:85
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:95
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s skal være ejet af uid %d"
# engelsk fejl be dobbelt?
-#: src/load_plugins.c:99
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s må kun være skrivbar for ejeren"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "kunne ikke dlopen %s: %s"
-#: src/load_plugins.c:111
+#: src/load_plugins.c:194
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: kunne ikke finde symbol %s"
+msgid "unable to find symbol `%s' in %s"
+msgstr "kunne ikke finde symbol »%s« i %s"
-#: src/load_plugins.c:117
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: ukendt politiktype %d"
+msgid "unknown policy type %d found in %s"
+msgstr "ukendt politiktype %d fundet i %s"
-#: src/load_plugins.c:121
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: inkompatibel politik hovedversion %d, forventede %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "inkompatibelt udvidelsesmodul for hovedversion %d (forventede %d) fundet i %s"
-#: src/load_plugins.c:128
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: kun et udvidelsesmodul for én politik må være indlæst"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "ignorerer politikudvidelsesmodul »%s« i %s, linje %d"
-#: src/load_plugins.c:148
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: at least one policy plugin must be specified"
-msgstr "%s: mindst et udvidelsesmodul for politik skal være angivet"
+msgid "only a single policy plugin may be specified"
+msgstr "kun et udvidelsesmodul for politik må være angivet"
-#: src/load_plugins.c:153
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "ignorerer duplikat politikudvidelsesmodul »%s« i %s, linje %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "ignorerer duplikat I/O-udvidelsesmodul »%s« i %s, linje %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "politikudvidelsesmodulet %s inkluderer ikke en metode for check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: overløb detekteret"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "kunne ikke åbne sokkel"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "argumentet for -C skal være et tal større end eller lig 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "ukendt bruger: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "du kan ikke samtidig angive tilvalgene »-i« og »-s«"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "du kan ikke samtidig angive tilvalgende »-i« og »-E«"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "tilvalget »-E« er ikke gyldigt i redigeringstilstand"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "du må ikke angive miljøvariabler i redigeringstilstand"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "tilvalget »-U« må kun bruges med tilvalget »-l«"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "tilvalgene »-A« og »-S« må ikke bruges sammen"
-#: src/parse_args.c:445
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit er ikke understøttet på denne platform"
-#: src/parse_args.c:518
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Kun et af tilvalgene -e, -h, -i, -K, -l, -s, -v eller -V må angives"
-#: src/parse_args.c:532
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - rediger filer som en anden bruger\n"
"\n"
-#: src/parse_args.c:534
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - udfør en kommando som en anden bruger\n"
"\n"
-#: src/parse_args.c:539
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Tilvalg:\n"
-#: src/parse_args.c:542
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "brug hjælpeprogram for indhentelse af adgangskode\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "brug angivet BSD-godkendelsestype\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "kør kommando i baggrunden\n"
-#: src/parse_args.c:549
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "luk alle filbeskrivelser >= fd\n"
-#: src/parse_args.c:552
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "kør kommando med angivet logindklasse\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "bevar brugermiljø når kommando udføres\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "rediger filer i stedet for at køre en kommando\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "udfør kommando som den angivne gruppe\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "angiv HOME-variabel til målbrugers hjemmemappe.\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "vis hjælpetekst og afslut\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "kør en logindskal som målbruger\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "fjern tidsstempelfil fuldstændig\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "ugyldiggør tidsstempelfil\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "vis brugers tilgængelige kommandoer\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "ikkeinteraktiv tilstand, vil ikke spørge bruger\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "bevar gruppevektor i stedet for at sætte til målets\n"
-#: src/parse_args.c:577
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "brug angivet logind for adgangskode\n"
-#: src/parse_args.c:580 src/parse_args.c:588
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "opret SELinux-sikkerhedskontekt med angivet rolle\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "læs adgangskode fra standardinddata\n"
-#: src/parse_args.c:585
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "kør en skal som målbruger\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "når der listes, så list angivne brugers privilegier\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "kør kommando (eller rediger fil) som angivet bruger\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "vis versionsinformation og afslut\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "opdater brugers tidsstempel uden at køre en kommando\n"
-#: src/parse_args.c:599
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "stop behandling af parametre for kommandolinjen\n"
msgid "unable to setup tty context for %s"
msgstr "kunne ikke opsætte tty-kontekst for %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "kunne ikke angive kørselskontekt til %s"
# engelsk: mangler vist lidt info her tast eller nøgle. mon ikke det er nøgle
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "kunne ikke angive nøgleoprettelseskontekst til %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "kræver mindst et argument"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "kan ikke køre %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "grænse for ressourcekontrol er nået"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "bruger »%s« er ikke medlem af projektet »%s«"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "start af opgave er færdig"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "kunne ikke slutte til projekt »%s«"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "ingen ressourcekø som accepterer standardbindinger findes for projekt »%s«"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "angivet ressourcekø findes ikke for projekt »%s«"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "kunne ikke binde til standardressourcekø for projekt »%s«"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject fejlede for projekt »%s«"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "advarsel, ressourcekontroltildeling fejlede for projekt »%s«"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo version %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Konfigurationsindstillinger: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "fatal fejl, kan ikke indlæse udvidelsesmoduler"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "kan ikke initialisere udvidelsesmodul for politik"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "fejl under initialisering af I/O-udvidelsesmodulet %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "uventet sudo-tilstand 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "kan ikke indhente gruppevektor"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "ukendt uid %u: hvem er du?"
-#: src/sudo.c:760
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s skal være ejet af uid %d og have setuid bit angivet"
-#: src/sudo.c:763
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "effektiv uid er ikke %d, er %s på et filsystem med indstillingen »nosuid« angivet eller et NFS-filsytsem uden administratorprivilegier (root)?"
-#: src/sudo.c:769
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "effektiv uid er ikke %d, er sudo installeret setuid root?"
-#: src/sudo.c:838
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "grænse for ressourcekontrol er nået"
-
-#: src/sudo.c:841
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "bruger »%s« er ikke medlem af projektet »%s«"
-
-#: src/sudo.c:845
-#, c-format
-msgid "the invoking task is final"
-msgstr "start af opgave er færdig"
-
-#: src/sudo.c:848
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "kunne ikke slutte til projekt »%s«"
-
-#: src/sudo.c:853
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "ingen ressourcekø som accepterer standardbindinger findes for projekt »%s«"
-
-#: src/sudo.c:857
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "angivet ressourcekø findes ikke for projekt »%s«"
-
-#: src/sudo.c:861
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "kunne ikke binde til standardressourcekø for projekt »%s«"
-
-#: src/sudo.c:867
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject fejlede for projekt »%s«"
-
-#: src/sudo.c:869
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "advarsel, ressourcekontroltildeling fejlede for projekt »%s«"
-
-#: src/sudo.c:917
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "ukendt logindklasse %s"
-#: src/sudo.c:931 src/sudo.c:934
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "kan ikke angive brugerkontekst"
-#: src/sudo.c:946
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "kunne ikke angive supplerende gruppe-id'er"
-#: src/sudo.c:953
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "kan ikke angive effektiv gid til runas gid %u"
-#: src/sudo.c:959
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "kunne ikke angive gid til runas gid %u"
-#: src/sudo.c:966
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "kunne ikke angive procesprioritet"
-#: src/sudo.c:974
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "kunne ikke ændre administrator (root) til %s"
-#: src/sudo.c:981 src/sudo.c:987 src/sudo.c:993
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "kunne ikke ændre til runas uid (%u, %u)"
-#: src/sudo.c:1007
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "kunne ikke ændre mappe til %s"
-#: src/sudo.c:1079
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "uventet underbetingelse for terminering: %d"
-#: src/sudo.c:1140
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "politikudvidelsesmodulet %s mangler i metoden »check_policy«"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "politikudvidelsesmodul %s understøter ikke listning af privilegier"
-#: src/sudo.c:1152
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "politikudvidelsesmodul %s understøtter ikke tilvalget -v"
-#: src/sudo.c:1164
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "politikudvidelsesmodul %s understøtter ikke tilvalget -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "kunne ikke ændre uid til root (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "fejl i udvidelsesmodul: mangler filliste for sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: ikke en regulær fil"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: kort skrivning"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s tilbage uændrede"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s uændrede"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "kan ikke skrive til %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "indhold fra redigeringssession tilbage i %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "kan ikke læse midlertidig fil"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "ingen tty til stede og intet askpass-program angivet"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "intet askpass-program angivet, forsøg at angive SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "kan ikke angive gid til %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "kan ikke angive uid til %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "kan ikke køre %s"
#, c-format
msgid "unable to restore stdin"
msgstr "kan ikke gendanne stdin"
-
-#~ msgid "must be setuid root"
-#~ msgstr "skal være setuid root"
-
-#~ msgid "the argument to -D must be between 1 and 9 inclusive"
-#~ msgstr "argumentet for -D skal være mellem 1 og 9; begge tal inkluderet"
# German translation for sudo.
# This file is distributed under the same license as the sudo package.
-# Jakob Kramer <jakob.kramer@gmx.de>, 2012.
+# Jakob Kramer <jakob.kramer@gmx.de>, 2012, 2013.
# Mario Blättermann <mario.blaettermann@gmail.com>, 2012.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-15 18:42+0200\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-07 13:58+0200\n"
"Last-Translator: Jakob Kramer <jakob.kramer@gmx.de>\n"
"Language-Team: German <translation-team-de@lists.sourceforge.net>\n"
"Language: de\n"
msgid "internal error, tried to emalloc(0)"
msgstr "Interner Fehler: Es wurde versucht, emalloc(0) auszuführen"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "Speicher konnte nicht zugewiesen werden"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "Interner Fehler: Es wurde versucht, emalloc2(0) auszuführen"
msgid "internal error, tried to erecalloc(0)"
msgstr "Interner Fehler: Es wurde versucht, erecalloc(0) auszuführen"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "Nicht unterstützte Gruppenquelle »%s« in %s, Zeile %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "Ungültige Maximalzahl an Gruppen »%s« in %s, Zeile %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "stat konnte nicht auf %s angewandt werden"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s ist keine reguläre Datei"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s gehört Benutzer mit UID %u, sollte allerdings %u gehören"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s kann von allen verändert werden"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s kann von der Gruppe verändert werden"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "%s konnte nicht geöffnet werden"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Unbekanntes Signal"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "Regelwerks-Plugin konnte Sitzung nicht initialisieren"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "Es konnte nicht geforkt werden"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "Sockets konnten nicht hergestellt werden"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "Weiterleitung konnte nicht erstellt werden"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "»select« schlug fehl"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "TTY-Kennzeichnung konnte nicht wiederhergestellt werden"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "PRIV_PROC_EXEC konnte nicht von PRIV_LIMIT entfernt werden"
msgid "unable to allocate pty"
msgstr "PTY konnte nicht vergeben werden"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "Weiterleitung konnte nicht erstellt werden"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "Terminal konnte nicht in den Rohmodus gesetzt werden"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "Kontrollierendes TTY konnte nicht gesetzt werden"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "Fehler beim Lesen der Signal-Pipe"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "Fehler beim Lesen der Pipe"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "Fehler beim Lesen des Socket-Paars"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "Unerwarteter Antworttyp auf Rückmeldungskanal: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "Fehler in %s, Zeile %d, während Plugin »%s« geladen wurde"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s muss Benutzer mit UID %d gehören"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s darf nur vom Besitzer beschreibbar sein"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "dlopen konnte nicht auf %s ausgeführt werden: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "Symbol »%s« konnte in %s nicht gefunden werden"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: Symbol %s konnte nicht gefunden werden"
+msgid "unknown policy type %d found in %s"
+msgstr "Unbekannter Regelwerktyp %d wurde in %s gefunden"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: Unbekannter Regelwerktyp %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "Inkompatible Hauptversion %d des Regelwerks (%d erwartet) wurde in %s gefunden"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: Inkompatible Hauptversion %d des Regelwerks, %d erwartet"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "Regelwerks-Plugin »%s« in %s, Zeile %d, wird ignoriert"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: Nur ein einziges Regelwerks-Plugin kann geladen werden"
+msgid "only a single policy plugin may be specified"
+msgstr "Nur ein einziges Regelwerks-Plugin kann geladen werden"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "Doppelt vorhandenes Regelswerks-Plugin »%s« in %s, Zeile %d, wird ignoriert"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "Doppelt vorhandenes E/A-Plugin »%s« in %s, Zeile %d, wird ignoriert"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "Das Regelwerks-Plugin %s enthält keine check_policy-Methode"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: Überlauf entdeckt"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "Socket konnte nicht geöffnet werden"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "Das Argument für -C muss eine Zahl größergleich 3 sein"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "Unbekannter Benutzer: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "Die Optionen »-i« und »-s« können nicht gemeinsam benutzt werden"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "Die Optionen »-i« und »-E« können nicht gemeinsam benutzt werden"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "Die Option »-E« ist im Bearbeiten-Modus ungültig"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "Im Bearbeiten-Modus können keine Umgebungsvariablen gesetzt werden"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "Die »-U«-Option kann nur zusammen mit »-l« benutzt werden"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "Die Optionen »-A« und »-S« können nicht gemeinsam benutzt werden"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit ist auf dieser Plattform nicht verfügbar"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Nur eine der Optionen -e, -h, -i, -K, -l, -s, -v oder -V darf angegeben werden"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - Dateien als anderer Benutzer verändern\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - Einen Befehl als anderer Benutzer ausführen\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Optionen:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "Hilfsprogramm zum Eingeben des Passworts verwenden\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "Angegebenen BSD-Legitimierungstypen verwenden\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "Befehl im Hintergrund ausführen\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "Alle Dateideskriptoren >= fd schließen\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "Befehl unter angegebener Login-Klasse ausführen\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "Benutzerumgebung beim Starten des Befehls beibehalten\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "Dateien bearbeiten statt einen Befehl ausführen\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "Befehl unter angegebener Gruppe ausführen\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "HOME-Variable als Home-Ordner des Zielnutzers setzen.\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "Hilfe ausgeben und beenden\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "Eine Anmeldeshell als Zielnutzer starten\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "Zeitstempeldateien komplett entfernen\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "Zeitstempeldatei ungültig machen\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "Für den Benutzer verfügbare Befehle auflisten\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "Nicht-interaktiver Modus, der Benutzer wird zu nichts aufgefordert werden\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "Gruppen-Vektor beibehalten, statt zu dem des Zielnutzers zu setzen\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "Angegebenen Passwort-Prompt benutzen\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "SELinux-Sicherheitskontext mit angegebener Funktion erstellen\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "Passwort von der Standardeingabe lesen\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "Eine Shell als Zielnutzer ausführen\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "Wenn aufgelistet wird, Berechtigungen des angegebenen Benutzers auflisten\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "Befehl oder Datei als angegebener Benutzer ausführen bzw. ändern\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "Versionsinformation anzeigen und beenden\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "Den Zeitstempel des Benutzers erneuern, ohne einen Befehl auszuführen\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "Aufhören, die Befehlszeilenargumente zu verarbeiten\n"
msgid "unable to setup tty context for %s"
msgstr "TTY-Kontext konnte für %s nicht aufgesetzt werden"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "Ausführungskontext konnte nicht auf »%s« gesetzt werden"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "Kontext der Schüsselerstellung konnte nicht auf %s festgelegt werden."
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "Benötigt mindestens ein Argument"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "%s konnte nicht ausgeführt werden"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "Limit der Ressourcenkontrolle wurde erreicht"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "Benutzer »%s« ist kein Mitglied des Projekts »%s«"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "Der aufrufende Prozess ist fertig"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "Projekt »%s« konnte nicht beigetreten werden"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "Für Projekt »%s« gibt es keinen Ressourcen-Pool, der die Standardanbindungen unterstützt."
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "Den angegebenen Ressourcen-Pool gibt es für das Projekt »%s« nicht"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "Es konnte nicht zum Standard-Ressourcen-Pool für Projekt »%s« verbunden werden."
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "»setproject« schlug für Projekt »%s« fehl"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo-Version %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Optionen für »configure«: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "Schwerwiegender Fehler, Plugins konnten nicht geladen werden"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "Regelwerks-Plugin konnte nicht initialisiert werden"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "E/A-Plugin %s konnte nicht initialisiert werden"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "Unerwarteter sudo-Modus 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "Gruppenvektor konnte nicht geholt werden"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "Unbekannte UID %u: Wer sind Sie?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s muss dem Benutzer mit UID %d gehören und das »setuid«-Bit gesetzt haben"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "Effektive UID ist nicht %d. Liegt %s auf einem Dateisystem mit gesetzter »nosuid«-Option oder auf einem NFS-Dateisystem ohne Root-Rechte?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "Effektive UID ist nicht %d. Wurde sudo mit »setuid root« installiert?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "Limit der Ressourcenkontrolle wurde erreicht"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "Benutzer »%s« ist kein Mitglied des Projekts »%s«"
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "Der aufrufende Prozess ist fertig"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "Projekt »%s« konnte nicht beigetreten werden"
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "Für Projekt »%s« gibt es keinen Ressourcen-Pool, der die Standardanbindungen unterstützt."
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "Den angegebenen Ressourcen-Pool gibt es für das Projekt »%s« nicht"
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "Es konnte nicht zum Standard-Ressourcen-Pool für Projekt »%s« verbunden werden."
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "»setproject« schlug für Projekt »%s« fehl"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "Warnung: Ressourcenkontrolle von Projekt »%s« konnte nicht zugewiesen werden"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "Unbekannte Anmeldungsklasse %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "Nutzerkontext konnte nicht gesetzt werden"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "Zusätzliche Gruppenkennungen konnten nicht gesetzt werden"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "Effektive GID konnte nicht zu »runas«-GID %u gesetzt werden"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "GID konnte nicht zu »runas«-GID %u gesetzt werden"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "Prozesspriorität konnte nicht gesetzt werden"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "Wurzelordner konnte nicht zu %s geändert werden"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "Es konnte nicht zu »runas«-GID gewechselt werden (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "In Ordner »%s« konnte nicht gewechselt werden"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "Unerwartete Abbruchsbedingung eines Unterprozesses: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "Dem Regelwerks-Plugin %s fehlt die »check_policy«-Methode"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "Regelwerks-Plugin %s unterstützt das Auflisten von Privilegien nicht"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "Regelwerks-Plugin %s unterstützt die Option -v nicht"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "Regelwerks-Plugin %s unterstützt die Optionen -k und -K nicht"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "UID konnte nicht zu Root (%u) geändert werden"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "Plugin-Fehler: Fehlende Dateiliste für sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: Keine reguläre Datei"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: Zu kurzer Schreibvorgang"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s blieb unverändert"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s unverändert"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "%s konnte nicht beschrieben werden"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "Bearbeitungssitzung wurden in %s gelassen"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "Temporäre Datei konnte nicht gelesen werden"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "Kein TTY vorhanden und kein »askpass«-Programm angegeben"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "Kein »askpass«-Programm angegeben, es wird versucht, SUDO_ASKPASS zu setzen"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "GID konnte nicht als %u festgelegt werden"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "UID konnte nicht als %u festgelegt werden"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "%s konnte nicht ausgeführt werden"
msgid "unable to restore stdin"
msgstr "Standardeingabe konnte nicht wiederhergestellt werden"
+#~ msgid "unable to allocate memory"
+#~ msgstr "Speicher konnte nicht zugewiesen werden"
+
+#~ msgid ": "
+#~ msgstr ": "
+
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "Interner Fehler: Überlauf bei emalloc2()"
# Esperanto translations for sudo package.
# This file is put in the public domain.
-# Keith Bowes <zooplah@gmail.com>, 2012.
+# Felipe Castro <fefcat@gmail.com>, 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.5rc3\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-04-24 13:41-0400\n"
-"PO-Revision-Date: 2012-04-29 18:56-0400\n"
-"Last-Translator: Keith Bowes <zooplah@gmail.com>\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-10 22:25-0400\n"
+"Last-Translator: Felipe Castro <fefcas@gmail.com>\n"
"Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
"Language: eo\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: common/aix.c:149
+#: common/aix.c:150
#, c-format
msgid "unable to open userdb"
msgstr "ne eblas malfermi la uzanto-datumbazon"
-#: common/aix.c:152
+#: common/aix.c:153
#, c-format
msgid "unable to switch to registry \"%s\" for %s"
msgstr "ne eblas ŝanĝiĝi al registrejo \"%s\" por %s"
-#: common/aix.c:169
+#: common/aix.c:170
#, c-format
msgid "unable to restore registry"
msgstr "ne eblas restarigi registrejon"
#: common/alloc.c:82
msgid "internal error, tried to emalloc(0)"
-msgstr "ena eraro, provis je emalloc(0)"
-
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:737
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ne eblas generi memoron"
+msgstr "interna eraro, provis je emalloc(0)"
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
-msgstr "ena eraro, provis je emalloc2(0)"
+msgstr "interna eraro, provis je emalloc2(0)"
-#: common/alloc.c:101
-msgid "internal error, emalloc2() overflow"
-msgstr "ena eraro, emalloc2() superfluo"
+#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "interna eraro, superfluo en %s"
#: common/alloc.c:120
msgid "internal error, tried to ecalloc(0)"
-msgstr "ena eraro, provis je ecalloc(0)"
-
-#: common/alloc.c:123
-msgid "internal error, ecalloc() overflow"
-msgstr "ena eraro, ecalloc() superfluo"
+msgstr "interna eraro, provis je ecalloc(0)"
#: common/alloc.c:142
msgid "internal error, tried to erealloc(0)"
-msgstr "ena eraro, provis je erealloc(0)"
+msgstr "interna eraro, provis je erealloc(0)"
-#: common/alloc.c:161 common/alloc.c:185
+#: common/alloc.c:161
msgid "internal error, tried to erealloc3(0)"
-msgstr "ena eraro, provis je erealloc3(0)"
+msgstr "interna eraro, provis je erealloc3(0)"
-#: common/alloc.c:163 common/alloc.c:187
-msgid "internal error, erealloc3() overflow"
-msgstr "ena eraro, erealloc3() superfluo"
+#: common/alloc.c:185
+msgid "internal error, tried to erecalloc(0)"
+msgstr "interna eraro, provis je erealloc(0)"
+
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
-#: common/sudo_conf.c:306
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "nekomprenata grupa fonto `%s' en %s, linio %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "nevalidaj maksimumaj grupoj `%s' en %s, linio %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "ne eblas trovi je %s"
-#: common/sudo_conf.c:309
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s estas ne regula dosiero"
-#: common/sudo_conf.c:312
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s estas estrata de uid %u, devas esti %u"
-#: common/sudo_conf.c:316
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s estas skribebla de ĉiuj"
-#: common/sudo_conf.c:319
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s estas skribebla de la tuta grupo"
-#: common/sudo_conf.c:328 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "ne eblas malfermi %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Nekonata signalo"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:107 src/exec_pty.c:628
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "konduta kromprogramo fiaskis dum seanca komenciĝo"
-#: src/exec.c:112 src/exec_pty.c:633 src/exec_pty.c:967 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "ne eblas forki"
msgid "unable to create sockets"
msgstr "ne eblas krei konektingojn"
-#: src/exec.c:266 src/exec_pty.c:572 src/exec_pty.c:581 src/exec_pty.c:589
-#: src/exec_pty.c:902 src/exec_pty.c:964 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "ne eblas krei tubon"
-
-#: src/exec.c:351 src/exec_pty.c:1029 src/exec_pty.c:1167
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "elekto malsukcesis"
-#: src/exec.c:441
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "ne eblis reatingi tty-etikedon"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "ne eblas forigi PRIV_PROC_EXEC-on de PRIV_LIMIT"
-#: src/exec_pty.c:144
+#: src/exec_pty.c:183
#, c-format
msgid "unable to allocate pty"
msgstr "ne eblis generi pty-on"
-#: src/exec_pty.c:619
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "ne eblas krei tubon"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "ne eblas elekti nudan reĝimon ĉe la terminalo"
-#: src/exec_pty.c:945
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "ne eblas elekti la regan tty-on"
-#: src/exec_pty.c:1038
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "eraro dum legi la signalan tubon"
-#: src/exec_pty.c:1059
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "eraro dum legi el tubo"
-#: src/exec_pty.c:1075
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "eraro dum legi la konektingan paron"
-#: src/exec_pty.c:1079
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "neatendita respondotipo ĉe la postkanalo: %d"
-#: src/load_plugins.c:79
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "eraro en %s, linio %d dum ŝargi kromprogramon `%s'"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:85
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:95
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s devas esti estrita de uid %d"
-#: src/load_plugins.c:99
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s estas skribebla nur de estro"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "malebla: dlopen %s: %s"
-#: src/load_plugins.c:111
+#: src/load_plugins.c:194
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: ne eblas trovi simbolon %s"
+msgid "unable to find symbol `%s' in %s"
+msgstr "ne eblas trovi simbolon `%s' en %s"
-#: src/load_plugins.c:117
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: nekonata konduta tipo %d"
+msgid "unknown policy type %d found in %s"
+msgstr "nekonata konduta tipo %d trovita en %s"
-#: src/load_plugins.c:121
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: malkongrua konduto, ĉefa eldono %d, atendita %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "malkongrua granda eldono %d de kromprogramo (estu %d) trovita en %s"
-#: src/load_plugins.c:128
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: nur unu konduta kromprogramo eblas ŝargiĝi"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "ignoranta kondutan kromprogramon `%s' en %s, linio %d"
-#: src/load_plugins.c:148
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: at least one policy plugin must be specified"
-msgstr "%s: almenaŭ unu konduku devas esti specifita"
+msgid "only a single policy plugin may be specified"
+msgstr "nur unu konduta kromprogramo eblas specifiĝi"
-#: src/load_plugins.c:153
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "ignoranta duobligantan kondutan kromprogramon `%s' en %s, linio %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "ignoranta duobligitan eneligan kromprogramon `%s' en %s, linio %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "konduta kromprogramo %s ne inkluzivas la metodon check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: superfluo malkovrita"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "ne eblas malfermi konektingon"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "la parametro de -C devas esti nombron almenaŭ 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "nekonata uzanto: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "vi ne rajtas specifi kaj '-i' kaj '-s'"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "vi ne rajtas specifi kaj '-i' kaj '-E'"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "la parametro '-E' ne validas en redakta reĝimo"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "vi ne rajtas specifi medivariablojn en redakta reĝimo"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "la parametro '-U' ne validas kun '-l'"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "'-A' kaj '-S' ne eblas uziĝi kune"
-#: src/parse_args.c:445
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit ne estas havebla en ĉi tiu platformon"
-#: src/parse_args.c:518
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Vi rajtas specifi nur unu el -e, -h, -i, -K, -l, -s, -v aŭ -V"
-#: src/parse_args.c:532
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - redakti dosierojn kiel alia uzanto\n"
"\n"
-#: src/parse_args.c:534
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - plenumigi komandon kiel alia uzanto\n"
"\n"
-#: src/parse_args.c:539
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Parametroj:\n"
-#: src/parse_args.c:542
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "uzi helpoprogrogramon por pasvortilo\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "uzi specifitan BSD-konstatan tipon\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "plenumigi komandon fone\n"
-#: src/parse_args.c:549
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "fermi ĉiujn dosierpriskribilojn >= fd\n"
-#: src/parse_args.c:552
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "plenumigi komandon per specifitan ensalutan klason\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "konservi uzanto-medivariablojn dum plenumigi komandon\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "redakti dosierojn anstataŭ plenumigi komandon\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "plenumigi komandon kiel la specifitan grupon\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "valorizi medivariablon HOME je la hejma dosierujo de la cela uzanto.\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "elmontri helpan mesaĝon kaj eliri\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "plenumigi ensalutan ŝelon kiel celan uzanton\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "tute forigi tempo-indikilan dosieron\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "eksvalidigi tempo-indikilan dosieron\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "listigi disponeblajn komandojn de uzanto\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "neinteraga reĝimo, ne demandos uzanton\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "konservi grupan vektoron anstataŭ elekti celan vektoron\n"
-#: src/parse_args.c:577
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "uzi specifitan pasvortilon\n"
-#: src/parse_args.c:580 src/parse_args.c:588
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "krei SELinux-sekurecan kuntekstan kun specifita rolo\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "legi pasvorton el norma enigo\n"
-#: src/parse_args.c:585
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "plenumigi ŝelon kiel cela uzanto\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "dum listigo, listigi privilegiojn de specifita uzanto\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "plenumigi komandon (aŭ redakti dosieron) kiel specifita uzanto\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "elmontri eldonan informon kaj eliri\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "ĝisdatigi la tempo-indikilon de la uzanto, sed ne plenumigi komandon\n"
-#: src/parse_args.c:599
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "ĉesigi procedi komandliniajn parametrojn\n"
msgid "unable to setup tty context for %s"
msgstr "ne eblas agordi tty-kuntekston por %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "ne eblas elekti exec-kuntekston al %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "ne eblas elekti ŝlosilkrean kuntekston al %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "postulas almenaŭ unu parametron"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "ne eblas plenumigi: %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "rimedo-rega limigo estis atingita"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "uzanto \"%s\" ne estas ano de projekto \"%s\""
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "la voka tasko estas nenuligebla"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "ne eblis aliĝi al projekto \"%s\""
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "neniu rimedujo akceptanta aŭtomatajn bindaĵojn ekzistas por projekto \"%s\""
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "specifita rimedujo ne ekzistas por projekto \"%s\""
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "ne eblis bindi al aprioran rimedujo por projekto \"%s\""
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject malsukcesis por projekto \"%s\""
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\""
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo: eldono %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Muntaj parametroj: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "ĉesiga eraro: ne eblas ŝargi kromprogramojn"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "ne eblas komenci konduktan kromprogramon"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "eraro dum komenci eneligan kromprogramon %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "neatendita sudo-reĝimon 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "ne eblas elekti grupan vektoron"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "nekonata uid %u: kiu vi estas?"
-#: src/sudo.c:760
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s devas esti estrita de uid %d kaj la setuid-bito devas esti elektita"
-#: src/sudo.c:763
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "efektiva uid ne estas %d; ĉu %s estas en dosiersistemo kun la elekto 'nosuid' aŭ reta dosiersistemo sen ĉefuzanto-privilegioj?"
-#: src/sudo.c:769
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "efektiva uid ne estas %d; ĉu sudo estas instalita kiel setuid-radiko?"
-#: src/sudo.c:838
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "rimedo-rega limigo estis atingita"
-
-#: src/sudo.c:841
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "uzanto \"%s\" ne estas ano de projekto \"%s\""
-
-#: src/sudo.c:845
-#, c-format
-msgid "the invoking task is final"
-msgstr "la voka tasko estas nenuligebla"
-
-#: src/sudo.c:848
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "ne eblis aliĝi al projekto \"%s\""
-
-#: src/sudo.c:853
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "neniu rimedujo akceptanta aŭtomatajn bindaĵojn ekzistas por projekto \"%s\""
-
-#: src/sudo.c:857
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "specifita rimedujo ne ekzistas por projekto \"%s\""
-
-#: src/sudo.c:861
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "ne eblis bindi al aprioran rimedujo por projekto \"%s\""
-
-#: src/sudo.c:867
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject malsukcesis por projekto \"%s\""
-
-#: src/sudo.c:869
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "averto, rimedo-rega asigno malsukcesis por projekto \"%s\""
-
-#: src/sudo.c:917
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "nekonata ensaluta klaso %s"
-#: src/sudo.c:931 src/sudo.c:934
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "ne eblas elekti uzanto-kuntekston"
-#: src/sudo.c:946
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "ne eblas elekti suplementajn grupajn identigilojn"
-#: src/sudo.c:953
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "ne eblas elekti efikan gid-on al plenumigkiela gid %u"
-#: src/sudo.c:959
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "ne eblas elekti gid-on kiel plenumigkielan gid-on %u"
-#: src/sudo.c:966
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "ne eblas elekti procezan prioritaton"
-#: src/sudo.c:974
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "ne eblas ŝanĝi ĉefuzanton al %s"
-#: src/sudo.c:981 src/sudo.c:987 src/sudo.c:993
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "ne eblas ŝanĝi al plenumigkiela uid (%u, %u)"
-#: src/sudo.c:1007
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "ne eblas ŝanĝi dosierujon al %s"
-#: src/sudo.c:1079
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "neatendita ido ekzekutiĝis laŭ la kondiĉo: %d"
-#: src/sudo.c:1140
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "konduta kromprogramo %s ne inkluzivas la metodon `check_policy'"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "konduta kromprogramo %s ne komprenas listigon de privilegioj"
-#: src/sudo.c:1152
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "konduta kromprogramo %s ne komprenas la parametron -v"
-#: src/sudo.c:1164
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "konduta kromprogramo %s ne komprenas la parametrojn -k kaj -K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "ne eblas ŝanĝi uid-on al ĉefuzanto (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "kromprograma eraro: malhavas dosieran liston por sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: ne regula dosiero"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: mallonga skribado"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s restas ne modifita"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s ne ŝanĝita"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "ne eblas skribi al %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "enhavo de redakta seanco restas en %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "ne eblas legi provizoran dosieron"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "neniu tty ĉeestas kaj neniu pasvorto-programo specifita"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "neniu pasvorto-programo specifita, provi valorizi SUDO_ASKPASS-on"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "ne eblas elekti gid-on al %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "ne eblas elekti uid-on al %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "ne eblas plenumigi: %s"
msgid "unable to restore stdin"
msgstr "ne eblas restarigi enigon"
+#~ msgid "unable to allocate memory"
+#~ msgstr "ne eblas generi memoron"
+
+#~ msgid ": "
+#~ msgstr ": "
+
+#~ msgid "internal error, emalloc2() overflow"
+#~ msgstr "interna eraro, emalloc2() superfluo"
+
+#~ msgid "internal error, erealloc3() overflow"
+#~ msgstr "interna eraro, erealloc3() superfluo"
+
+#~ msgid "%s: at least one policy plugin must be specified"
+#~ msgstr "%s: almenaŭ unu konduku devas esti specifita"
+
#~ msgid "must be setuid root"
#~ msgstr "devas esti ĉefuzanto setuid"
# traducción al español de sudo.
# This file is distributed under the same license as the sudo package.
#
-# Abel Send
on <abelnicolas1976@gmail.com>, 2012.
+# Abel Send
ón <abelnicolas1976@gmail.com>, 2012.
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.5-b4\n"
+"Project-Id-Version: sudo 1.8.6b4\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-03-28 14:06-0400\n"
-"PO-Revision-Date: 2012-04-10 16:19-0300\n"
-"Last-Translator: Abel Send
on <abelnicolas1976@gmail.com>\n"
+"POT-Creation-Date: 2012-08-10 13:08-0400\n"
+"PO-Revision-Date: 2012-12-28 22:39-0300\n"
+"Last-Translator: Abel Send
ón <abelnicolas1976@gmail.com>\n"
"Language-Team: Spanish <es@li.org>\n"
-"Language: \n"
+"Language: es\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
+"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 1.2\n"
+"X-Generator: Lokalize 1.4\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Poedit-Language: Spanish\n"
"X-Poedit-Country: ARGENTINA\n"
+#: common/aix.c:150
+#, c-format
+msgid "unable to open userdb"
+msgstr "no se puede abrir userdb"
+
+#: common/aix.c:153
+#, c-format
+msgid "unable to switch to registry \"%s\" for %s"
+msgstr "no se puede cambiar al registro \"%s\" para %s"
+
+#: common/aix.c:170
+#, c-format
+msgid "unable to restore registry"
+msgstr "no se puede restaurar el registro"
+
+#: common/alloc.c:82
+msgid "internal error, tried to emalloc(0)"
+msgstr "error interno: trató emalloc(0)"
+
+#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
+#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
+#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
+#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
+#, c-format
+msgid "unable to allocate memory"
+msgstr "no se puede de asignar memoria"
+
+#: common/alloc.c:99
+msgid "internal error, tried to emalloc2(0)"
+msgstr "error interno: trató emalloc2(0)"
+
+#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "error interno: desbordamiento de %s"
+
+#: common/alloc.c:120
+msgid "internal error, tried to ecalloc(0)"
+msgstr "error interno: trató ecalloc(0)"
+
+#: common/alloc.c:142
+msgid "internal error, tried to erealloc(0)"
+msgstr "error interno: trató erealloc(0)"
+
+#: common/alloc.c:161
+msgid "internal error, tried to erealloc3(0)"
+msgstr "error interno: trató erealloc3(0)"
+
+#: common/alloc.c:185
+msgid "internal error, tried to erecalloc(0)"
+msgstr "error interno: trató erecalloc(0)"
+
+#: common/sudo_conf.c:305
+#, c-format
+msgid "unable to stat %s"
+msgstr "no se puede stat en %s"
+
+#: common/sudo_conf.c:308
+#, c-format
+msgid "%s is not a regular file"
+msgstr "%s no es un archivo regular"
+
+#: common/sudo_conf.c:311
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr "%s es adueñado por uid %u, sería %u"
+
+#: common/sudo_conf.c:315
+#, c-format
+msgid "%s is world writable"
+msgstr "%s es escribible por todos"
+
+#: common/sudo_conf.c:318
+#, c-format
+msgid "%s is group writable"
+msgstr "%s es escribible por el grupo"
+
+#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#, c-format
+msgid "unable to open %s"
+msgstr "no se pudo abrir %s"
+
+#: compat/strsignal.c:47
+msgid "Unknown signal"
+msgstr "Señal desconocida"
+
#: src/error.c:82 src/error.c:86
msgid ": "
msgstr ": "
-#: src/exec.c:105 src/exec_pty.c:616 src/exec_pty.c:948 src/tgetpass.c:221
+#: src/exec.c:113 src/exec_pty.c:674
+#, c-format
+msgid "policy plugin failed session initialization"
+msgstr "política de plugin falló en la inicialización de sesión "
+
+#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
#, c-format
msgid "unable to fork"
msgstr "no se puede bifurcar"
-#: src/exec.c:252
+#: src/exec.c:268
#, c-format
msgid "unable to create sockets"
msgstr "no se puede crear sockets"
-#: src/exec.c:259 src/exec_pty.c:567 src/exec_pty.c:576 src/exec_pty.c:584
-#: src/exec_pty.c:883 src/exec_pty.c:945 src/tgetpass.c:218
+#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
+#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
#, c-format
msgid "unable to create pipe"
msgstr "no se puede crear tubería"
-#: src/exec.c:340 src/exec_pty.c:1011 src/exec_pty.c:1146
+#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
#, c-format
msgid "select failed"
msgstr "selección fallida"
-#: src/exec.c:425
+#: src/exec.c:467
#, c-format
msgid "unable to restore tty label"
-msgstr "no se puede restaurar la etiqueta tty"
+msgstr "no se puede restaurar la etiqueta tty "
#: src/exec_common.c:69
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "no se puede remover PRIV_PROC_EXEC desde PRIV_LIMIT"
-#: src/exec_common.c:111 src/parse_args.c:432 src/sudo.c:447 src/sudo.c:467
-#: src/sudo.c:474 src/sudo.c:485 src/sudo.c:871 common/alloc.c:85
-#: common/alloc.c:105 common/alloc.c:127 common/alloc.c:146 common/alloc.c:168
-#: common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#, c-format
-msgid "unable to allocate memory"
-msgstr "no se puede de asignar memoria"
-
-#: src/exec_pty.c:140
+#: src/exec_pty.c:183
#, c-format
msgid "unable to allocate pty"
msgstr "no se puede asignar pty"
-#: src/exec_pty.c:609
+#: src/exec_pty.c:665
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "no se puede establecer la terminal en modo directo"
-#: src/exec_pty.c:926
+#: src/exec_pty.c:1013
#, c-format
msgid "unable to set controlling tty"
msgstr "no se puede establecer el controlador tty"
-#: src/exec_pty.c:1019
+#: src/exec_pty.c:1111
#, c-format
msgid "error reading from signal pipe"
msgstr "error al leer desde la tubería de la señal"
-#: src/exec_pty.c:1038
+#: src/exec_pty.c:1132
#, c-format
msgid "error reading from pipe"
msgstr "error al leer de la tubería"
-#: src/exec_pty.c:1054
+#: src/exec_pty.c:1148
#, c-format
msgid "error reading from socketpair"
msgstr "error leyendo de socketpair"
-#: src/exec_pty.c:1058
+#: src/exec_pty.c:1152
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "tipo de respuesta inesperada en canales alternos %d"
-#: src/load_plugins.c:79
+#: src/load_plugins.c:74
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:85
+#: src/load_plugins.c:80
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:95
+#: src/load_plugins.c:90
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s debe ser propiedad del uid %d"
-#: src/load_plugins.c:99
+#: src/load_plugins.c:94
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s sólo tener permisos de escritura por el propietario"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:101
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "no se puede dlopen %s: %s"
-#: src/load_plugins.c:111
+#: src/load_plugins.c:106
#, c-format
msgid "%s: unable to find symbol %s"
msgstr "%s: no se puede de encontrar el símbolo %s"
-#: src/load_plugins.c:117
+#: src/load_plugins.c:112
#, c-format
msgid "%s: unknown policy type %d"
msgstr "%s: tipo de política desconocida %d"
-#: src/load_plugins.c:121
+#: src/load_plugins.c:116
#, c-format
msgid "%s: incompatible policy major version %d, expected %d"
msgstr "%s: incompatible la versión principal de la política %d, se esperaba %d"
-#: src/load_plugins.c:128
+#: src/load_plugins.c:123
#, c-format
msgid "%s: only a single policy plugin may be loaded"
msgstr "%s: se puede cargar sólo una política de plugin"
-#: src/load_plugins.c:148
-#, c-format
-msgid "%s: at least one policy plugin must be specified"
-msgstr "%s: debe ser especificada al menos una política de plugin"
-
-#: src/load_plugins.c:153
+#: src/load_plugins.c:200
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "la política del plugin %s no incluye un método check_policy"
msgid "the `-A' and `-S' options may not be used together"
msgstr "las opciones '-A' y '-S' no se pueden utilizar conjuntamente"
-#: src/parse_args.c:445
+#: src/parse_args.c:443
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit no está soportado en ésta plataforma"
-#: src/parse_args.c:518
+#: src/parse_args.c:516
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "puede ser especificada sólo una de las opciones -e, -h, -i, -K, -l, -s, -v o -V"
-#: src/parse_args.c:532
+#: src/parse_args.c:530
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - edita archivos como otro usuario\n"
"\n"
-#: src/parse_args.c:534
+#: src/parse_args.c:532
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - ejecuta un comando como otro usuario\n"
"\n"
-#: src/parse_args.c:539
+#: src/parse_args.c:537
#, c-format
msgid ""
"\n"
"\n"
"Opciones:\n"
-#: src/parse_args.c:542
+#: src/parse_args.c:540
msgid "use helper program for password prompting\n"
msgstr "utilizar el programa de ayuda para la solicitud de contraseña\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:543
msgid "use specified BSD authentication type\n"
msgstr "utiliza tipo de autentificación especificado en BSD\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:545
msgid "run command in the background\n"
msgstr "ejecuta un comando en segundo plano\n"
-#: src/parse_args.c:549
+#: src/parse_args.c:547
msgid "close all file descriptors >= fd\n"
msgstr "cierra todos los descriptores de archivo >= fd\n"
-#: src/parse_args.c:552
+#: src/parse_args.c:550
msgid "run command with specified login class\n"
msgstr "ejecuta un comando con la clase especificada de inicio de sesión\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:553
msgid "preserve user environment when executing command\n"
msgstr "preserva entorno del usuario cuando está ejecutando un comando\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:555
msgid "edit files instead of running a command\n"
msgstr "edita archivos en vez de ejecutar un comando\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:557
msgid "execute command as the specified group\n"
msgstr "ejecuta un comando como el grupo especificado\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:559
msgid "set HOME variable to target user's home dir.\n"
msgstr "asigna la variable HOME al directorio de inicio del usuario\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:561
msgid "display help message and exit\n"
msgstr "muestra este mensaje de ayuda y sale\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:563
msgid "run a login shell as target user\n"
msgstr "ejecuta un intérprete de comandos como un determinado usuario\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:565
msgid "remove timestamp file completely\n"
msgstr "remueve un archivo de marca completamente\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:567
msgid "invalidate timestamp file\n"
msgstr "archivo de marca inválido\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:569
msgid "list user's available commands\n"
msgstr "lista los comandos del usuario disponibles\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:571
msgid "non-interactive mode, will not prompt user\n"
msgstr "modo no-interactivo, no se pedirá usuario\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:573
msgid "preserve group vector instead of setting to target's\n"
msgstr "preserva el vector de grupos en vez de establecer de objetivo\n"
-#: src/parse_args.c:577
+#: src/parse_args.c:575
msgid "use specified password prompt\n"
msgstr "usa la contraseña especificada\n"
-#: src/parse_args.c:580 src/parse_args.c:588
+#: src/parse_args.c:578 src/parse_args.c:586
msgid "create SELinux security context with specified role\n"
msgstr "crea el contexto de seguridad SELinux con la regla especificada\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:581
msgid "read password from standard input\n"
msgstr "lee la contraseña desde la entrada estandar\n"
-#: src/parse_args.c:585
+#: src/parse_args.c:583
msgid "run a shell as target user\n"
msgstr "ejecuta un intérprete de comandos como un determinado usuario\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:589
msgid "when listing, list specified user's privileges\n"
msgstr "cuando está listando, lista los privilegios del usuario especificado\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:591
msgid "run command (or edit file) as specified user\n"
msgstr "ejecuta un comando (o edita un archivo) como un usuario específico\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:593
msgid "display version information and exit\n"
msgstr "muestra la información de la versión y sale\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:595
msgid "update user's timestamp without running a command\n"
msgstr "actualiza la marca del usuario sin ejecutar un comando\n"
-#: src/parse_args.c:599
+#: src/parse_args.c:597
msgid "stop processing command line arguments\n"
msgstr "detiene el proceso de argumentos de la línea de comandos\n"
msgid "unable to set new tty context"
msgstr "no se puede establecer nuevo contexto tty"
-#: src/selinux.c:196 src/selinux.c:209 src/sudo.c:333 common/sudo_conf.c:328
-#, c-format
-msgid "unable to open %s"
-msgstr "no se pudo abrir %s"
-
#: src/selinux.c:252
#, c-format
msgid "you must specify a role for type %s"
msgid "unable to execute %s"
msgstr "no se puede ejecutar %s"
-#: src/sudo.c:213
+#: src/sudo.c:211
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo versión %s\n"
-#: src/sudo.c:215
+#: src/sudo.c:213
#, c-format
msgid "Configure options: %s\n"
msgstr "Opciones de configuración: %s\n"
-#: src/sudo.c:220
+#: src/sudo.c:218
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "error fatal, no se puede cargar los plugins"
-#: src/sudo.c:228
+#: src/sudo.c:226
#, c-format
msgid "unable to initialize policy plugin"
msgstr "no se puede inicializar la política de plugin"
-#: src/sudo.c:283
+#: src/sudo.c:281
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "error al inicializar los plugins de E/S %s"
-#: src/sudo.c:308
+#: src/sudo.c:306
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "inesperado modo sudo 0x%x"
-#: src/sudo.c:402
+#: src/sudo.c:400
#, c-format
msgid "unable to get group vector"
msgstr "no se puede obtener el vector de grupo"
-#: src/sudo.c:443
+#: src/sudo.c:452
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "uid desconocido %u: quién es usted?"
-#: src/sudo.c:735
+#: src/sudo.c:782
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s debe ser propiedad del uid %d y tener el bit setuid establecido"
-#: src/sudo.c:738
+#: src/sudo.c:785
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "el uid no es %d, es %s en un sistema de archivos con la opción 'nosuid' establecida o un sistema de archivos NFS sin privilegios de root?"
-#: src/sudo.c:744
+#: src/sudo.c:791
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "el uid efectivo no es %d, sudo está instalado con setuid root?"
-#: src/sudo.c:813
+#: src/sudo.c:860
#, c-format
msgid "resource control limit has been reached"
msgstr "el límite de control de recursos ha sido alcanzado"
-#: src/sudo.c:816
+#: src/sudo.c:863
#, c-format
msgid "user \"%s\" is not a member of project \"%s\""
msgstr "el usuario \"%s\" no es miembro del proyecto \"%s\""
-#: src/sudo.c:820
+#: src/sudo.c:867
#, c-format
msgid "the invoking task is final"
msgstr "la tarea que invoca es definitiva"
-#: src/sudo.c:823
+#: src/sudo.c:870
#, c-format
msgid "could not join project \"%s\""
msgstr "no podría unirse al proyecto \"%s\""
-#: src/sudo.c:828
+#: src/sudo.c:875
#, c-format
msgid "no resource pool accepting default bindings exists for project \"%s\""
msgstr "no hay fondo de recursos aceptando las asignaciones existentes para el proyecto \"%s\""
-#: src/sudo.c:832
+#: src/sudo.c:879
#, c-format
msgid "specified resource pool does not exist for project \"%s\""
msgstr "el fondo de recursos especificado no existe para el proyecto \"%s\""
-#: src/sudo.c:836
+#: src/sudo.c:883
#, c-format
msgid "could not bind to default resource pool for project \"%s\""
msgstr "no se podría enlazar al fondo de recursos predeterminado para el proyecto \"%s\" "
-#: src/sudo.c:842
+#: src/sudo.c:889
#, c-format
msgid "setproject failed for project \"%s\""
msgstr "configuración del proyecto fallida \"%s\" "
-#: src/sudo.c:844
+#: src/sudo.c:891
#, c-format
msgid "warning, resource control assignment failed for project \"%s\""
msgstr "aviso, el control de asignación de recursos falló para el proyecto \"%s\""
-#: src/sudo.c:909
+#: src/sudo.c:959
#, c-format
msgid "unknown login class %s"
msgstr "clase de inicio de sesión desconocida %s"
-#: src/sudo.c:923 src/sudo.c:926
+#: src/sudo.c:973 src/sudo.c:976
#, c-format
msgid "unable to set user context"
msgstr "no se puede establecer el contexto del usuario"
-#: src/sudo.c:938
+#: src/sudo.c:988
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "no se puede establecer el grupo suplementario de IDs"
-#: src/sudo.c:945
+#: src/sudo.c:995
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "no se puede establecer el gid efectivo para ejecutar como gid %u"
-#: src/sudo.c:951
+#: src/sudo.c:1001
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "no se puede establecer el gid para ejecutar como gid %u"
-#: src/sudo.c:958
+#: src/sudo.c:1008
#, c-format
msgid "unable to set process priority"
msgstr "no se puede establecer la prioridad de proceso"
-#: src/sudo.c:966
+#: src/sudo.c:1016
#, c-format
msgid "unable to change root to %s"
msgstr "no se puede cambiar de root a %s"
-#: src/sudo.c:973 src/sudo.c:979 src/sudo.c:985
+#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "no se puede cambiar a runas uid (%u, %u)"
-#: src/sudo.c:999
+#: src/sudo.c:1049
#, c-format
msgid "unable to change directory to %s"
msgstr "no se puede cambiar al directorio %s"
-#: src/sudo.c:1072
+#: src/sudo.c:1133
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "inesperada terminación de condición hija: %d"
-#: src/sudo.c:1133
+#: src/sudo.c:1194
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "la política del plugin %s no soporta listado de privilegios"
-#: src/sudo.c:1145
+#: src/sudo.c:1206
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "la política del plugin %s no soporta la opción -v"
-#: src/sudo.c:1157
+#: src/sudo.c:1218
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "la política del plugin %s no soporta las opciones -k/-K"
msgid "unable to restore stdin"
msgstr "no se puede restaurar stdin"
-#: common/aix.c:149
-#, c-format
-msgid "unable to open userdb"
-msgstr "no se puede abrir userdb"
-
-#: common/aix.c:152
-#, c-format
-msgid "unable to switch to registry \"%s\" for %s"
-msgstr "no se puede cambiar al registro \"%s\" para %s"
-
-#: common/aix.c:169
-#, c-format
-msgid "unable to restore registry"
-msgstr "no se puede restaurar el registro"
-
-#: common/alloc.c:82
-msgid "internal error, tried to emalloc(0)"
-msgstr "error interno: trató emalloc(0)"
-
-#: common/alloc.c:99
-msgid "internal error, tried to emalloc2(0)"
-msgstr "error interno: trató emalloc2(0)"
-
-#: common/alloc.c:101
-msgid "internal error, emalloc2() overflow"
-msgstr "error interno: desbordamiento en emalloc2()"
-
-#: common/alloc.c:120
-msgid "internal error, tried to ecalloc(0)"
-msgstr "error interno: trató ecalloc(0)"
-
-#: common/alloc.c:123
-msgid "internal error, ecalloc() overflow"
-msgstr "error interno: desbordamiento en ealloc()"
-
-#: common/alloc.c:142
-msgid "internal error, tried to erealloc(0)"
-msgstr "error interno: trató erealloc(0)"
-
-#: common/alloc.c:161 common/alloc.c:185
-msgid "internal error, tried to erealloc3(0)"
-msgstr "error interno: trató erealloc3(0)"
-
-#: common/alloc.c:163 common/alloc.c:187
-msgid "internal error, erealloc3() overflow"
-msgstr "error interno: desbordamiento de erealloc3()"
+#~ msgid "%s: at least one policy plugin must be specified"
+#~ msgstr "%s: debe ser especificada al menos una política de plugin"
-#: common/sudo_conf.c:306
-#, c-format
-msgid "unable to stat %s"
-msgstr "no se puede stat en %s"
-
-#: common/sudo_conf.c:309
-#, c-format
-msgid "%s is not a regular file"
-msgstr "%s no es un archivo regular"
-
-#: common/sudo_conf.c:312
-#, c-format
-msgid "%s is owned by uid %u, should be %u"
-msgstr "%s es adueñado por uid %u, sería %u"
+#~ msgid "internal error, emalloc2() overflow"
+#~ msgstr "error interno: desbordamiento en emalloc2()"
-#: common/sudo_conf.c:316
-#, c-format
-msgid "%s is world writable"
-msgstr "%s es escribible por todos"
-
-#: common/sudo_conf.c:319
-#, c-format
-msgid "%s is group writable"
-msgstr "%s es escribible por el grupo"
-
-#: compat/strsignal.c:47
-msgid "Unknown signal"
-msgstr "Señal desconocida"
+#~ msgid "internal error, erealloc3() overflow"
+#~ msgstr "error interno: desbordamiento de erealloc3()"
#~ msgid "must be setuid root"
#~ msgstr "debe ser setuid root"
# Finnish messages for sudo.
# This file is put in the public domain.
-# Copyright © 2011, 2012 Free Software Foundation, Inc.
# This file is distributed under the same license as the sudo package.
-# Jorma Karvonen <karvonen.jorma@gmail.com>, 2011-2012.
+# Jorma Karvonen <karvonen.jorma@gmail.com>, 2011-2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-14 09:07+0200\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-04 09:46+0300\n"
"Last-Translator: Jorma Karvonen <karvonen.jorma@gmail.com>\n"
"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
"Language: fi\n"
#: common/aix.c:150
#, c-format
msgid "unable to open userdb"
-msgstr "ei kyetä avaamaan userdb-käyttäjätietokantaa"
+msgstr "userdb-käyttäjätietokannan avaaminen epäonnistui"
#: common/aix.c:153
#, c-format
msgid "unable to switch to registry \"%s\" for %s"
-msgstr "ei kyetä vaihtamaan registeriä ”%s” käyttäjälle %s"
+msgstr "vaihtaminen registeröitymiseen ”%s” käyttäjälle %s epäonnistui"
#: common/aix.c:170
#, c-format
msgid "unable to restore registry"
-msgstr "ei kyetä palauttamaan rekisteriä"
+msgstr "rekisteröitymisen palauttaminen epäonnistui"
#: common/alloc.c:82
msgid "internal error, tried to emalloc(0)"
msgstr "sisäinen virhe, yritettiin suorittaa emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ei kyetä varaamaan muistia"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "sisäinen virhe, yritettiin suorittaa emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "sisäinen virhe, yritettiin suorittaa erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "tukematon ryhmälähde ”%s” tiedostossa %s, rivi %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "virheellinen ryhmien ”%s” enimmäismäärä tiedostossa %s, rivi %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
-msgstr "ei kyetä suorittamaan käskyä stat %s"
+msgstr "käskyn stat %s suorittaminen epäonnistui"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s ei ole tavallinen tiedosto"
# ensimmäinen parametri on path
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "polun %s omistaja on %u, pitäisi olla %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s on yleiskirjoitettava"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s on ryhmäkirjoitettava"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
-msgstr "ei kyetä avaamaan kohdetta %s"
+msgstr "kohteen %s avaaminen epäonnistui"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Tuntematon signaali"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "Menettelytapalisäosa epäonnistui istunnon alustamisessa"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
-msgstr "ei kyetä kutsumaan fork-kutsua"
+msgstr "fork-kutsu epäonnistui"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
-msgstr "ei kyetä luomaan pistokkeita"
+msgstr "vastakkeiden luominen epäonnistui"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "ei kyetä luomaan putkea"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "select-funktio epäonnistui"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
-msgstr "ei kyetä palauttamaan tty-nimiötä"
+msgstr "tty-nimiön palauttaminen epäonnistui"
# Solaris privileges, remove PRIV_PROC_EXEC post-execve.
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
-msgstr "ei kyetä poistamaan PRIV_PROC_EXEC kohteesta PRIV_LIMIT"
+msgstr "kohteen PRIV_PROC_EXEC poistaminen kohteesta PRIV_LIMIT epäonnistui"
#: src/exec_pty.c:183
#, c-format
msgid "unable to allocate pty"
-msgstr "ei kyetä varaamaan pty:tä"
+msgstr "pty:n varaaminen epäonnistui"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "putken luominen epäonnistui"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
-msgstr "ei kyetä asettamaan päätettä raakatilaan"
+msgstr "pääteikkunan asentaminen raakatilaan epäonnistui"
# Istunnolla voi olla ohjaava tty. Istunnon yksi prosessiryhmä voi olla edustaprosessiryhmä ja toimia siten ohjaavana tty:nä, joka vastaanottaa tty-syötteen ja -signaalit.
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
-msgstr "ei kyetä asettamaan ohjaavaa tty:tä"
+msgstr "ohjaavan tty:n asettaminen epäonnistui"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "virhe luettaessa signaaliputkesta"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "virhe luettaessa putkesta"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
-msgstr "virhe luettaessa pistokeparista"
+msgstr "virhe luettaessa vastakeparista"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "odottamaton vastaustyyppi paluukanavalla: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "virhe tiedostossa %s, rivi %d alustettaessa lisäosaa ”%s”"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
# ensimmäinen parametri on path
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "polun %s omistajan on oltava uid %d"
# parametri on path
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "polun %s on oltava vain omistajan kirjoitettava"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "lisäosan avaaminen epäonnistui funktiolla dlopen %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "symbolin ”%s” löytäminen kohteesta %s epäonnistui"
+
+#: src/load_plugins.c:201
+#, c-format
+msgid "unknown policy type %d found in %s"
+msgstr "tuntematon menettelytapatyyppi %d löytyi kohteesta %s"
+
+#: src/load_plugins.c:207
+#, c-format
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "yhteensopimaton lisäosan major-versio %d (odotettiin %d) löytyi kohteesta %s"
+
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: ei kyetä löytämään symbolia %s"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "ohitetaan menettelytapaliitännäinen ”%s” tiedostossa %s, rivi %d"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: tuntematon menettelytapatyyppi %d"
+msgid "only a single policy plugin may be specified"
+msgstr "vain yksi menettelytapalisäosa voidaan määritellä"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:221
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: yhteensopimaton menettelytavan major-versio %d, odotettiin %d"
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "ohitetaan menettelytapalisäosan ”%s” kaksoiskappale tiedostossa %s, rivi %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:236
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: vain yksi menettelytapalisäosa voidaan ladata"
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "ohitetaan siirräntälisäosan ”%s” kaksoiskappale tiedostossa %s, rivi %d"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "menettelytapalisäosa %s ei sisällä check_policy-metodia"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: ylivuoto havaittu"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
-msgstr "ei kyetä avaamaan pistoketta"
+msgstr "vastakkeen avaaminen epäonnistui"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "valitsimen -C argumentin on oltava vähintään 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "tuntematon käyttäjä: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
-msgstr "et voi määritellä sekä valitsinta ”-i” että valitsinta ”-s”"
+msgstr "sekä valitsimen ”-i” että valitsimen ”-s” määritteleminen ei ole sallittua"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
-msgstr "et voi määritellä sekä valitsinta ”-i” että valitsinta ”-E”"
+msgstr "sekä valitsimen ”-i” että valitsimen ”-E” määritteleminen ei ole sallittua"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "valitsin ”-E” ei ole kelvollinen muokkaustilassa"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
-msgstr "ei voi määritellä ympäristömuuttujia muokkaustilassa"
+msgstr "ympäristömuuttujien määritteleminen muokkaustilassa ei ole salittua"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "valitsinta ”-U” voidaan käyttää vain valitsimen ”-l” kanssa"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "valitsimia ”-A” ja ”-S” ei voi käyttää yhdessä"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit ei ole tuettu tällä alustalla"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Vain yksi valitsimista -e, -h, -i, -K, -l, -s, -v tai -V voidaan määritellä"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - muokkaa tiedostoja toisena käyttäjänä\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - suorita komentoja toisena käyttäjänä\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Valitsimet:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "käytä apuohjelmaa salasanakyselyyn\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "käytä määriteltyä BSD-todennustyyppiä\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "suorita komento taustalla\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "sulje kaikki tiedostokuvaajat >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "suorita komento määritellyllä kirjautumisluokalla\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "säilytä käyttäjäympäristö komentoa suoritettaessa\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "muokkaa tiedostoja komennon suorittamisen sijasta\n"
# tämä viittaa runas_group-määritelyyn
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "suorita komento määriteltynä ryhmänä\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "aseta HOME-muuttuja osoittamaan kohdekäyttäjän kotihakemistoon.\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "näytä opasteviesti ja poistu\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "suorita kirjautumiskomentoikkuna kohdekäyttäjänä\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "poista aikaleimatiedosto kokonaan\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "mitätöi aikaleimatiedosto\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "luettele käyttäjän käytettävissä olevat komennot\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
-msgstr "ei-interaktiivinen tila, ei kysy käyttäjältä\n"
+msgstr "vuorovaikutteeton tila, ei kysy käyttäjältä\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "säilytä ryhmävektori kohteen vektorin asettamisen sijasta\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "käytä määriteltyä salasanakehotetta\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "luo SELinux-turva-asiayhteys määritellyllä roolilla\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "lue salasana vakiosyötteestä\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "suorita komentotulkki kohdekäyttäjänä\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "luetteloitaessa luettele määritellyn käyttäjän käyttöoikeudet\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "suorita komento (tai muokkaa tiedostoa) määriteltynä käyttäjänä\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "näytä versiotiedot ja poistu\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "päivitä käyttäjän aikaleima suorittamatta komentoa\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "lopeta komentoriviargumenttien käsittely\n"
#: src/selinux.c:77
#, c-format
msgid "unable to open audit system"
-msgstr "ei kyetä avaamaan audit-järjestelmää"
+msgstr "audit-järjestelmän avaaminen epäonnistui"
#: src/selinux.c:85
#, c-format
msgid "unable to send audit message"
-msgstr "ei kyetä lähettämään audit-viestiä"
+msgstr "audit-viestin lähettäminen epäonnistui"
#: src/selinux.c:113
#, c-format
msgid "unable to fgetfilecon %s"
-msgstr "ei kyetä kutsumaan funktiota fgetfilecon %s"
+msgstr "funktion fgetfilecon %s kutsuminen epäonnistui"
#: src/selinux.c:118
#, c-format
#: src/selinux.c:123
#, c-format
msgid "unable to restore context for %s"
-msgstr "ei kyetä palauttamaan asiayhteyttä kohteelle %s"
+msgstr "asiayhteyden palauttaminen kohteelle %s epäonnistui"
#: src/selinux.c:163
#, c-format
msgid "unable to open %s, not relabeling tty"
-msgstr "ei kyetä avaamaan kohdetta %s, ei nimiöidä uudelleen tty:tä"
+msgstr "kohteen %s avaaminen epäonnistui, ei nimiöidä uudelleen tty:tä"
#: src/selinux.c:172
#, c-format
msgid "unable to get current tty context, not relabeling tty"
-msgstr "ei kyetä hakemaan nykyistä tty-asiayhteyttä, ei nimiöidä uudelleen tty:tä"
+msgstr "nykyisen tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tä"
#: src/selinux.c:179
#, c-format
msgid "unable to get new tty context, not relabeling tty"
-msgstr "ei kyetä hakemaan uutta tty-asiayhteyttä, ei nimiöidä uudelleen tty:tä"
+msgstr "uuden tty-asiayhteyden hakeminen epäonnistui, ei nimiöidä uudelleen tty:tä"
#: src/selinux.c:186
#, c-format
msgid "unable to set new tty context"
-msgstr "ei kyetä asettamaan uutta tty-asiayhteyttä"
+msgstr "uuden tty-asiayhteyden asettaminen epäonnistui"
#: src/selinux.c:252
#, c-format
#: src/selinux.c:258
#, c-format
msgid "unable to get default type for role %s"
-msgstr "roolille %s ei kyetä hakemaan oletustyyppiä"
+msgstr "oletustyypin hakeminen roolille %s epäonnistui"
#: src/selinux.c:276
#, c-format
#: src/selinux.c:330
#, c-format
msgid "unable to determine enforcing mode."
-msgstr "ei kyetä määrittelemään vahvistustilaa."
+msgstr "vahvistustilan määritteleminen epäonnistui."
#: src/selinux.c:342
#, c-format
msgid "unable to setup tty context for %s"
msgstr "ei kyetä asettamaan tty-asiayhteydeksi %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "ei kyetä asettamaan suoritusasiayhteydeksi %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "ei kyetä asettamaan avaimenluontiasiayhteydeksi %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "vaatii vähintään yhden argumentin"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
-msgstr "ei kyetä suorittamaan kohdetta %s"
+msgstr "kohteen %s suorittaminen epäonnistui"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "resurssivalvontaraja saavutettu"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "käyttäjä ”%s” ei ole hankkeen ”%s” jäsen"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "kutsuttu tehtävä on final-tyyppinen"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "hankkeeseen ”%s” liittyminen epäonnistui"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "hankkeelle ”%s” ei ole oletusyhteydet hyväksyvää resurssivarantoa"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "hankkeelle ”%s” ei ole määriteltyä resurssivarantoa"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "hankkeelle ”%s” ei voitu sitoa oletusresurssivarantoa"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "funktio setproject hankkeelle ”%s” epäonnistui"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "varoitus, hankkeen ”%s” resurssiohjausosoitus epäonnistui"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo-versio %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Asetusvalitsimet: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
-msgstr "kohtalokas virhe, ei kyetä lataamaan lisäosia"
+msgstr "vakava virhe, lisäosien lataaminen epäonnistui"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
-msgstr "ei kyetä alustamaan menettelytapalisäosaa"
+msgstr "menettelytapalisäosan alustaminen epäonnistui"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "virhe alustettaessa siirräntälisäosaa %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "odottamaton sudo-tila 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "ei kyetä hakemaan ryhmävektoria"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "tuntematon uid-käyttäjätunniste %u: kuka olet?"
# ensimmäinen parametri on path
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "polun %s omistajan on oltava uid %d ja setuid-bitin on oltava asetettu"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "todellinen käyttäjätunniste ei ole %d, onko %s asetettu tiedostojärjestelmässä, jossa on ’nosuid’-valitsin vai onko tämä NFS-tiedostojärjestelmä ilman root-käyttäjäoikeuksia?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "todellinen käyttäjätunniste ei ole %d, onko sudo asennettu setuid root -käyttöoikeuksilla?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "resurssivalvontaraja saavutettu"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "käyttäjä ”%s” ei ole hankkeen ”%s” jäsen"
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "kutsuttu tehtävä on final-tyyppinen"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "ei voitu liittyä hankkeeseen ”%s”"
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "hankkeelle ”%s” ei ole oletusyhteydet hyväksyvää resurssivarantoa"
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "hankkeelle ”%s” ei ole määriteltyä resurssivarantoa"
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "hankkeelle ”%s” ei voitu sitoa oletusresurssivarantoa"
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject hankkeelle ”%s” epäonnistui"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "varoitus, hankkeen ”%s” resurssiohjausosoitus epäonnistui"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "tuntematon kirjautumisluokka %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
-msgstr "ei kyetä asettamaan käyttäjäasiayhteyttä"
+msgstr "käyttäjäasiayhteyden asettaminen epäonnistui"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
-msgstr "ei kyetä asettamaan lisäryhmätunnisteita"
+msgstr "lisäryhmätunnisteiden asettaminen epäonnistui"
-# tämän ymmärrän niin, että käyttäjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi.
-#: src/sudo.c:995
+# tämän ymmärrän niin, että käyttöjärjestelmäydin luo tiedoston ja antaa tälle tavallaan tilapäisen effective gid-tunnisteen, joka vaihdetaan suorittamisen yhteydessä prosessin omistajan suoritettavaksi ryhmätunnisteeksi.
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
-msgstr "ei kyetä asettamaan voimassaolevaa gid-ryhmätunnistetta suoritettavaksi gid-ryhmätunnisteeksi %u"
+msgstr "voimassaolevan gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistui"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
-msgstr "ei kyetä asettamaan gid-ryhmätunnistetta suoritettavaksi gid-ryhmätunnisteeksi %u"
+msgstr "gid-ryhmätunnisteen asettaminen suoritettavaksi gid-ryhmätunnisteeksi %u epäonnistui"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
-msgstr "ei kyetä asettamaan prosessiprioriteettia"
+msgstr "prosessiprioriteetin asettaminen epäonnistui"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
-msgstr "ei kyetä vaihtamaan root-käyttäjää käyttäjäksi %s"
+msgstr "root-käyttäjän vaihtaminen käyttäjäksi %s epäonnistui"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "ei kyetä vaihtamaan suoritettavaksi uid-käyttäjätunnisteeksi (%u, %u)"
# parametrina on CWD- eli Change Working Directory- komennolla palautettava hakemisto
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "ei kyetä vaihtamaan hakemistoksi %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "lapsiprosessin odottamaton päättymisehto: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "menettelytapalisäosa %s ei sisällä ”check_policy”-metodia"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "menettelytapalisäosa %s ei tue luettelointikäyttöoikeuksia"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "menettelytapalisäosa %s ei tue valitsinta -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "menettelytapalisäosa %s ei tue valitsimia -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
-msgstr "ei kyetä vaihtamaan uid-käyttäjätunnistetta root-tunnisteeksi (%u)"
+msgstr "uid-käyttäjätunnisteen vaihtaminen root-tunnisteeksi (%u) epäonnistui"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "lisäosavirhe: puuttuu sudoedit-tiedostoluettelo"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: ei ole tavallinen tiedosto"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: lyhyt kirjoitus"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s jätetty muokkaamattomaksi"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s muuttamaton"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
-msgstr "ei kyetä kirjoittamaan kohteeseen %s"
+msgstr "kohteeseen %s kirjoittaminen epäonnistui"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "muokkausistunnon sisältö jätetty kohteessa %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
-msgstr "ei kyetä lukemaan tilapäistä tiedostoa"
+msgstr "tilapäisen tiedoston lukeminen epäonnistui"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "ei tty:tä käytettävissä eikä salasanan kyselyohjelmaa määriteltynä"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "salasanan kyselyohjelma ei ole määritelty, yritä asettaa SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "ei kyetä asettamaan gid-ryhmätunnisteeksi %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "ei kyetä asettamaan uid-käyttäjätunnisteeksi %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
-msgstr "ei kyetä suorittamaan salasanakyselyä %s"
+msgstr "salasanakyselyn %s suorittaminen epäonnistui"
#: src/utmp.c:278
#, c-format
msgid "unable to save stdin"
-msgstr "ei kyetä tallentamaan vakiosyötettä"
+msgstr "vakiosyötteeseen tallentaminen epäonnistui"
#: src/utmp.c:280
#, c-format
msgid "unable to dup2 stdin"
-msgstr "ei kyetä kutsumaan funktiota dup2 vakiosyötteellä"
+msgstr "funktion dup2 kutsuminen vakiosyötteellä epäonnistui"
#: src/utmp.c:283
#, c-format
msgid "unable to restore stdin"
-msgstr "ei kyetä palauttamaan vakiosyötettä"
+msgstr "vakiosyötteen palauttaminen epäonnistui"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "muistin varaaminen epäonnistui"
+
+#~ msgid ": "
+#~ msgstr ": "
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "sisäinen virhe, emalloc2() -ylivuoto"
# Galician translations for sudo package.
# This file is put in the public domain.
+#
# Fran Dieguez <frandieguez@gnome.org>, 2012.
# Francisco Diéguez <frandieguez@ubuntu.com>, 2012.
+# Leandro Regueiro <leandro.regueiro@gmail.com>, 2012, 2013.
+#
+# Proxecto Trasno - Adaptación do software libre á lingua galega: Se desexas
+# colaborar connosco, podes atopar máis información en <http://www.trasno.net>
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.4b1\n"
+"Project-Id-Version: sudo 1.8.6b4\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-01-06 15:10-0500\n"
-"PO-Revision-Date: 2012-02-07 22:35+0100\n"
-"Last-Translator: Francisco Diéguez <frandieguez@ubuntu.com>\n"
+"POT-Creation-Date: 2012-08-10 13:08-0400\n"
+"PO-Revision-Date: 2013-02-02 13:37+0200\n"
+"Last-Translator: Leandro Regueiro <leandro.regueiro@gmail.com>\n"
"Language-Team: Galician <proxecto@trasno.net>\n"
-"Language: gl_ES\n"
+"Language: gl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=2; plural=(n!=1);\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: common/aix.c:150
+#, c-format
+msgid "unable to open userdb"
+msgstr "non foi posíbel abrir userdb"
+
+#: common/aix.c:153
+#, c-format
+msgid "unable to switch to registry \"%s\" for %s"
+msgstr "non foi posíbel ir ao rexistro «%s» para %s"
+
+#: common/aix.c:170
+#, c-format
+msgid "unable to restore registry"
+msgstr "non foi posíbel restaurar o rexistro"
+
+#: common/alloc.c:82
+msgid "internal error, tried to emalloc(0)"
+msgstr "erro interno: tentou emalloc(0)"
+
+#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
+#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
+#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
+#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
+#, c-format
+msgid "unable to allocate memory"
+msgstr "non foi posíbel asignar memoria"
+
+#: common/alloc.c:99
+msgid "internal error, tried to emalloc2(0)"
+msgstr "erro interno: tentou emalloc2(0)"
+
+#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "erro interno, desbordamento en %s"
+
+#: common/alloc.c:120
+msgid "internal error, tried to ecalloc(0)"
+msgstr "erro interno, tentou ecalloc(0)"
+
+#: common/alloc.c:142
+msgid "internal error, tried to erealloc(0)"
+msgstr "erro interno, tentou erealloc(0)"
+
+#: common/alloc.c:161
+msgid "internal error, tried to erealloc3(0)"
+msgstr "erro interno, tentou erealloc3(0)"
+
+#: common/alloc.c:185
+msgid "internal error, tried to erecalloc(0)"
+msgstr "erro interno, tentou erealloc(0)"
+
+#: common/sudo_conf.c:305
+#, c-format
+msgid "unable to stat %s"
+msgstr "non foi posíbel executar stat en %s"
+
+#: common/sudo_conf.c:308
+#, c-format
+msgid "%s is not a regular file"
+msgstr "%s non é un ficheiro normal"
+
+#: common/sudo_conf.c:311
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr "%s é propiedade de uid %u, pero debería ser %u"
+
+#: common/sudo_conf.c:315
+#, c-format
+msgid "%s is world writable"
+msgstr "%s é escribíbel por todo o mundo"
+
+#: common/sudo_conf.c:318
+#, c-format
+msgid "%s is group writable"
+msgstr "%s é escribíbel polo grupo"
+
+#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#, c-format
+msgid "unable to open %s"
+msgstr "non foi posíbel abrir %s"
+
+#: compat/strsignal.c:47
+msgid "Unknown signal"
+msgstr "Sinal descoñecido"
#: src/error.c:82 src/error.c:86
msgid ": "
msgstr ": "
-#: src/exec.c:133 src/exec_pty.c:604 src/exec_pty.c:936 src/tgetpass.c:227
+#: src/exec.c:113 src/exec_pty.c:674
+#, c-format
+msgid "policy plugin failed session initialization"
+msgstr "produciuse un erro durante a inicialización de sesión do engadido de política"
+
+#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
#, c-format
msgid "unable to fork"
-msgstr "non se pode bifurcar"
+msgstr "non é posíbel realizar fork"
-#: src/exec.c:299
+#: src/exec.c:268
#, c-format
msgid "unable to create sockets"
msgstr "non foi posíbel crear sockets"
-#: src/exec.c:306 src/exec_pty.c:557 src/exec_pty.c:565 src/exec_pty.c:572
-#: src/exec_pty.c:871 src/exec_pty.c:933 src/tgetpass.c:224
+#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
+#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
#, c-format
msgid "unable to create pipe"
msgstr "non foi psosíbel crear tubería"
-#: src/exec.c:373 src/exec_pty.c:1000 src/exec_pty.c:1135
+#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
#, c-format
msgid "select failed"
msgstr "selección fallada"
-#: src/exec.c:458
+#: src/exec.c:467
#, c-format
msgid "unable to restore tty label"
msgstr "non foi posíbel restaurar a etiqueta tty"
-#: src/exec_pty.c:140
+#: src/exec_common.c:69
+#, c-format
+msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
+msgstr "non foi posíbel retirar PRIV_PROC_EXEC desde PRIV_LIMIT"
+
+#: src/exec_pty.c:183
#, c-format
msgid "unable to allocate pty"
msgstr "non foi posíbel asignar pty"
-#: src/exec_pty.c:597
+#: src/exec_pty.c:665
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "non foi posíbel estabelcer a terminal en modo directo"
-#: src/exec_pty.c:914
+#: src/exec_pty.c:1013
#, c-format
msgid "unable to set controlling tty"
msgstr "non foi posíebl estabelecer o controlador tty"
-#: src/exec_pty.c:1008
+#: src/exec_pty.c:1111
#, c-format
msgid "error reading from signal pipe"
msgstr "produciuse un erro ao ler desde a tubería do sinal"
-#: src/exec_pty.c:1027
+#: src/exec_pty.c:1132
#, c-format
msgid "error reading from pipe"
msgstr "produciuse un erro ao ler da tubería"
-#: src/exec_pty.c:1043
+#: src/exec_pty.c:1148
#, c-format
msgid "error reading from socketpair"
msgstr "produciuse un erro ao ler de socketpair"
-#: src/exec_pty.c:1047
+#: src/exec_pty.c:1152
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "tipo de resposta inesperada en canles alternos %d"
-#: src/load_plugins.c:79
+#: src/load_plugins.c:74
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:85
+#: src/load_plugins.c:80
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:95
+#: src/load_plugins.c:90
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s debe ser propiedade do uid %d"
-#: src/load_plugins.c:99
+#: src/load_plugins.c:94
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s só debe ter permisos de escritura polo propietario"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:101
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "non foi posíbel dlopen %s: %s"
-#: src/load_plugins.c:111
+#: src/load_plugins.c:106
#, c-format
msgid "%s: unable to find symbol %s"
msgstr "%s: non é posíbel atopar o símbolo %s"
-#: src/load_plugins.c:117
+#: src/load_plugins.c:112
#, c-format
msgid "%s: unknown policy type %d"
msgstr "%s: tipo de política descoñecida %d"
-#: src/load_plugins.c:121
+#: src/load_plugins.c:116
#, c-format
msgid "%s: incompatible policy major version %d, expected %d"
msgstr "%s: versión maiór %d da política incompatíbel, agardábase %d"
-#: src/load_plugins.c:128
+#: src/load_plugins.c:123
#, c-format
msgid "%s: only a single policy plugin may be loaded"
msgstr "%s: só se pode cargar unha política de engadido"
-#: src/load_plugins.c:146
-#, c-format
-msgid "%s: at least one policy plugin must be specified"
-msgstr "%s: debe ser especificada cando menos unha política de engadido"
-
-#: src/load_plugins.c:151
+#: src/load_plugins.c:200
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "a política do engadido %s non inclúe un método check_policy"
#: src/parse_args.c:351
#, c-format
msgid "you may not specify environment variables in edit mode"
-msgstr "non se deben especificar variábeis de contorno no modo edición"
+msgstr "non se deben especificar variábeis de ambiente no modo edición"
#: src/parse_args.c:359
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "as opcións «-A» e «-S» non se poden empregar conxuntamente"
-#: src/parse_args.c:432 src/sudo.c:482 src/sudo.c:502 src/sudo.c:509
-#: src/sudo.c:519 common/alloc.c:85 common/alloc.c:105 common/alloc.c:123
-#: common/alloc.c:145 common/alloc.c:203 common/alloc.c:217
-#, c-format
-msgid "unable to allocate memory"
-msgstr "non foi posíbel asignar memoria"
-
-#: src/parse_args.c:445
+#: src/parse_args.c:443
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit non se admite nesta plataforma"
-#: src/parse_args.c:518
+#: src/parse_args.c:516
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Só pode especificar unha das opcións -e, -h, -i, -K, -l, -s, -v ou -V"
-#: src/parse_args.c:532
+#: src/parse_args.c:530
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - edita ficheiros como outro usuario\n"
"\n"
-#: src/parse_args.c:534
+#: src/parse_args.c:532
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - executa unha orde como outro usuario\n"
"\n"
-#: src/parse_args.c:539
+#: src/parse_args.c:537
#, c-format
msgid ""
"\n"
"\n"
"Opcións:\n"
-#: src/parse_args.c:542
+#: src/parse_args.c:540
msgid "use helper program for password prompting\n"
msgstr "usar o programa de axuda para a solicitude de contrasinal\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:543
msgid "use specified BSD authentication type\n"
msgstr "usar tipo de autenticación especificado en BSD\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:545
msgid "run command in the background\n"
msgstr "executa unha orde en segundo plano\n"
-#: src/parse_args.c:549
+#: src/parse_args.c:547
msgid "close all file descriptors >= fd\n"
msgstr "pecha todos os descriptores de ficheiro >= td\n"
-#: src/parse_args.c:552
+#: src/parse_args.c:550
msgid "run command with specified login class\n"
msgstr "executa unha orde coa clase especificada de inicio de sesión\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:553
msgid "preserve user environment when executing command\n"
-msgstr "preserva o contorno de usuario ao executar unha orde\n"
+msgstr "conserva o ambiente de usuario ao executar unha orde\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:555
msgid "edit files instead of running a command\n"
msgstr "edita ficheiros no lugar de executar unha orde\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:557
msgid "execute command as the specified group\n"
msgstr "executa unha orde como o grupo especificado\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:559
msgid "set HOME variable to target user's home dir.\n"
msgstr "asigna a variábel HOME ao cartafol de inicio do usuario\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:561
msgid "display help message and exit\n"
msgstr "mostra esta mensaxe de axuda e sae\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:563
msgid "run a login shell as target user\n"
msgstr "executa un intérprete de ordes como un determinado usuario\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:565
msgid "remove timestamp file completely\n"
-msgstr "remove un ficheiro de marca completamente\n"
+msgstr "retira un ficheiro de marca de tempo completamente\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:567
msgid "invalidate timestamp file\n"
msgstr "ficheiro de marca non válido\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:569
msgid "list user's available commands\n"
msgstr "lista de ordes do usuario dispoñíbeis\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:571
msgid "non-interactive mode, will not prompt user\n"
msgstr "modo non interactivo, non se preguntará ao usuario\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:573
msgid "preserve group vector instead of setting to target's\n"
msgstr "preserva o vector de grupos no lugar de estabelecelo ao obxectivo\n"
-#: src/parse_args.c:577
+#: src/parse_args.c:575
msgid "use specified password prompt\n"
msgstr "usa o contrasinal especificado\n"
-#: src/parse_args.c:580 src/parse_args.c:588
+#: src/parse_args.c:578 src/parse_args.c:586
msgid "create SELinux security context with specified role\n"
msgstr "crea un contexto de seguranza SELinux coa regra especificada\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:581
msgid "read password from standard input\n"
msgstr "lee o contrasinal desde a entrada estándar\n"
-#: src/parse_args.c:585
+#: src/parse_args.c:583
msgid "run a shell as target user\n"
msgstr "executa un intérprete de ordes como un determinado usuario\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:589
msgid "when listing, list specified user's privileges\n"
msgstr "cando está na lista, mostra os privilexios do usuario especificado\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:591
msgid "run command (or edit file) as specified user\n"
msgstr "executa unha orde (ou edita un ficheiro) como un usuario específico\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:593
msgid "display version information and exit\n"
msgstr "mostra a información da versión e sae\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:595
msgid "update user's timestamp without running a command\n"
msgstr "actualiza a marca do usuario sen executar unha orde\n"
-#: src/parse_args.c:599
+#: src/parse_args.c:597
msgid "stop processing command line arguments\n"
msgstr "deten o proceso de argumentos da liña de ordes\n"
-#: src/selinux.c:76
+#: src/selinux.c:77
#, c-format
msgid "unable to open audit system"
msgstr "non foi posíbel abrir o sistema de auditoría"
-#: src/selinux.c:84
+#: src/selinux.c:85
#, c-format
msgid "unable to send audit message"
msgstr "non foi posíbel enviar a mensaxe de auditoría"
-#: src/selinux.c:112
+#: src/selinux.c:113
#, c-format
msgid "unable to fgetfilecon %s"
msgstr "non foi posíbel executar fgetfilecon %s"
-#: src/selinux.c:117
+#: src/selinux.c:118
#, c-format
msgid "%s changed labels"
msgstr "%s etiquetas cambiadas"
-#: src/selinux.c:122
+#: src/selinux.c:123
#, c-format
msgid "unable to restore context for %s"
msgstr "non foi posíbel restaurar o contexto para %s"
-#: src/selinux.c:162
+#: src/selinux.c:163
#, c-format
msgid "unable to open %s, not relabeling tty"
msgstr "non foi posíbel abrir %s, non volver a etiquetar tty"
-#: src/selinux.c:171
+#: src/selinux.c:172
#, c-format
msgid "unable to get current tty context, not relabeling tty"
-msgstr "non se pode obter o contexto actual de tty, non volver a etiquetar tty"
+msgstr "non foi posíbel obter o contexto actual de tty, non se volve etiquetar tty"
-#: src/selinux.c:178
+#: src/selinux.c:179
#, c-format
msgid "unable to get new tty context, not relabeling tty"
msgstr "non foi posíbel obter o novo contexto tty, non volver a etiquetar tty"
-#: src/selinux.c:185
+#: src/selinux.c:186
#, c-format
msgid "unable to set new tty context"
msgstr "non foi posíbel estabelecer o novo contexto tty"
-#: src/selinux.c:195 src/selinux.c:208 src/sudo.c:335
-#, c-format
-msgid "unable to open %s"
-msgstr "non foi posíbel abrir %s"
-
-#: src/selinux.c:251
+#: src/selinux.c:252
#, c-format
msgid "you must specify a role for type %s"
msgstr "débese especificar unha regra por tipo %s"
-#: src/selinux.c:257
+#: src/selinux.c:258
#, c-format
msgid "unable to get default type for role %s"
msgstr "non foi posíbel obter o tipo de regra predeterminada %s"
-#: src/selinux.c:275
+#: src/selinux.c:276
#, c-format
msgid "failed to set new role %s"
-msgstr "produciouse un fallo ao estabelecer a nova regra %s"
+msgstr "produciuse un erro ao definir a nova regra %s"
-#: src/selinux.c:279
+#: src/selinux.c:280
#, c-format
msgid "failed to set new type %s"
-msgstr "produciuse un fallo ao estabelecer o novo tipo %s"
+msgstr "produciuse un erro ao definir o novo tipo %s"
-#: src/selinux.c:288
+#: src/selinux.c:289
#, c-format
msgid "%s is not a valid context"
msgstr "%s non é un contexto válido"
-#: src/selinux.c:323
+#: src/selinux.c:324
#, c-format
msgid "failed to get old_context"
-msgstr "produciuse un fallo ao obter old_context"
+msgstr "produciuse un erro ao obter old_context"
-#: src/selinux.c:329
+#: src/selinux.c:330
#, c-format
msgid "unable to determine enforcing mode."
msgstr "non foi posíbel determinar o método de forzado"
-#: src/selinux.c:341
+#: src/selinux.c:342
#, c-format
msgid "unable to setup tty context for %s"
msgstr "non foi posíbel estabelecer o contexto tty para %s"
-#: src/selinux.c:371
+#: src/selinux.c:373
#, c-format
msgid "unable to set exec context to %s"
msgstr "non foi posíbel o contexto de execución a %s"
-#: src/selinux.c:378
+#: src/selinux.c:380
#, c-format
msgid "unable to set key creation context to %s"
msgstr "non foi posíbel estabelecer a chave de creación de contexto a %s"
-#: src/sesh.c:48
+#: src/sesh.c:70
+#, c-format
msgid "requires at least one argument"
msgstr "require cando menos un argumento"
-#: src/sesh.c:64
+#: src/sesh.c:91
#, c-format
msgid "unable to execute %s"
-msgstr "non se pode executar %s"
-
-#: src/sudo.c:198
-#, c-format
-msgid "must be setuid root"
-msgstr "debe ser setuid root"
+msgstr "non é posíbel executar %s"
-#: src/sudo.c:219
+#: src/sudo.c:211
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo versión %s\n"
-#: src/sudo.c:221
+#: src/sudo.c:213
#, c-format
msgid "Configure options: %s\n"
msgstr "Opcións de configuración: %s\n"
-#: src/sudo.c:226
+#: src/sudo.c:218
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "erro fatal, non foi posíbel cargar os engadidos"
-#: src/sudo.c:234
+#: src/sudo.c:226
#, c-format
msgid "unable to initialize policy plugin"
msgstr "non foi posíbel inicializar a normativa do engadido"
-#: src/sudo.c:289
+#: src/sudo.c:281
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "erro ao inicializar os engadidos de E/S %s"
-#: src/sudo.c:310
+#: src/sudo.c:306
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "modo sudo 0x%x non agardado"
-#: src/sudo.c:404
+#: src/sudo.c:400
#, c-format
msgid "unable to get group vector"
msgstr "non é posíbel obter o vector de grupo"
-#: src/sudo.c:478
+#: src/sudo.c:452
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "uid descoñecido %u: quen é vostede?"
-#: src/sudo.c:818
+#: src/sudo.c:782
+#, c-format
+msgid "%s must be owned by uid %d and have the setuid bit set"
+msgstr "%s debe ser propiedade do uid %d e debe ter definido o bit setuid"
+
+#: src/sudo.c:785
+#, c-format
+msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
+msgstr "o uid efectivo non é %d, é %s nun sistema de ficheiros coa opción «nosuid» definida ou nun sistema de ficheiros NFS sen privilexios de root?"
+
+#: src/sudo.c:791
+#, c-format
+msgid "effective uid is not %d, is sudo installed setuid root?"
+msgstr "o uid efectivo non é %d, está sudo instalado con setuid de root?"
+
+#: src/sudo.c:860
#, c-format
msgid "resource control limit has been reached"
msgstr "o límite de control de recursos foi alcanzado"
-#: src/sudo.c:821
+#: src/sudo.c:863
#, c-format
msgid "user \"%s\" is not a member of project \"%s\""
msgstr "o usuario «%s» non é membro do grupo «%s»"
-#: src/sudo.c:825
+#: src/sudo.c:867
#, c-format
msgid "the invoking task is final"
msgstr "a tarefa que invoca é definitiva"
-#: src/sudo.c:828
+#: src/sudo.c:870
#, c-format
msgid "could not join project \"%s\""
-msgstr "non podería unirse ao proxecto «%s»"
+msgstr "non é posíbel unirse ao proxecto «%s»"
-#: src/sudo.c:833
+#: src/sudo.c:875
#, c-format
msgid "no resource pool accepting default bindings exists for project \"%s\""
msgstr "non hai fondo de recursos aceptando as asignacións existentes par ao proxecto «%s»"
-#: src/sudo.c:837
+#: src/sudo.c:879
#, c-format
msgid "specified resource pool does not exist for project \"%s\""
msgstr "o fondo de recursos especificado non existe para o proxecto «%s»"
-#: src/sudo.c:841
+#: src/sudo.c:883
#, c-format
msgid "could not bind to default resource pool for project \"%s\""
-msgstr "non se podería ligar ao fondo de recursos predeterminado para o proxecto «%s»"
+msgstr "non é posíbel ligar ao fondo de recursos predeterminado para o proxecto «%s»"
-#: src/sudo.c:847
+#: src/sudo.c:889
#, c-format
msgid "setproject failed for project \"%s\""
msgstr "configuración do proxecto fallada «%s»"
-#: src/sudo.c:849
+#: src/sudo.c:891
#, c-format
msgid "warning, resource control assignment failed for project \"%s\""
msgstr "aviso, o control de asignación de recuros fallou para o proxecto «%s»"
-#: src/sudo.c:879
-#, c-format
-msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
-msgstr "non foi posíbel eliminar PRIV_PROC_EXEC desde PRIV_LIMIT"
-
-#: src/sudo.c:988
+#: src/sudo.c:959
#, c-format
msgid "unknown login class %s"
msgstr "clase de inicio de sesión descoñecida %s"
-#: src/sudo.c:1004 src/sudo.c:1007
+#: src/sudo.c:973 src/sudo.c:976
#, c-format
msgid "unable to set user context"
msgstr "non foi posíbel estabelecer o contexto do usuario"
-#: src/sudo.c:1022
+#: src/sudo.c:988
+#, c-format
+msgid "unable to set supplementary group IDs"
+msgstr "non foi posíbel estabelecer o grupo suplementario de IDs"
+
+#: src/sudo.c:995
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "non foi posíbel estabelcer o gid efectivo para executar como gid %u"
-#: src/sudo.c:1028
+#: src/sudo.c:1001
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "non foi posíbel estabelcer o gid para executar como gid %u"
-#: src/sudo.c:1036
-#, c-format
-msgid "unable to set supplementary group IDs"
-msgstr "non foi posíbel estabelecer o grupo suplementario de IDs"
-
-#: src/sudo.c:1044
+#: src/sudo.c:1008
#, c-format
msgid "unable to set process priority"
msgstr "non foi posíbel estabelecer a prioridade de proceso"
-#: src/sudo.c:1052
+#: src/sudo.c:1016
#, c-format
msgid "unable to change root to %s"
msgstr "non foi posíbel cambiar de root a %s"
-#: src/sudo.c:1062 src/sudo.c:1068 src/sudo.c:1074
+#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "non foi posíbel cambiar as runas uid (%u, %u)"
-#: src/sudo.c:1088
+#: src/sudo.c:1049
#, c-format
msgid "unable to change directory to %s"
msgstr "non foi posíbel cambiar ao cartafol %s"
-#: src/sudo.c:1158
+#: src/sudo.c:1133
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "terminación de condición filla non agardada: %d"
-#: src/sudo.c:1204
+#: src/sudo.c:1194
#, c-format
msgid "policy plugin %s does not support listing privileges"
-msgstr "a política do engadido %s non admite o listado de privilexios"
+msgstr "a política do engadido %s non admite listar os privilexios"
-#: src/sudo.c:1216
+#: src/sudo.c:1206
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "a política do engadido %s non admite a opción -v"
-#: src/sudo.c:1228
+#: src/sudo.c:1218
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "a normativa do engadido %s non admite as opcións -k/-K"
msgid "unable to read temporary file"
msgstr "non é posíbel ler o ficheiro temporal"
-#: src/tgetpass.c:96
+#: src/tgetpass.c:90
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "sen tty presente e non se especificou un programa askpass"
-#: src/tgetpass.c:105
+#: src/tgetpass.c:99
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "non hai programa askpass especificado, tente estabelecer SUDO_ASKPASS"
-#: src/tgetpass.c:237
+#: src/tgetpass.c:231
#, c-format
msgid "unable to set gid to %u"
msgstr "non foi posíbel estabelecer o gid a %u"
-#: src/tgetpass.c:241
+#: src/tgetpass.c:235
#, c-format
msgid "unable to set uid to %u"
msgstr "non foi posíbel estabelecer o uid a %u"
-#: src/tgetpass.c:246
+#: src/tgetpass.c:240
#, c-format
msgid "unable to run %s"
msgstr "non foi posíbel executar %s"
msgid "unable to restore stdin"
msgstr "non foi posíbel restaurar stdin"
-#: common/aix.c:144
-#, c-format
-msgid "unable to open userdb"
-msgstr "non foi posíbel abrir userdb"
+#~ msgid "%s: at least one policy plugin must be specified"
+#~ msgstr "%s: debe ser especificada cando menos unha política de engadido"
-#: common/aix.c:147
-#, c-format
-msgid "unable to switch to registry \"%s\" for %s"
-msgstr "non foi posíbel cambiar ao rexistro «%s» para %s"
+#~ msgid "must be setuid root"
+#~ msgstr "debe ser setuid root"
-#: common/aix.c:161
-#, c-format
-msgid "unable to restore registry"
-msgstr "non foi posíbel restaurar o rexistro"
-
-#: common/alloc.c:82
-msgid "internal error, tried to emalloc(0)"
-msgstr "erro interno: tentou emalloc(0)"
-
-#: common/alloc.c:99
-msgid "internal error, tried to emalloc2(0)"
-msgstr "erro interno: tentou emalloc2(0)"
-
-#: common/alloc.c:101
-msgid "internal error, emalloc2() overflow"
-msgstr "erro interno: desbordamento en emalloc2(0)"
-
-#: common/alloc.c:119
-msgid "internal error, tried to erealloc(0)"
-msgstr "erro interno: tentou erealloc(0)"
-
-#: common/alloc.c:138
-msgid "internal error, tried to erealloc3(0)"
-msgstr "erro interno: tentou erealloc3(0)"
-
-#: common/alloc.c:140
-msgid "internal error, erealloc3() overflow"
-msgstr "erro interno: desbordamento de erealloc3(0)"
-
-#: compat/strsignal.c:47
-msgid "Unknown signal"
-msgstr "Sinal descoñecido"
+#~ msgid "internal error, erealloc3() overflow"
+#~ msgstr "erro interno: desbordamento de erealloc3(0)"
# Translation of sudo to Croatian.
# This file is put in the public domain.
+# Tomislav Krznar <tomislav.krznar@gmail.com>, 2012, 2013.
#
-# Tomislav Krznar <tomislav.krznar@gmail.com>, 2012.
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 22:54+0200\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-18 15:22+0200\n"
"Last-Translator: Tomislav Krznar <tomislav.krznar@gmail.com>\n"
"Language-Team: Croatian <lokalizacija@linux.hr>\n"
"Language: hr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
-"X-Generator: Lokalize 1.4\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
+"X-Generator: Gtranslator 2.91.6\n"
#: common/aix.c:150
#, c-format
msgid "internal error, tried to emalloc(0)"
msgstr "interna greška, pokušao sam emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ne mogu alocirati memoriju"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "interna greška, pokušao sam emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "interna greška, pokušao sam erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "nepodržani izvor grupe „%s” u %s, redak %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "neispravan maksimalni broj grupa „%s” u %s, redak %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "ne mogu izvršiti stat %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s nije obična datoteka"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "vlasnik %s je uid %u, treba biti %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s ima dozvole za pisanje svih korisnika"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s ima dozvole za pisanje svih grupa"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "ne mogu otvoriti %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Nepoznat signal"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "priključak police nije uspio inicijalizirati sjednicu"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "ne mogu razdvojiti"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "ne mogu napraviti utičnice"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "ne mogu napraviti cjevovod"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "odabir nije uspio"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "ne mogu vratiti tty oznaku"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "ne mogu ukloniti PRIV_PROC_EXEC iz PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "ne mogu alocirati pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "ne mogu napraviti cjevovod"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "ne mogu postaviti terminal u sirovi način"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "ne mogu postaviti kontrolni tty"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "greška čitanja iz cjevovoda signala"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "greška čitanja iz cjevovoda"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "greška čitanja iz para utičnica"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "neočekivana vrsta odgovora na povratnom kanalu: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "greška u %s, redak %d pri učitavanju priključka „%s”"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "vlasnik %s mora biti uid %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "samo vlasnik smije imati dozvole za pisanje %s"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "ne mogu izvršiti dlopen %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "ne mogu pronaći simbol „%s” u %s"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: ne mogu pronaći simbol %s"
+msgid "unknown policy type %d found in %s"
+msgstr "nepoznata vrsta police %d pronađena u %s"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: nepoznata vrsta police %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "nekompatibilna glavna inačica police %d (očekujem %d) pronađena u %s"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: nekompatibilna glavna inačica police %d, očekujem %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "zanemarujem priključak police „%s” u %s, redak %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: može se učitati samo jedan priključak police"
+msgid "only a single policy plugin may be specified"
+msgstr "možete navesti samo jedan priključak police"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "zanemarujem dvostruki priključak police „%s” u %s, redak %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "zanemarujem dvostruki U/I priključak „%s” u %s, redak %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "priključak police %s ne uključuje metodu check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: otkriven preljev"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "ne mogu otvoriti utičnicu"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "argument za -C mora biti broj veći ili jednak 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "nepoznat korisnik: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "ne možete navesti opcije „-i” i „-s” zajedno"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "ne možete navesti opcije „-i” i „-E” zajedno"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "opcija „-E” nije ispravna u načinu uređivanja"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "ne možete navesti varijable okoline u načinu uređivanja"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "opciju „-U” možete koristiti samo uz opciju „-l”"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "ne možete koristiti opcije „-A” i „-S” zajedno"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit nije podržan na ovoj platformi"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Smijete navesti samo jednu od opcija -e, -h, -i, -K, -l, -s, -v i -V "
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - uredi datoteke kao drugi korisnik\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - izvrši naredbu kao drugi korisnik\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Opcije:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "koristi pomoćni program za traženje lozinke\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "koristi navedenu vrstu BSD provjere\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "pokreni naredbu u pozadini\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "zatvori sve opisnike datoteka >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "pokreni naredbu s navedenim razredom prijave\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "očuvaj korisničku okolinu pri izvršavanju naredbe\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "uredi datoteke umjesto pokretanja naredbe\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "izvrši naredbu kao navedena grupa\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "postavi HOME varijablu na početni direktorij odredišnog korisnika.\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "prikaži ovu pomoć i izađi\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "pokreni ljusku prijave kao odredišni korisnik\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "potpuno ukloni datoteku vremenskih oznaka\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "učini datoteku vremenskih oznaka nevažećom\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "ispiši dostupne korisničke naredbe\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "neinteraktivni način, neće ispitivati korisnika\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "očuvaj grupni vektor umjesto postavljanja na odredišni\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "koristi navedeno traženje lozinke\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "stvori SELinux sigurnosni kontekst s navedenom ulogom\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "čitaj lozinku sa standardnog ulaza\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "pokreni ljusku kao odredišni korisnik\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "pri ispisu, ispiši navedene korisničke ovlasti\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "pokreni naredbu (ili uredi datoteku) kao navedeni korisnik\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "prikaži informacije o inačici i izađi\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "ažuriraj korisničku vremensku oznaku bez pokretanja naredbe\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "zaustavi obradu argumenata naredbenog retka\n"
msgid "unable to setup tty context for %s"
msgstr "ne mogu postaviti tty kontekst za %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "ne mogu postaviti izvršni kontekst u %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "ne mogu postaviti kontekst stvaranja ključa u %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "zahtijeva barem jedan argument"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "ne mogu izvršiti %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "dosegnuta je granica upravljanja resursima"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "korisnik „%s” nije član projekta „%s”"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "pozivanje zadatka je konačno"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "ne mogu pridružiti projektu „%s”"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "ne postoji skladište resursa koje prihvaća zadane poveznice za projekt „%s”"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "ne postoji navedeno skladište resursa za projekt „%s”"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "ne mogu povezati na zadano skladište resursa za projekt „%s”"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject nije uspio za projekt „%s”"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "upozorenje, zadatak upravljanja resursima nije uspio za projekt „%s”"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo inačica %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Konfiguracijske opcije: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
-msgstr "fatalna greška, ne mogu učitati priključke"
+msgstr "kobna greška, ne mogu učitati priključke"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "ne mogu inicijalizirati priključak police"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "greška inicijalizacije U/I priključka %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "neočekivani sudo mod 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "ne mogu dohvatiti grupni vektor"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "nepoznat uid %u: tko ste vi?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "vlasnik %s mora biti uid %d i mora imati postavljen setuid bit"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "efektivni uid nije %d, je li %s na datotečnom sustavu s postavljenom opcijom „nosuid” ili NFS datotečnom sustavu bez administratorskih ovlasti?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "efektivni uid nije %d, je li sudo instaliran uz setuid root?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "dosegnuta je granica upravljanja resursima"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "korisnik „%s” nije član projekta „%s”"
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "pozivanje zadatka je konačno"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "ne mogu pridružiti projektu „%s”"
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "ne postoji skladište resursa koje prihvaća zadane poveznice za projekt „%s”"
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "ne postoji navedeno skladište resursa za projekt „%s”"
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "ne mogu povezati na zadano skladište resursa za projekt „%s”"
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject nije uspio za projekt „%s”"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "upozorenje, zadatak upravljanja resursima nije uspio za projekt „%s”"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "nepoznat razred prijave %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "ne mogu postaviti korisnički kontekst"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "ne mogu postaviti dopunske grupne identifikatore"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "ne mogu postaviti efektivni gid u runas gid %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "ne mogu postaviti gid u runas (pokreni kao) gid %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "ne mogu postaviti prioritet procesa"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "ne mogu promijeniti korijen u %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "ne mogu promijeniti u runas (pokreni kao) uid (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "ne mogu promijeniti direktorij u %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "neočekivani uvjet završavanja djeteta: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "priključak police %s nema metodu „check_policy”"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "priključak police %s ne podržava ispis ovlasti"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "priključak police %s ne podržava opciju -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "priključak police %s ne podržava opcije -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "ne mogu promijeniti uid u root (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "greška priključka: nedostaje popis datoteka za sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: nije obična datoteka"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: kratko pisanje"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s nepromijenjen"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s nepromijenjen"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "ne mogu pisati u %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "sadržaj uređivanja ostavljen u %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "ne mogu čitati privremenu datoteku"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "nije prisutan tty i nije naveden program za traženje lozinke"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "nije naveden program za traženje lozinke, pokušajte postaviti SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "ne mogu postaviti gid u %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "ne mogu postaviti uid u %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "ne mogu pokrenuti %s"
msgid "unable to restore stdin"
msgstr "ne mogu vratiti stdin"
+#~ msgid "unable to allocate memory"
+#~ msgstr "ne mogu alocirati memoriju"
+
+#~ msgid ": "
+#~ msgstr ": "
+
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "interna greška, emalloc2() preljev"
# Italian translations for sudo package
-# Copyright (c) 2011, 2012 The Free Software Foundation
-# This file is distributed under the same license as the sudo package.
-# Milo Casagrande <milo@casagrande.name>, 2011, 2012.
+# This file is put in the public domain.
+# Milo Casagrande <milo@milo.name>, 2011, 2012, 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo-1.8.6b4\n"
+"Project-Id-Version: sudo-1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 21:25+0200\n"
-"Last-Translator: Milo Casagrande <milo@casagrande.name>\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-16 21:40+0200\n"
+"Last-Translator: Milo Casagrande <milo@milo.name>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
"Language: it\n"
"MIME-Version: 1.0\n"
msgid "internal error, tried to emalloc(0)"
msgstr "errore interno, tentativo di chiamare emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "impossibile allocare la memoria"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "errore interno, tentativo di chiamare emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "errore interno, tentativo di chiamare erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "gruppo sorgente \"%s\" non supportato in %s, riga %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "gruppi massimi \"%s\" non validi in %s, riga %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "impossibile eseguire stat su %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s non è un file regolare"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s è di proprietà dello uid %u, dovrebbe essere di %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s è scrivibile da tutti"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s è scrivibile dal gruppo"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "impossibile aprire %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Segnale sconosciuto"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "inizializzazione della sessione non riuscita da parte del plugin della politica"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "impossibile eseguire fork"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "impossibile creare socket"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "impossibile creare una pipe"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "select non riuscita"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "impossibile ripristinare l'etichetta tty"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "impossibile rimuovere PRIV_PROC_EXEC da PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "impossibile allocare pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "impossibile creare una pipe"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "impossibile impostare il terminale in modalità raw"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "impossibile impostare il tty di controllo"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "errore nel leggere dalla pipe di segnale"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "errore nel leggere dalla pipe"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "errore nel leggere dal socketpair"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "tipologia di risposta inattesa sul backchannel: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "errore in %s, riga %d, durante il caricamento del plugin \"%s\""
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s deve essere di proprietà dello uid %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s deve essere scrivibile solo dal proprietario"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "impossibile eseguire dlopen su %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "impossibile trovare il simbolo \"%s\" in %s"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: impossibile trovare il simbolo %s"
+msgid "unknown policy type %d found in %s"
+msgstr "politica di tipo %d sconosciuta trovata in %s"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: politica di tipo %d sconosciuta"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "numero principale di versione del plugin %d non compatibile (atteso %d) trovato in %s"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: numero principale di versione %d non compatibile, atteso %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "viene ignorato il plugin di politica \"%s\" in %s, riga %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: solo un plugin di politica può essere caricato"
+msgid "only a single policy plugin may be specified"
+msgstr "solo un plugin di politica può essere specificato"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "viene ignorato il plugin di politica duplicato \"%s\" in %s, riga %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "viene ignorato il plugin di I/O duplicato \"%s\" in %s, riga %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "il plugin di politica %s non include un metodo check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: rilevato overflow"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "impossibile aprire socket"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "l'argomento di -C deve essere un numero maggiore o uguale a 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "utente sconosciuto: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "non è possibile specificare entrambe le opzioni \"-i\" e \"-s\""
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "non è possibile specificare entrambe le opzioni \"-i\" ed \"-E\""
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "l'opzione \"-E\" non è valida in modalità di modifica"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "non è possibile specificare variabili d'ambiente in modalità di modifica"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "l'opzione \"-U\" può essere usata solo con l'opzione \"-l\""
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "non è possibile usare assieme le opzioni \"-A\" e \"-S\""
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit non è supportato su questa piattaforma"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Solo una delle opzioni -e, -h, -i, -K, -l, -s, -v o -V può essere specificata"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - modifica file come un altro utente\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - esegue un comando come un altro utente\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Opzioni:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "Utilizza un programma d'aiuto per richiedere la password\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "Utilizza la tipologia di autenticazione BSD specificata\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "Esegue il comando in background\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "Chiude tutti i descrittori di file >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "Esegue il comando con la classe di accesso specificata\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "Mantiene l'ambiente dell'utente quando viene eseguito il comando\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "Modifica i file invece di eseguire un comando\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "Esegue il comando come il gruppo specificato\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "Imposta la variabile HOME alla directory dell'utente finale\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "Visualizza il messaggio di aiuto ed esce\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "Esegue una shell di login come l'utente finale\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "Rimuove completamente il file temporale\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "Invalida il file temporale\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "Elenca i comandi utente disponibili\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "Modalità non interattiva, non richiede nulla all'utente\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "Mantiene il vettore di gruppo invece di impostarlo a quello dell'obiettivo\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "Utilizza la richiesta della password specificata\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "Crea il contesto di sicurezza SELinux con il ruolo specificato\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "Legge la password dallo standard input\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "Esegue una shell come l'utente finale\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "Durante l'elencazione, visualizza i privilegi dell'utente specificato\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "Esegue un comando (o modifica un file) come l'utente specificato\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "Visualizza le informazioni sulla versione ed esce\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "Aggiorna il timestamp dell'utente senza eseguire un comando\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "Ferma l'elaborazione degli argomenti a riga di comando\n"
msgid "unable to setup tty context for %s"
msgstr "impossibile impostare il contesto tty per %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "impossibile impostare il contesto exec a %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "impossibile impostare il contesto di creazione della chiave a %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "richiede almeno un argomento"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "impossibile eseguire %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "raggiunto il limite di controllo delle risorse"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "l'utente \"%s\" non fa parte del progetto \"%s\""
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "il task chiamante è definitivo"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "impossibile unirsi al progetto \"%s\""
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "non esiste alcun pool di risorse per il progetto \"%s\" che accetti binding predefiniti"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "il pool di risorse specificato non esiste per il progetto \"%s\""
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "impossibile unirsi al pool di risorse predefinito per il progetto \"%s\""
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject per il progetto \"%s\" non riuscita"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Versione di sudo: %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Opzioni di configurazione: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "errore irreversibile, impossibile caricare i plugin"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "impossibile inizializzare il plugin delle politiche"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "errore nell'inizializzare il plugin di I/O %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "modalità 0x%x di sudo non attesa"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "impossibile ottenere il vettore di gruppo"
# (ndt) mah... andrebbe resa meglio...
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "uid %u sconosciuto: identificarsi."
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s deve essere di proprietà dello uid %d e avere il bit setuid impostato"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "lo uid effettivo non è %d. %s si trova su un file system con l'opzione \"nosuid\" impostata o su un file system NFS senza privilegi di root?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "lo uid effettivo non è %d. Il programma sudo è installato con setuid root?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "raggiunto il limite di controllo delle risorse"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "l'utente \"%s\" non fa parte del progetto \"%s\""
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "il task chiamante è definitivo"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "impossibile unirsi al progetto \"%s\""
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "non esiste alcun pool di risorse per il progetto \"%s\" che accetti binding predefiniti"
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "il pool di risorse specificato non esiste per il progetto \"%s\""
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "impossibile unirsi al pool di risorse predefinito per il progetto \"%s\""
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject per il progetto \"%s\" non riuscita"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "attenzione, assegnazione della risorsa di controllo per il progetto \"%s\" non riuscita"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "classe di accesso %s sconosciuta"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "impossibile impostare il contesto utente"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "impossibile impostare ID di gruppo supplementari"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "impossibile impostare il gid effettivo per eseguire come %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "impossibile impostare il gid per eseguire come gid %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "impossibile impostare la priorità del processo"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "impossibile modificare root a %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "impossibile passare a un diverso uid (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "impossibile passare alla directory %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "condizione di uscita del figlio inattesa: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "il plugin di politica %s non include un metodo \"check_policy\""
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "il plugin di politica %s non supporta l'elencazione dei privilegi"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "il plugin di politica %s non supporta l'opzione -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "il plguind di politica %s non supporta le opzioni -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "impossibile modificare lo uid a root (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "errore di plugin: elenco file mancante per sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: non è un file regolare"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: scrittura breve"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s lasciato non modificato"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s non modificato"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "impossibile scrivere su %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "contenuto della sessione di modifica tralasciato in %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "impossibile leggere il file temporaneo"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "nessun tty presente e nessun programma di richiesta password specificato"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "nessun programma di richiesta password specificato, impostare SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "impossibile impostare lo gid a %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "impossibile impostare lo uid a %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "impossibile eseguire %s"
msgid "unable to restore stdin"
msgstr "impossibile ripristinare lo stdin"
+#~ msgid "unable to allocate memory"
+#~ msgstr "impossibile allocare la memoria"
+
+#~ msgid ": "
+#~ msgstr ": "
+
#~ msgid "%s: at least one policy plugin must be specified"
#~ msgstr "%s: almeno un plugin di politica deve essere specificato"
--- /dev/null
+# Dutch translation for sudo.
+# Copyright (C) 2013 P. Hamming
+# This file is distributed under the same license as the sudo package.
+# P. Hamming <peterhamming@gmail.com>, 2013
+msgid ""
+msgstr ""
+"Project-Id-Version: sudo 1.8.6b4\n"
+"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
+"POT-Creation-Date: 2012-08-10 13:08-0400\n"
+"PO-Revision-Date: 2013-03-23 00:30+0100\n"
+"Last-Translator: P. Hamming <peterhamming@gmail.com>\n"
+"Language-Team: Dutch <vertaling@vrijschrift.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: common/aix.c:150
+#, c-format
+msgid "unable to open userdb"
+msgstr "kan userdb niet openen"
+
+#: common/aix.c:153
+#, c-format
+msgid "unable to switch to registry \"%s\" for %s"
+msgstr "kan niet wijzigen naar register \"%s\" voor %s"
+
+#: common/aix.c:170
+#, c-format
+msgid "unable to restore registry"
+msgstr "kan register niet herstellen"
+
+#: common/alloc.c:82
+msgid "internal error, tried to emalloc(0)"
+msgstr "interne fout, probeerde emalloc(0)"
+
+#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
+#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
+#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
+#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
+#, c-format
+msgid "unable to allocate memory"
+msgstr "kan geen geheugen reserveren"
+
+#: common/alloc.c:99
+msgid "internal error, tried to emalloc2(0)"
+msgstr "interne fout, probeerde emalloc2(0)"
+
+#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "interne fout, %s overloop"
+
+#: common/alloc.c:120
+msgid "internal error, tried to ecalloc(0)"
+msgstr "interne fout, probeerde ecalloc(0)"
+
+#: common/alloc.c:142
+msgid "internal error, tried to erealloc(0)"
+msgstr "interne fout, probeerde erealloc(0)"
+
+#: common/alloc.c:161
+msgid "internal error, tried to erealloc3(0)"
+msgstr "interne fout, probeerde erealloc3(0)"
+
+#: common/alloc.c:185
+msgid "internal error, tried to erecalloc(0)"
+msgstr "interne fout, probeerde erecalloc(0)"
+
+#: common/sudo_conf.c:305
+#, c-format
+msgid "unable to stat %s"
+msgstr "kan status niet opvragen van %s"
+
+#: common/sudo_conf.c:308
+#, c-format
+msgid "%s is not a regular file"
+msgstr "%s geen regulier bestand"
+
+#: common/sudo_conf.c:311
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr "%s is eigendom van %u, moet gebruikersnummer %u zijn"
+
+#: common/sudo_conf.c:315
+#, c-format
+msgid "%s is world writable"
+msgstr "%s kan door iedereen worden geschreven"
+
+#: common/sudo_conf.c:318
+#, c-format
+msgid "%s is group writable"
+msgstr "%s kan door groep worden geschreven"
+
+#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#, c-format
+msgid "unable to open %s"
+msgstr "kan %s niet openen"
+
+#: compat/strsignal.c:47
+msgid "Unknown signal"
+msgstr "Onbekend signaal"
+
+#: src/error.c:82 src/error.c:86
+msgid ": "
+msgstr ": "
+
+#: src/exec.c:113 src/exec_pty.c:674
+#, c-format
+msgid "policy plugin failed session initialization"
+msgstr "beleidsplugin kon sessie niet initialiseren"
+
+#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#, c-format
+msgid "unable to fork"
+msgstr "kan geen nieuw proces starten"
+
+#: src/exec.c:268
+#, c-format
+msgid "unable to create sockets"
+msgstr "kan geen sockets maken"
+
+#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
+#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
+#, c-format
+msgid "unable to create pipe"
+msgstr "kan geen pijp maken"
+
+#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#, c-format
+msgid "select failed"
+msgstr "selecteren mislukt"
+
+#: src/exec.c:467
+#, c-format
+msgid "unable to restore tty label"
+msgstr "kan terminallabel niet herstellen"
+
+#: src/exec_common.c:69
+#, c-format
+msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
+msgstr "kan PRIV_PROC_EXEC niet verwijderen van PRIV_LIMIT"
+
+#: src/exec_pty.c:183
+#, c-format
+msgid "unable to allocate pty"
+msgstr "kan geen virtuele terminal reserveren"
+
+#: src/exec_pty.c:665
+#, c-format
+msgid "unable to set terminal to raw mode"
+msgstr "kan de terminal niet op de raw-modus instellen"
+
+#: src/exec_pty.c:1013
+#, c-format
+msgid "unable to set controlling tty"
+msgstr "kan geen controlerende terminal instellen"
+
+#: src/exec_pty.c:1111
+#, c-format
+msgid "error reading from signal pipe"
+msgstr "fout met het lezen van signaalpijp"
+
+#: src/exec_pty.c:1132
+#, c-format
+msgid "error reading from pipe"
+msgstr "fout met lezen van pijp"
+
+#: src/exec_pty.c:1148
+#, c-format
+msgid "error reading from socketpair"
+msgstr "fout met lezen van socketpaar"
+
+#: src/exec_pty.c:1152
+#, c-format
+msgid "unexpected reply type on backchannel: %d"
+msgstr "onverwachte soort beantwoording van het achterkanaal: %d"
+
+#: src/load_plugins.c:74
+#, c-format
+msgid "%s: %s"
+msgstr "%s: %s"
+
+#: src/load_plugins.c:80
+#, c-format
+msgid "%s%s: %s"
+msgstr "%s%s: %s"
+
+#: src/load_plugins.c:90
+#, c-format
+msgid "%s must be owned by uid %d"
+msgstr "eigenaar van %s moet uid %d zijn"
+
+#: src/load_plugins.c:94
+#, c-format
+msgid "%s must be only be writable by owner"
+msgstr "%s mag alleen schrijfbaar zijn voor de eigenaar"
+
+#: src/load_plugins.c:101
+#, c-format
+msgid "unable to dlopen %s: %s"
+msgstr "dlopen %s is niet mogelijk: %s"
+
+#: src/load_plugins.c:106
+#, c-format
+msgid "%s: unable to find symbol %s"
+msgstr "%s: kan symbool %s niet vinden"
+
+#: src/load_plugins.c:112
+#, c-format
+msgid "%s: unknown policy type %d"
+msgstr "%s: onbekende beleidssoort %d"
+
+#: src/load_plugins.c:116
+#, c-format
+msgid "%s: incompatible policy major version %d, expected %d"
+msgstr "%s: niet-compatibel hoofdbeleidsversie %d, verwachtte %d"
+
+#: src/load_plugins.c:123
+#, c-format
+msgid "%s: only a single policy plugin may be loaded"
+msgstr "%s: slechts een beleidsplug-in mag geladen worden"
+
+#: src/load_plugins.c:200
+#, c-format
+msgid "policy plugin %s does not include a check_policy method"
+msgstr "beleidsplug-in %s heeft geen check_policy methode"
+
+#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
+#: src/net_ifs.c:298 src/net_ifs.c:322
+#, c-format
+msgid "load_interfaces: overflow detected"
+msgstr "load_interfaces: overloop gevonden"
+
+#: src/net_ifs.c:227
+#, c-format
+msgid "unable to open socket"
+msgstr "kan geen socket openen"
+
+#: src/parse_args.c:187
+#, c-format
+msgid "the argument to -C must be a number greater than or equal to 3"
+msgstr "het argument van -C moet een getal zijn dat groter dan of gelijk aan 3 is"
+
+#: src/parse_args.c:276
+#, c-format
+msgid "unknown user: %s"
+msgstr "onbekende gebruiker: %s"
+
+#: src/parse_args.c:335
+#, c-format
+msgid "you may not specify both the `-i' and `-s' options"
+msgstr "u mag de opties '-i' en '-s' niet tegelijk opgeven"
+
+#: src/parse_args.c:339
+#, c-format
+msgid "you may not specify both the `-i' and `-E' options"
+msgstr "u mag de opties '-i' en '-E' niet tegelijk opgeven"
+
+#: src/parse_args.c:349
+#, c-format
+msgid "the `-E' option is not valid in edit mode"
+msgstr "optie '-E' is niet geldig in bewerkingsmodus"
+
+#: src/parse_args.c:351
+#, c-format
+msgid "you may not specify environment variables in edit mode"
+msgstr "u mag geen omgevingsvariabelen opgeven in de bewerkingsmodus"
+
+#: src/parse_args.c:359
+#, c-format
+msgid "the `-U' option may only be used with the `-l' option"
+msgstr "optie '-U' mag alleen worden gebruikt samen met optie '-l'"
+
+#: src/parse_args.c:363
+#, c-format
+msgid "the `-A' and `-S' options may not be used together"
+msgstr "de opties '-A' en '-S' mogen niet tegelijk worden gebruikt"
+
+#: src/parse_args.c:443
+#, c-format
+msgid "sudoedit is not supported on this platform"
+msgstr "sudoedit wordt niet ondersteund op dit platform"
+
+#: src/parse_args.c:516
+#, c-format
+msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
+msgstr "Slechts een van de volgende opties mag worden gebruikt: -e, -h, -i, -K, -l, -s, -v of -V"
+
+#: src/parse_args.c:530
+#, c-format
+msgid ""
+"%s - edit files as another user\n"
+"\n"
+msgstr ""
+"%s - bewerk bestanden als een andere gebruiker\n"
+"\n"
+
+#: src/parse_args.c:532
+#, c-format
+msgid ""
+"%s - execute a command as another user\n"
+"\n"
+msgstr ""
+"%s - voer een opdracht uit als een andere gebruiker\n"
+"\n"
+
+#: src/parse_args.c:537
+#, c-format
+msgid ""
+"\n"
+"Options:\n"
+msgstr ""
+"\n"
+"Opties:\n"
+
+#: src/parse_args.c:540
+msgid "use helper program for password prompting\n"
+msgstr "gebruik een hulpprogramma voor het vragen van wachtwoord\n"
+
+#: src/parse_args.c:543
+msgid "use specified BSD authentication type\n"
+msgstr "gebruik opgegeven BSD-verificatietype\n"
+
+#: src/parse_args.c:545
+msgid "run command in the background\n"
+msgstr "voer opdracht op de achtergrond uit\n"
+
+#: src/parse_args.c:547
+msgid "close all file descriptors >= fd\n"
+msgstr "sluit alle file descriptors >= fd\n"
+
+#: src/parse_args.c:550
+msgid "run command with specified login class\n"
+msgstr "voer opdracht uit met gespecificeerde inlogklasse\n"
+
+#: src/parse_args.c:553
+msgid "preserve user environment when executing command\n"
+msgstr "behoud gebruikersomgeving bij uitvoeren van opdracht\n"
+
+#: src/parse_args.c:555
+msgid "edit files instead of running a command\n"
+msgstr "bewerk bestanden in plaats van uitvoeren van een opdracht\n"
+
+#: src/parse_args.c:557
+msgid "execute command as the specified group\n"
+msgstr "voer opdracht uit als de opgegeven groep\n"
+
+#: src/parse_args.c:559
+msgid "set HOME variable to target user's home dir.\n"
+msgstr "stel HOME variabele in om naar persoonlijke map van gebruiker te verwijzen.\n"
+
+#: src/parse_args.c:561
+msgid "display help message and exit\n"
+msgstr "hulptekst tonen en stoppen\n"
+
+#: src/parse_args.c:563
+msgid "run a login shell as target user\n"
+msgstr "voer een inlogshell uit als beoogd gebruiker\n"
+
+#: src/parse_args.c:565
+msgid "remove timestamp file completely\n"
+msgstr "verwijder tijdbestand volledig\n"
+
+#: src/parse_args.c:567
+msgid "invalidate timestamp file\n"
+msgstr "maak tijdbestand ongeldig\n"
+
+#: src/parse_args.c:569
+msgid "list user's available commands\n"
+msgstr "geef voor gebruiker beschikbare opdrachten weer\n"
+
+#: src/parse_args.c:571
+msgid "non-interactive mode, will not prompt user\n"
+msgstr "niet-interactieve modus, geen vragen aan gebruiker\n"
+
+#: src/parse_args.c:573
+msgid "preserve group vector instead of setting to target's\n"
+msgstr "behoud groepsvector in plaats van die van het doel in te stellen\n"
+
+#: src/parse_args.c:575
+msgid "use specified password prompt\n"
+msgstr "gebruik gespecifeerde wachtwoordvraag\n"
+
+#: src/parse_args.c:578 src/parse_args.c:586
+msgid "create SELinux security context with specified role\n"
+msgstr "maak SELinux beveiligingscontext met gespecificeerde rol aan\n"
+
+#: src/parse_args.c:581
+msgid "read password from standard input\n"
+msgstr "lees wachtwoord van standaardinvoer\n"
+
+#: src/parse_args.c:583
+msgid "run a shell as target user\n"
+msgstr "voer een shell uit als doel-gebruiker\n"
+
+#: src/parse_args.c:589
+msgid "when listing, list specified user's privileges\n"
+msgstr "bij listing, toon privileges van gespecificeerde gebruiker\n"
+
+#: src/parse_args.c:591
+msgid "run command (or edit file) as specified user\n"
+msgstr "voer opdracht uit (of bewerk bestand) als gespecificeerde gebruiker\n"
+
+#: src/parse_args.c:593
+msgid "display version information and exit\n"
+msgstr "versie-informatie tonen en stoppen\n"
+
+#: src/parse_args.c:595
+msgid "update user's timestamp without running a command\n"
+msgstr "werk tijd van gebruiker bij zonder opdracht uit te voeren\n"
+
+#: src/parse_args.c:597
+msgid "stop processing command line arguments\n"
+msgstr "stop verwerken opdrachtregelargumenten\n"
+
+#: src/selinux.c:77
+#, c-format
+msgid "unable to open audit system"
+msgstr "kan audit-systeem niet openen"
+
+#: src/selinux.c:85
+#, c-format
+msgid "unable to send audit message"
+msgstr "kan audit-melding niet verzenden"
+
+#: src/selinux.c:113
+#, c-format
+msgid "unable to fgetfilecon %s"
+msgstr "fgetfilecon %s mislukt"
+
+#: src/selinux.c:118
+#, c-format
+msgid "%s changed labels"
+msgstr "%s gewijzigde labels"
+
+#: src/selinux.c:123
+#, c-format
+msgid "unable to restore context for %s"
+msgstr "kan context voor %s niet herstellen"
+
+#: src/selinux.c:163
+#, c-format
+msgid "unable to open %s, not relabeling tty"
+msgstr "kan %s niet openen, terminaltitel wordt niet opnieuw ingesteld"
+
+#: src/selinux.c:172
+#, c-format
+msgid "unable to get current tty context, not relabeling tty"
+msgstr "kan huidige terminalcontext niet verkrijgen, terminaltitel wordt niet opniew ingesteld"
+
+#: src/selinux.c:179
+#, c-format
+msgid "unable to get new tty context, not relabeling tty"
+msgstr "kan geen nieuwe terminalcontext verkrijgen, terminaltitel wordt niet opnieuw ingesteld"
+
+#: src/selinux.c:186
+#, c-format
+msgid "unable to set new tty context"
+msgstr "kan nieuwe terminalcontext niet instellen"
+
+#: src/selinux.c:252
+#, c-format
+msgid "you must specify a role for type %s"
+msgstr "u moet een rol kiezen voor type %s"
+
+#: src/selinux.c:258
+#, c-format
+msgid "unable to get default type for role %s"
+msgstr "kan standaard-type niet verkrijgen voor rol %s"
+
+#: src/selinux.c:276
+#, c-format
+msgid "failed to set new role %s"
+msgstr "instellen van nieuwe rol %s mislukt"
+
+#: src/selinux.c:280
+#, c-format
+msgid "failed to set new type %s"
+msgstr "instellen van nieuw type %s mislukt"
+
+#: src/selinux.c:289
+#, c-format
+msgid "%s is not a valid context"
+msgstr "%s is geen geldige context"
+
+#: src/selinux.c:324
+#, c-format
+msgid "failed to get old_context"
+msgstr "verkrijgen old_context mislukt"
+
+#: src/selinux.c:330
+#, c-format
+msgid "unable to determine enforcing mode."
+msgstr "kan afdwingende modus niet vinden."
+
+#: src/selinux.c:342
+#, c-format
+msgid "unable to setup tty context for %s"
+msgstr "kan terminalcontext niet instellen voor %s"
+
+#: src/selinux.c:373
+#, c-format
+msgid "unable to set exec context to %s"
+msgstr "kan uitvoeringscontext niet instellen op %s"
+
+#: src/selinux.c:380
+#, c-format
+msgid "unable to set key creation context to %s"
+msgstr "kan context voor aanmaak van sleutels niet instellen op %s"
+
+#: src/sesh.c:70
+#, c-format
+msgid "requires at least one argument"
+msgstr "tenminste één argument vereist"
+
+#: src/sesh.c:91
+#, c-format
+msgid "unable to execute %s"
+msgstr "kan %s niet uitvoeren"
+
+#: src/sudo.c:211
+#, c-format
+msgid "Sudo version %s\n"
+msgstr "Sudo versie %s\n"
+
+#: src/sudo.c:213
+#, c-format
+msgid "Configure options: %s\n"
+msgstr "Configuratieopties: %s\n"
+
+#: src/sudo.c:218
+#, c-format
+msgid "fatal error, unable to load plugins"
+msgstr "fatale fout, kan geen plug-ins laden"
+
+#: src/sudo.c:226
+#, c-format
+msgid "unable to initialize policy plugin"
+msgstr "kan beleidsplug-in niet instellen"
+
+#: src/sudo.c:281
+#, c-format
+msgid "error initializing I/O plugin %s"
+msgstr "fout bij initialiseren-I/O plug-in %s"
+
+#: src/sudo.c:306
+#, c-format
+msgid "unexpected sudo mode 0x%x"
+msgstr "onverwachte sudo modus 0x%x"
+
+#: src/sudo.c:400
+#, c-format
+msgid "unable to get group vector"
+msgstr "kan groepsvector niet verkrijgen"
+
+#: src/sudo.c:452
+#, c-format
+msgid "unknown uid %u: who are you?"
+msgstr "onbekende uid %u: wie bent u?"
+
+#: src/sudo.c:782
+#, c-format
+msgid "%s must be owned by uid %d and have the setuid bit set"
+msgstr "eigenaar van %s moet gebruikersnummer %d zijn en de setuid bit ingesteld"
+
+#: src/sudo.c:785
+#, c-format
+msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
+msgstr "gebruikt gebruikersnummer is niet %d, is %s op een bestandssysteem met de 'nosuid' optie ingesteld of een NFS bestandssysteem zonder rootrechten?"
+
+#: src/sudo.c:791
+#, c-format
+msgid "effective uid is not %d, is sudo installed setuid root?"
+msgstr "gebruikt gebruikersnummer is niet %d, is sudo geinstalleerd met setuid root?"
+
+#: src/sudo.c:860
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "hulpbroncontrolelimiet is bereikt"
+
+#: src/sudo.c:863
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "gebruiker \"%s\" is geen lid van project \"%s\""
+
+#: src/sudo.c:867
+#, c-format
+msgid "the invoking task is final"
+msgstr "de aanroepende taak is klaar"
+
+#: src/sudo.c:870
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "kan project \"%s\" niet samenvoegen"
+
+#: src/sudo.c:875
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "er bestaat geen hulpbronnengroep voor project \"%s\" die de standaardbindingen accepteert"
+
+#: src/sudo.c:879
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "er bestaat geen hulpbronnengroep voor project \"%s\" die de standaardbindingen accepteert"
+
+#: src/sudo.c:883
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "kan niet verbinden met standaard hulpbronnen voor project \"%s\""
+
+#: src/sudo.c:889
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject mislukt voor project \"%s\""
+
+#: src/sudo.c:891
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "waarschuwing, hulpbrontoewijzingscontrole mislukt voor project \"%s\""
+
+#: src/sudo.c:959
+#, c-format
+msgid "unknown login class %s"
+msgstr "onbekende inlog-klasse %s"
+
+#: src/sudo.c:973 src/sudo.c:976
+#, c-format
+msgid "unable to set user context"
+msgstr "kan gebruikerscontext niet instellen"
+
+#: src/sudo.c:988
+#, c-format
+msgid "unable to set supplementary group IDs"
+msgstr "kan aanvullende groeps-ID's niet instellen"
+
+#: src/sudo.c:995
+#, c-format
+msgid "unable to set effective gid to runas gid %u"
+msgstr "kan effectieve gid niet instellen op runas-gid %u"
+
+#: src/sudo.c:1001
+#, c-format
+msgid "unable to set gid to runas gid %u"
+msgstr "kan gid niet instellen op runas-gid %u"
+
+#: src/sudo.c:1008
+#, c-format
+msgid "unable to set process priority"
+msgstr "kan taakprioriteit niet instellen"
+
+#: src/sudo.c:1016
+#, c-format
+msgid "unable to change root to %s"
+msgstr "kan root niet wijzigen naar %s"
+
+#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#, c-format
+msgid "unable to change to runas uid (%u, %u)"
+msgstr "kan niet wijzigen naar runas uid (%u, %u)"
+
+#: src/sudo.c:1049
+#, c-format
+msgid "unable to change directory to %s"
+msgstr "kan map niet wijzigen naar %s"
+
+#: src/sudo.c:1133
+#, c-format
+msgid "unexpected child termination condition: %d"
+msgstr "onverwachte dochter-afsluitvoorwaarde: %d"
+
+#: src/sudo.c:1194
+#, c-format
+msgid "policy plugin %s does not support listing privileges"
+msgstr "beleidsplug-in %s ondersteunt niet het tonen van privileges"
+
+#: src/sudo.c:1206
+#, c-format
+msgid "policy plugin %s does not support the -v option"
+msgstr "beleidsplug-in %s ondersteunt niet de -v optie"
+
+#: src/sudo.c:1218
+#, c-format
+msgid "policy plugin %s does not support the -k/-K options"
+msgstr "beleidsplug-in %s ondersteunt niet de -k/-K opties"
+
+#: src/sudo_edit.c:111
+#, c-format
+msgid "unable to change uid to root (%u)"
+msgstr "kan uid niet wijzigen naar root (%u)"
+
+#: src/sudo_edit.c:143
+#, c-format
+msgid "plugin error: missing file list for sudoedit"
+msgstr "plug-infout: missende bestandslijst voor sudoedit"
+
+#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#, c-format
+msgid "%s: not a regular file"
+msgstr "%s: geen regulier bestand"
+
+#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#, c-format
+msgid "%s: short write"
+msgstr "%s: te weinig geschreven"
+
+#: src/sudo_edit.c:272
+#, c-format
+msgid "%s left unmodified"
+msgstr "%s ongewijzigd gelaten"
+
+#: src/sudo_edit.c:285
+#, c-format
+msgid "%s unchanged"
+msgstr "%s ongewijzigd"
+
+#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#, c-format
+msgid "unable to write to %s"
+msgstr "kan niet schrijven naar %s"
+
+#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#, c-format
+msgid "contents of edit session left in %s"
+msgstr "inhoud van bewerkingssessie achtergelaten in %s"
+
+#: src/sudo_edit.c:315
+#, c-format
+msgid "unable to read temporary file"
+msgstr "kan tijdelijk bestand niet lezen"
+
+#: src/tgetpass.c:90
+#, c-format
+msgid "no tty present and no askpass program specified"
+msgstr "geen terminal aanwezig en geen wachtwoordvraag(askpass)-programma opgegeven"
+
+#: src/tgetpass.c:99
+#, c-format
+msgid "no askpass program specified, try setting SUDO_ASKPASS"
+msgstr "geen wachtwoordvraag(askpass)-programma opgegeven, probeer SUDO_ASKPASS in te stellen"
+
+#: src/tgetpass.c:231
+#, c-format
+msgid "unable to set gid to %u"
+msgstr "kan gid niet instellen op %u"
+
+#: src/tgetpass.c:235
+#, c-format
+msgid "unable to set uid to %u"
+msgstr "kan uid niet instellen op %u"
+
+#: src/tgetpass.c:240
+#, c-format
+msgid "unable to run %s"
+msgstr "kan %s niet uitvoeren"
+
+#: src/utmp.c:278
+#, c-format
+msgid "unable to save stdin"
+msgstr "kan niet opslaan naar stdin"
+
+#: src/utmp.c:280
+#, c-format
+msgid "unable to dup2 stdin"
+msgstr "kan dup2 niet uitvoeren op standaardinvoer"
+
+#: src/utmp.c:283
+#, c-format
+msgid "unable to restore stdin"
+msgstr "kan stdin niet herstellen"
# Polish translation for sudo.
# This file is put in the public domain.
-# Jakub Bogusz <qboosh@pld-linux.org>, 2011-2012.
+# Jakub Bogusz <qboosh@pld-linux.org>, 2011-2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-20 19:04+0200\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-03 19:05+0200\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
"Language: pl\n"
msgid "internal error, tried to emalloc(0)"
msgstr "błąd wewnętrzny, próbowano wykonać emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "nie udało się przydzielić pamięci"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "błąd wewnętrzny, próbowano wykonać emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "błąd wewnętrzny, próbowano wykonać erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "nie obsługiwane źródło grup `%s' w %s, w linii %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "błędna liczba maksymalna grup `%s' w %s, w linii %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "nie udało się wykonać stat na %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s nie jest zwykłym plikiem"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "właścicielem %s jest uid %u, powinien być %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s jest zapisywalny dla świata"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s jest zapisywalny dla grupy"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "nie udało się otworzyć %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Nieznany sygnał"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "nie udało się zainicjować sesji przez wtyczkę polityki"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "nie udało się wykonać fork"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "nie udało się utworzyć gniazd"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "nie udało się utworzyć potoku"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "wywołanie select nie powiodło się"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "nie udało się przywrócić etykiety tty"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "nie udało się usunąć PRIV_PROC_EXEC z PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "nie udało się przydzielić pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "nie udało się utworzyć potoku"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "nie udało się przestawić terminala w tryb surowy"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "nie udało się ustawić sterującego tty"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "błąd odczytu z potoku sygnałowego"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "błąd odczytu z potoku"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "błąd odczytu z pary gniazd"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "nieoczekiwany typ odpowiedzi z kanału zwrotnego: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "błąd w %s, w linii %d podczas wczytywania wtyczki `%s'"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "właścicielem %s musi być uid %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "prawo zapisu do %s może mieć tylko właściciel"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "nie udało się wykonać dlopen %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "nie udało się odnaleźć symbolu `%s' w %s"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: nie udało się odnaleźć symbolu %s"
+msgid "unknown policy type %d found in %s"
+msgstr "nieznany typ polityki %d napotkany w %s"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: nieznany typ polityki %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "niezgodna główna wersja polityki %d (zamiast oczekiwanej %d) napotkana w %s"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: niezgodna główna wersja polityki %d, oczekiwano %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "zignorowano wtyczkę polityki `%s' w %s, w linii %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: może być wczytana tylko jedna wtyczka polityki"
+msgid "only a single policy plugin may be specified"
+msgstr "może być podana tylko jedna wtyczka polityki"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "zignotowano powtórzoną wtyczkę polityki `%s' w %s, w linii %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "zignotowano powtórzoną wtyczkę we/wy `%s' w %s, w linii %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "wtyczka polityki %s nie zawiera metody check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: wykryto przepełnienie"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "nie udało się otworzyć gniazda"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "argument opcji -C musi być większy lub równy 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "nieznany użytkownik: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "nie można podać jednocześnie opcji `-i' oraz `-s'"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "nie można podać jednocześnie opcji `-i' oraz `-E'"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "opcja `-E' nie jest poprawna w trybie edycji"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "w trybie edycji nie można przekazywać zmiennych środowiskowych"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "opcji `-U' można używać tylko wraz z opcją `-l'"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "opcji `-A' oraz `-S' nie można używać jednocześnie"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit nie jest obsługiwane na tej platformie"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Można podać tylko jedną z opcji -e, -h, -i, -K, -l, -s, -v lub -V"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - modyfikowanie plików jako inny użytkownik\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - wykonywanie poleceń jako inny użytkownik\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Opcje:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "użycie programu pomocniczego do pytań o hasło\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "użycie podanego rodzaju uwierzytelnienia BSD\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "uruchomienie polecenia w tle\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "zamknięcie wszystkich deskryptorów >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "uruchomienie polecenia z podaną klasą logowania\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "zachowanie środowiska użytkownika przy uruchamianiu polecenia\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "modyfikowanie plików zamiast uruchomienia polecenia\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "wywołanie polecenia jako określona grupa\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "ustawienie zmiennej HOME na katalog domowy użytkownika docelowego.\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "wyświetlenie opisu i zakończenie\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "uruchomienie powłoki logowania jako docelowy użytkownik\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "całkowite usunięcie pliku znacznika czasu\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "unieważnienie pliku znacznika czasu\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "wypisanie poleceń dostępnych dla użytkownika\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "tryb nieinteraktywny, użytkownik nie będzie pytany\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "zachowanie wektora grup zamiast ustawiania docelowych\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "użycie podanego pytania o hasło\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "utworzenie kontekstu bezpieczeństwa SELinuksa z podaną rolą\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "odczyt hasła ze standardowego wejścia\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "uruchomienie powłoki jako użytkownik docelowy\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "przy wypisywaniu podanie uprawnień danego użytkownika\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "uruchomienie polecenia (lub modyfikowanie pliku) jako podany użytkownik\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "wyświetlenie informacji o wersji i zakończenie\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "uaktualnienie znacznika czasu użytkownika bez uruchamiania polecenia\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "zakończenie przetwarzania argumentów linii poleceń\n"
msgid "unable to setup tty context for %s"
msgstr "nie udało się ustawić kontekstu tty dla %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "nie udało się ustawić kontekstu wykonywania na %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "nie udało się ustawić kontekstu tworzenia klucza na %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "wymagany jest przynajmniej jeden argument"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "nie udało się wykonać %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "osiągnięto limit kontroli zasobów"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "użytkownik \"%s\" nie jest członkiem projektu \"%s\""
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "zadanie uruchamiające jest ostatnim"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "nie udało się dołączyć do projektu \"%s\""
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "nie istnieje pula zasobów akceptująca domyślne przypisania dla projektu \"%s\""
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "podana pula zasobów nie istnieje w projekcie \"%s\""
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "nie można przypisać do domyślnej puli zasobów w projekcie \"%s\""
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject dla projektu \"%s\" nie powiodło się"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodło się"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo wersja %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Opcje konfiguracji: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "błąd krytyczny, nie udało się załadować wtyczek"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "nie udało się zainicjować wtyczki polityki"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "błąd inicjalizacji wtyczki we/wy %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "nieoczekiwany tryb sudo 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "nie udało się uzyskać wektora grup"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "nieznany uid %u: kim jesteś?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s musi mieć uid %d jako właściciela oraz ustawiony bit setuid"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "efektywny uid nie wynosi %d, czy %s jest na systemie plików z opcją 'nosuid' albo systemie plików NFS bez uprawnień roota?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "efektywny uid nie wynosi %d, czy sudo jest zainstalowane z setuid root?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "osiągnięto limit kontroli zasobów"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "użytkownik \"%s\" nie jest członkiem projektu \"%s\""
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "zadanie uruchamiające jest ostatnim"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "nie udało się dołączyć do projektu \"%s\""
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "nie istnieje pula zasobów akceptująca domyślne przypisania dla projektu \"%s\""
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "podana pula zasobów nie istnieje w projekcie \"%s\""
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "nie można przypisać do domyślnej puli zasobów w projekcie \"%s\""
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject dla projektu \"%s\" nie powiodło się"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "uwaga: przypisanie kontroli zasobów dla projektu \"%s\" nie powiodło się"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "nieznana klasa logowania %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "nie udało się ustawić kontekstu użytkownika"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "nie udało się ustawić ID dodatkowych grup"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "nie udało się ustawić efektywnego gid-a w celu działania jako gid %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "nie udało się ustawić gid-a w celu działania jako gid %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "nie udało się ustawić priorytetu procesu"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "nie udało się zmienić katalogu głównego na %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "nie udało się zmienić uid-ów, aby działać jako (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "nie udało się zmienić katalogu na %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "nieoczekiwane zakończenie procesu potomnego: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "wtyczka polityki %s nie zawiera metody `check_policy'"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "wtyczka polityki %s nie obsługuje wypisywania uprawnień"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "wtyczka polityki %s nie obsługuje opcji -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "wtyczka polityki %s nie obsługuje opcji -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "nie udało się zmienić uid-a na roota (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "błąd wtyczki: brak listy plików dla sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: nie jest zwykłym plikiem"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: skrócony zapis"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "pozostawiono bez zmian: %s"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "nie zmieniono: %s"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "nie udało się zapisać do %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "zawartość sesji edycji pozostawiono w %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "nie udało się odczytać pliku tymczasowego"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "brak tty i nie podano programu pytającego o hasło"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "nie podano programu pytającego o hasło, proszę spróbować ustawić SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "nie udało się ustawić gid-a na %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "nie udało się ustawić uid-a na %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "nie udało się uruchomić %s"
#, c-format
msgid "unable to restore stdin"
msgstr "nie udało się przywrócić standardowego wejścia"
-
-#~ msgid "internal error, emalloc2() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie emalloc2()"
-
-#~ msgid "internal error, erealloc3() overflow"
-#~ msgstr "błąd wewnętrzny, przepełnienie erealloc3()"
-
-#~ msgid "%s: at least one policy plugin must be specified"
-#~ msgstr "%s: musi być wczytana przynajmniej jedna wtyczka polityki"
# This file is distributed under the same license as the sudo package.
#
# Pavel Maryanov <acid@jack.kiev.ua>, 2011.
-# Yuri Kozlov <yuray@komyakino.ru>, 2011, 2012.
+# Yuri Kozlov <yuray@komyakino.ru>, 2011, 2012, 2013.
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-14 20:51+0400\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-04 20:56+0400\n"
"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
"Language-Team: Russian <gnu@mx.ru>\n"
"Language: ru\n"
msgid "internal error, tried to emalloc(0)"
msgstr "внутренняя ошибка, попытка выполнить emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "не удаётся выделить память"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "внутренняя ошибка, попытка выполнить emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "внутренняя ошибка, попытка выполнить ereсalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "неподдерживаемый групповой источник «%s» в %s, строка %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "некорректное максимальное значение для групп «%s» в %s, строка %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "не удалось выполнить вызов stat %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s не является обычным файлом"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s принадлежит пользователю с uid %u, а должен принадлежать пользователю с uid %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "доступ на запись в %s разрешена всем"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "доступ на запись в %s разрешена группе"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "не удаётся открыть %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Неизвестный сигнал"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "модулю политик не удалось инициализировать сеанс"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "не удаётся создать дочерний процесс"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "не удаётся создать сокеты"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "не удаётся создать канал"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "ошибка select"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "не удаётся создать восстановить метку tty"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "не удаётся удалить PRIV_PROC_EXEC из PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "не удаётся выделить pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "не удаётся создать канал"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "не удаётся перевести терминал в «сырой» режим"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "не удаётся установить управляющий tty"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "ошибка чтения из сигнального канала"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "ошибка чтения из канала"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "ошибка чтения из пары сокетов"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "неожиданный тип ответа в резервном канале: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "ошибка в %s, строка %d, при загрузке модуля «%s»"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s должен принадлежать пользователю с uid %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s должен быть доступен на запись только владельцу"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "не удаётся выполнить dlopen для %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "не удаётся найти символ «%s» в %s"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: не удаётся найти символ %s"
+msgid "unknown policy type %d found in %s"
+msgstr "найден неизвестный тип политики %d в %s"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: неизвестный тип политики %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "найдена несовместимая основная версия модуля %d (ожидалась %d) в %s"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: несовместимая основная версия политики %d, ожидалась %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "игнорируется модуль политики «%s» в %s, строка %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: может быть загружен только один модуль политики"
+msgid "only a single policy plugin may be specified"
+msgstr "может быть задан только один модуль политики"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "игнорируется повторный модуль политики «%s» в %s, строка %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "игнорируется повторный модуль ввода-вывода «%s» в %s, строка %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "модуль политики %s не содержит метод check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: обнаружено переполнение"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "не удаётся открыть сокет"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "аргумент для -C должен быть числом, которое больше или равно 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "неизвестный пользователь: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "параметры «-i» и «-s» являются взаимоисключающими"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "параметры «-i» и «-E» являются взаимоисключающими"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "параметр «-E» не действует в режиме редактирования"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "переменные окружения нельзя определять в режиме редактирования"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "параметр «-U» можно использовать только с параметром «-l»"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "параметры «-A» и «-S» являются взаимоисключающими"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit не поддерживается на этой платформе"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Можно указать только параметры -e, -h, -i, -K, -l, -s, -v или -V"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s — редактирование файлов от имени другого пользователя\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s — выполнение команд от имени другого пользователя\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Параметры:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "использовать вспомогательную программу для ввода пароля\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "использовать указанный тип проверки подлинности BSD\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "выполнить команду в фоновом режиме\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "закрыть все дескрипторы файлов >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "выполнить команду с указанным классом входа в систему\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "сохранить пользовательскую среду при выполнении команды\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "редактировать файлы вместо выполнения команды\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "выполнить команду от имени указанной группы\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "установить для переменной HOME домашний каталог указанного пользователя\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "показать справку и выйти\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "запустить оболочку входа в систему от имени указанного пользователя\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "полностью удалить файл timestamp\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "объявить недействительным файл timestamp\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "вывести список команд, доступных пользователю\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "автономный режим без не вывода запросов пользователю\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "сохранить вектор группы вместо установки целевой группы\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "использовать указанный запрос пароля\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "создать контекст безопасности SELinux с указанной ролью\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "читать пароль из стандартного ввода\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "запустить оболочку от имени указанного пользователя\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "при выводе списка показать привилегии пользователя\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "выполнить команду (или редактировать файл) от имени указанного пользователя\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "показать сведения о версии и выйти\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "обновить временную метку пользователя без выполнения команды\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "прекратить обработку аргументов командной строки\n"
msgid "unable to setup tty context for %s"
msgstr "не удаётся настроить контекст tty для %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "не удаётся установить для контекста exec значение %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "не удаётся установить для контекста создания ключа значение %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "укажите не менее одного аргумента"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "не удаётся выполнить %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "достигнут лимит управления ресурсами"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "пользователь «%s» не является членом проекта «%s»"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "вызывающе задание — последнее"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "не удалось присоединиться к проекту «%s»"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "для проекта «%s» не существует пула ресурсов, принимающих привязки по умолчанию"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "у проекта «%s» нет указанного пула ресурсов"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "не удаётся подключиться к пулу ресурсов по умолчанию проекта «%s»"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject завершилась с ошибкой для проекта «%s»"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "предупреждение: назначение контроля за ресурсами завершилось с ошибкой для проекта «%s»"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo версия %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Параметры настройки: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "фатальная ошибка, не удалось загрузить модули"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "не удаётся инициализировать модуль политики"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "ошибка инициализации модуля ввода-вывода %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "неожиданный режим sudo: 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "не удаётся получить вектор группы"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "неизвестный uid %u: кто вы?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s должен принадлежать пользователю с uid %d и иметь бит setuid"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "эффективный uid не равен %d, возможно, %s находится в файловой системе, смонтированной с битом «nosuid» или в файловой системе NFS без прав суперпользователя?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "эффективный uid не равен %d, программа sudo установлена с битом setuid и принадлежит root?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "достигнут лимит управления ресурсами"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "пользователь «%s» не является членом проекта «%s»"
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "вызывающе задание — последнее"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "не удалось присоединиться к проекту «%s»"
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "для проекта «%s» не существует пула ресурсов, принимающих привязки по умолчанию"
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "у проекта «%s» нет указанного пула ресурсов"
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "не удаётся подключиться к пулу ресурсов по умолчанию проекта «%s»"
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject завершилась с ошибкой для проекта «%s»"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "предупреждение: назначение контроля за ресурсами завершилось с ошибкой для проекта «%s»"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "неизвестный класс входа %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "не удаётся назначить контекст пользователя"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "не удаётся назначить дополнительные идентификаторы групп"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "не удаётся назначить эффективный gid на runas gid %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "не удаётся назначить gid на runas gid %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "не удаётся назначить приоритет процесса"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "не удаётся изменить root на %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "не удаётся изменить на runas uid (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "не удаётся сменить каталог на %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "неожиданное условие завершения потомка: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "модуль политики %s не содержит метод «check_policy»"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "модуль политики %s не поддерживает списка прав"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "модуль политики %s не поддерживает параметр -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "модуль политики %s не поддерживает параметры -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "Не удалось изменить uid на root (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "ошибка модуля: отсутствует список файлов для sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: не обычный файл"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: неполная запись"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s осталось неизменным"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s не изменено"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "не удаётся записать в %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "содержимое сеанса редактирования сохранено в %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "не удаётся прочесть временный файл"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "нет tty и не указана программа askpass"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "не указана программа askpass, попробуйте задать значение в SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "не удаётся назначить gid равным %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "не удаётся назначить uid равным %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "не удаётся выполнить %s"
msgid "unable to restore stdin"
msgstr "не удаётся восстановить стандартный ввод"
+#~ msgid "unable to allocate memory"
+#~ msgstr "не удаётся выделить память"
+
+#~ msgid ": "
+#~ msgstr ": "
+
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "внутренняя ошибка, переполнение emalloc2()"
# This file is distributed under the same license as the sudo package.
#
# Damir Jerovšek <damir.jerovsek@gmail.com>, 2012.
-# Klemen Košir <klemen.kosir@gmx.com>, 2012.
+# Klemen Košir <klemen.kosir@gmx.com>, 2012 - 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 22:13+0100\n"
-"Last-Translator: Klemen Košir <klemen.kosir@gmx.com>\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-06 09:33+0100\n"
+"Last-Translator: Klemen Košir <klemen913@gmail.com>\n"
"Language-Team: Slovenian <translation-team-sl@lists.sourceforge.net>\n"
"Language: sl\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 1.5.5\n"
#: common/aix.c:150
#, c-format
msgid "internal error, tried to emalloc(0)"
msgstr "notranja napaka, poskus uporabe emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "ni mogoče dodeliti pomnilnika"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "notranja napaka, poskus uporabe emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "notranja napaka, poskus uporabe erealloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "nepodprt vir skupine %s v datoteki %s v %d. vrstici"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "neveljavna največja skupina %s v datoteki %s v %d. vrstici"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "stanja datoteke %s ni mogoče izpisati"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s ni običajna datoteka"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s je v lasti uporabnika z ID-jem %u, moral bi biti %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "v datoteko %s lahko zapisujejo vsi uporabniki"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "ni mogoče odpreti %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Neznan signal"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "vstavek za pravilnik ni mogel zagnati seje"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "ni mogoče razvejiti"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "ni mogoče ustvariti vtičev"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "ni mogoče ustvariti cevi"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "izbira je spodletela"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "ni mogoče obnoviti oznake tty"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "ni mogoče odstraniti PRIV_PROC_EXEC iz PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "ni mogoče dodeliti pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "ni mogoče ustvariti cevi"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "ni mogoče postaviti terminala v surov način"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "ni mogoče nastaviti nadzora tty"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "napaka med branjem iz cevi signala"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "napaka med branjem iz cevovoda"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "napaka med branjem iz para vtičev"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "nepričakovana vrsta odgovora na ozadnem kanalu: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "v datoteki %s (vrstica %d) je prišlo do napake med nalaganjem vstavka %s"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s mora biti v lasti ID-ja uporabnika %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s mora biti zapisljiv samo za lastnika"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "ni mogoče uporabiti dlopen %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "ni mogoče najti simbola '%s' v %s"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: ni mogoče najti simbola %s"
+msgid "unknown policy type %d found in %s"
+msgstr "neznana vrsta pravilnika %d v %s"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: neznana vrsta pravilnika %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "nezdružljiva različica vstavka %d (pričakovana %d) v %s"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: nezdružljiva glavna različica pravil %d, pričakovana %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrt"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: naložen je lahko le en vstavek pravilnika"
+msgid "only a single policy plugin may be specified"
+msgstr "naložen je lahko le en vstavek pravilnika"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "podvojeni vstavek pravilnika %s v datoteki %s v %d. vrstici bo prezrt"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "podvojeni vstavek I/O %s v datoteki %s v %d. vrstici bo prezrt"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "vstavek pravilnika %s ne vključuje načina check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: zaznana je bila prekoračitev"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "ni mogoče odpreti vtiča"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "argument k -C mora biti številka, večja kot ali enaka 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "neznan uporabnik: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "možnosti `-i' in `-s' ne smeta biti navedeni hkrati"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "možnosti `-i' in `-E' ne smeta biti navedeni hkrati"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "možnost `-E' ni veljavna v načinu urejanja"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "v načinu urejanja se ne sme podati spremenljivk okolja"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "možnost `-U' se lahko uporabi samo z možnostjo `-l'"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "možnosti `-A' in `-S' se ne smeta uporabljati hkrati"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit ni podprt v tem okolju"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Od -e, -h, -i, -K, -l, -s, -v ali -V je lahko navedena samo ena možnost"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - urejaj datoteke kot drug uporabnik\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - izvedi ukaz kot drug uporabnik\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Možnosti:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "uporabi program pomagalnik za pozive za vnos gesla\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "uporabi navedeno vrsto urejanja BSD\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "zaženi ukaz v ozadju\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "zapri vse opisnike datotek >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "zaženi ukaz z navedenim prijavnim razredom\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "ohrani okolje uporabnika, kadar se izvajajo ukazi\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "namesto izvedbe ukaza uredi datoteke\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "izvedi ukaz kot navedena skupina\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "nastavi spremenljivko HOME kot cilj v domači mapi uporabnika\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "prikaži sporočilo pomoči in končaj\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "zaženi lupino prijave kot ciljni uporabnik\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "popolnoma odstrani datoteko s časovnimi žigi\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "razveljavi veljavnost datoteke s časovnimi žigi\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "prikaži razpoložljive ukaze uporabnika\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "nevzajemni način, ne bo poziva uporabnika\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "ohrani vektor skupine namesto nastavitve tarči\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "uporabi določen poziv za vnos gesla\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "ustvari varnostno vsebino SELinux z določeno vlogo\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "preberi geslo s standardnega vnosa\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "zaženi lupino kot ciljni uporabnik\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "med naštevanjem prikaži določena dovoljenja uporabnika\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "zaženi ukaz (ali uredi datoteko) kot določen uporabnik\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "prikaži podrobnosti različice in končaj\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "posodobi časovni žig uporabnika brez izvajanja ukaza\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "zaustavi obdelovanje argumentov ukazne vrstice\n"
msgid "unable to setup tty context for %s"
msgstr "ni mogoče nastaviti vsebine tty za %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "ni mogoče nastavite izvedene vsebine k %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "ni mogoče nastaviti vsebine ustvarjenja ključa k %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "zahteva vsaj en argument"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "ni mogoče izvršiti %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "meja omejitve virov je bila dosežena"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "uporabnik \"%s\" ni član projekta \"%s\""
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "priklicana naloga je končna"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "ni mogoče pridružiti projekta \"%s\""
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "nobene zaloge virov, ki sprejemajo privzete vezi, ne obstajajo za projekt \"% s\""
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "določen vir zalog ne obstaja za projekt \"%s\""
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "ni mogoče vezati na privzet vir zalog za projekt \"%s\""
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "setproject je spodletel za projekt \"%s\""
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "opozorilo, naloga nadzora virov je spodletela za projekt \"%s\""
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo različica %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Nastavitev možnosti: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "usodna napaka, ni mogoče naložiti vstavka"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "ni mogoče začenjati vstavka pravilnika"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "napaka med začenjanjem I/O vstavka %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "nepričakovan način sudo 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "ni mogoče pridobiti vektorja skupine"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "neznan ID uporabnika %u: kdo ste?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s si mora lastiti uporabnik z ID-jem %d and mora imeti nastavljen bit setuid"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "trenutni ID uporabnika ni %d. Ali je %s na datotečnem sistemu z nastavljeno možnostjo \"nosuid\" ali datotečnem sistemu NFS brez dovoljenj skrbnika?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "trenutni uid ni %d. Ali je sudo pravilno nameščen?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "meja omejitve virov je bila dosežena"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "uporabnik \"%s\" ni član projekta \"%s\""
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "priklicana naloga je končna"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "ni mogoče pridružiti projekta \"%s\""
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "nobene zaloge virov, ki sprejemajo privzete vezi, ne obstajajo za projekt \"% s\""
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "določen vir zalog ne obstaja za projekt \"%s\""
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "ni mogoče vezati na privzet vir zalog za projekt \"%s\""
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "setproject je spodletel za projekt \"%s\""
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "opozorilo, naloga nadzora virov je spodletela za projekt \"%s\""
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "neznan razred prijave %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "ni mogoče nastaviti vsebine uporabnika"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "ni mogoče nastaviti dopolnilnih ID-jev skupin"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "ni mogoče nastaviti učinkovitega ID-ja skupine, da se zažene kot ID skupine %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "ni mogoče nastaviti ID-ja skupine, da se zažene kot ID skupine %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "ni mogoče nastaviti prednosti opravil"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "ni mogoče spremeniti skrbnika v %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "ni mogoče spremeniti ID uporabnika zaženi kot (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "ni mogoče spremeniti mape v %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "nepričakovan pogoj uničenja podrejenega opravila: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "vstavek pravilnika %s ne vključuje načina check_policy"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "vstavek pravilnika %s ne podpira navajanja dovoljenj"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "vstavek pravilnika %s ne podpira možnosti -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "vstavek pravilnika %s ne podpira možnosti -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "ni mogoče spremeniti ID-ja uporabnika v skrbnika (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "napaka vstavka: manjka seznam datotek za sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: ni običajna datoteka"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: kratko pisanje"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s je ostalo nespremenjeno"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s nespremenjeno"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "ni mogoče pisati v %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "vsebina seje urejanja je ostala v %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "ni mogoče brati začasne datoteke"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "prisotnega ni nobenega tty in določen ni noben program askpass"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "določenega ni nobenega programa askpass, poskusite nastaviti SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "ni mogoče nastaviti ID skupine v %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "ni mogoče nastaviti ID uporabnika v %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "ni mogoče zagnati %s"
#, c-format
msgid "unable to restore stdin"
msgstr "ni mogoče obnoviti stdin"
-
-#~ msgid "internal error, emalloc2() overflow"
-#~ msgstr "notranja napaka, prekoračitev emalloc2(0)"
-
-#~ msgid "internal error, erealloc3() overflow"
-#~ msgstr "notranja napaka, prekoračitev erealloc3(0)"
-
-#~ msgid "%s: at least one policy plugin must be specified"
-#~ msgstr "%s: naveden mora biti vsaj en vstavek pravilnika"
-# SOME DESCRIPTIVE TITLE.
+# Portable object template file for sudo
# This file is put in the public domain.
-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+# Todd C. Miller <Todd.Miller@courtesan.com>, 2011-2013
#
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6\n"
+"Project-Id-Version: sudo 1.8.7\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "internal error, tried to emalloc(0)"
msgstr ""
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr ""
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr ""
msgid "internal error, tried to erecalloc(0)"
msgstr ""
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr ""
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr ""
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr ""
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr ""
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr ""
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr ""
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr ""
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr ""
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr ""
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr ""
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr ""
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ""
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr ""
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr ""
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr ""
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr ""
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr ""
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr ""
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr ""
msgid "unable to allocate pty"
msgstr ""
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr ""
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr ""
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr ""
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr ""
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr ""
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr ""
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr ""
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr ""
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr ""
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr ""
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr ""
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr ""
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr ""
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
#, c-format
-msgid "%s: unable to find symbol %s"
+msgid "unable to find symbol `%s' in %s"
msgstr ""
-#: src/load_plugins.c:112
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unknown policy type %d"
+msgid "unknown policy type %d found in %s"
msgstr ""
-#: src/load_plugins.c:116
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
msgstr ""
-#: src/load_plugins.c:123
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
+msgid "ignoring policy plugin `%s' in %s, line %d"
msgstr ""
-#: src/load_plugins.c:200
+#: src/load_plugins.c:218
+#, c-format
+msgid "only a single policy plugin may be specified"
+msgstr ""
+
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr ""
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr ""
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr ""
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr ""
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr ""
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr ""
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr ""
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr ""
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr ""
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr ""
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr ""
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr ""
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr ""
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr ""
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid ""
"Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr ""
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"\n"
msgstr ""
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"\n"
msgstr ""
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"Options:\n"
msgstr ""
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr ""
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr ""
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr ""
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr ""
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr ""
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr ""
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr ""
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr ""
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr ""
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr ""
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr ""
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr ""
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr ""
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr ""
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr ""
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr ""
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr ""
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr ""
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr ""
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr ""
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr ""
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr ""
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr ""
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr ""
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr ""
msgid "unable to setup tty context for %s"
msgstr ""
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr ""
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr ""
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr ""
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr ""
-#: src/sudo.c:211
+#: src/solaris.c:88
#, c-format
-msgid "Sudo version %s\n"
+msgid "resource control limit has been reached"
msgstr ""
-#: src/sudo.c:213
+#: src/solaris.c:91
#, c-format
-msgid "Configure options: %s\n"
+msgid "user \"%s\" is not a member of project \"%s\""
msgstr ""
-#: src/sudo.c:218
+#: src/solaris.c:95
#, c-format
-msgid "fatal error, unable to load plugins"
+msgid "the invoking task is final"
msgstr ""
-#: src/sudo.c:226
+#: src/solaris.c:98
#, c-format
-msgid "unable to initialize policy plugin"
+msgid "could not join project \"%s\""
msgstr ""
-#: src/sudo.c:281
+#: src/solaris.c:103
#, c-format
-msgid "error initializing I/O plugin %s"
+msgid "no resource pool accepting default bindings exists for project \"%s\""
msgstr ""
-#: src/sudo.c:306
+#: src/solaris.c:107
#, c-format
-msgid "unexpected sudo mode 0x%x"
+msgid "specified resource pool does not exist for project \"%s\""
msgstr ""
-#: src/sudo.c:400
+#: src/solaris.c:111
#, c-format
-msgid "unable to get group vector"
+msgid "could not bind to default resource pool for project \"%s\""
msgstr ""
-#: src/sudo.c:452
+#: src/solaris.c:117
#, c-format
-msgid "unknown uid %u: who are you?"
+msgid "setproject failed for project \"%s\""
msgstr ""
-#: src/sudo.c:782
+#: src/solaris.c:119
#, c-format
-msgid "%s must be owned by uid %d and have the setuid bit set"
+msgid "warning, resource control assignment failed for project \"%s\""
msgstr ""
-#: src/sudo.c:785
+#: src/sudo.c:196
#, c-format
-msgid ""
-"effective uid is not %d, is %s on a file system with the 'nosuid' option set "
-"or an NFS file system without root privileges?"
+msgid "Sudo version %s\n"
msgstr ""
-#: src/sudo.c:791
+#: src/sudo.c:198
#, c-format
-msgid "effective uid is not %d, is sudo installed setuid root?"
+msgid "Configure options: %s\n"
msgstr ""
-#: src/sudo.c:860
+#: src/sudo.c:203
#, c-format
-msgid "resource control limit has been reached"
+msgid "fatal error, unable to load plugins"
msgstr ""
-#: src/sudo.c:863
+#: src/sudo.c:211
#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
+msgid "unable to initialize policy plugin"
msgstr ""
-#: src/sudo.c:867
+#: src/sudo.c:268
#, c-format
-msgid "the invoking task is final"
+msgid "error initializing I/O plugin %s"
msgstr ""
-#: src/sudo.c:870
+#: src/sudo.c:293
#, c-format
-msgid "could not join project \"%s\""
+msgid "unexpected sudo mode 0x%x"
msgstr ""
-#: src/sudo.c:875
+#: src/sudo.c:413
#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgid "unable to get group vector"
msgstr ""
-#: src/sudo.c:879
+#: src/sudo.c:465
#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
+msgid "unknown uid %u: who are you?"
msgstr ""
-#: src/sudo.c:883
+#: src/sudo.c:802
#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
+msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr ""
-#: src/sudo.c:889
+#: src/sudo.c:805
#, c-format
-msgid "setproject failed for project \"%s\""
+msgid ""
+"effective uid is not %d, is %s on a file system with the 'nosuid' option set "
+"or an NFS file system without root privileges?"
msgstr ""
-#: src/sudo.c:891
+#: src/sudo.c:811
#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
+msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr ""
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr ""
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr ""
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr ""
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr ""
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr ""
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr ""
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr ""
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr ""
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr ""
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr ""
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr ""
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr ""
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr ""
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr ""
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr ""
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr ""
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr ""
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr ""
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr ""
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr ""
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr ""
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr ""
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr ""
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr ""
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr ""
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr ""
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr ""
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr ""
--- /dev/null
+# This file is put in the public domain.
+# This file is distributed under the same license as the sudo package.
+#
+# Volkan Gezer <vlkngzr@gmail.com>, 2013.
+msgid ""
+msgstr ""
+"Project-Id-Version: sudo 1.8.7b1\n"
+"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-03 19:11+0100\n"
+"Last-Translator: Volkan Gezer <vlkngzr@gmail.com>\n"
+"Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"
+"Language: tr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: Lokalize 1.5\n"
+
+#: common/aix.c:150
+#, c-format
+msgid "unable to open userdb"
+msgstr "userdb açılamıyor"
+
+#: common/aix.c:153
+#, c-format
+msgid "unable to switch to registry \"%s\" for %s"
+msgstr "\"%s\" kaydına %s için geçiş yapılamıyor"
+
+#: common/aix.c:170
+#, c-format
+msgid "unable to restore registry"
+msgstr "kayıt geri yüklenemiyor"
+
+#: common/alloc.c:82
+msgid "internal error, tried to emalloc(0)"
+msgstr "dahili hata, emalloc(0) denendi"
+
+#: common/alloc.c:99
+msgid "internal error, tried to emalloc2(0)"
+msgstr "dahili hata, emalloc2(0) denendi"
+
+#: common/alloc.c:101 common/alloc.c:123 common/alloc.c:163 common/alloc.c:187
+#, c-format
+msgid "internal error, %s overflow"
+msgstr "dahili hata, %s taşması"
+
+#: common/alloc.c:120
+msgid "internal error, tried to ecalloc(0)"
+msgstr "dahili hata, ecalloc() denendi"
+
+#: common/alloc.c:142
+msgid "internal error, tried to erealloc(0)"
+msgstr "dahili hata, erealloc() denendi"
+
+#: common/alloc.c:161
+msgid "internal error, tried to erealloc3(0)"
+msgstr "dahili hata, erealloc3() denendi"
+
+#: common/alloc.c:185
+msgid "internal error, tried to erecalloc(0)"
+msgstr "dahili hata, erecalloc() denendi"
+
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "`%s' desteklenmeyen grup kaynağı, %s içinde, satır %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "`%s' geçersiz azami grubu, %s içinde, satır %d"
+
+#: common/sudo_conf.c:382
+#, c-format
+msgid "unable to stat %s"
+msgstr "%s durumlanamıyor"
+
+#: common/sudo_conf.c:385
+#, c-format
+msgid "%s is not a regular file"
+msgstr "%s düzenli bir dosya değil"
+
+#: common/sudo_conf.c:388
+#, c-format
+msgid "%s is owned by uid %u, should be %u"
+msgstr "%s, %u kullanıcı kimliği tarafından sahiplenmiş, %u olmalı"
+
+#: common/sudo_conf.c:392
+#, c-format
+msgid "%s is world writable"
+msgstr "%s genel yazılabilir"
+
+#: common/sudo_conf.c:395
+#, c-format
+msgid "%s is group writable"
+msgstr "%s grup yazılabilir"
+
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
+#, c-format
+msgid "unable to open %s"
+msgstr "%s açılamıyor"
+
+#: compat/strsignal.c:50
+msgid "Unknown signal"
+msgstr "Bilinmeyen sinyal"
+
+#: src/exec.c:127 src/exec_pty.c:685
+#, c-format
+msgid "policy plugin failed session initialization"
+msgstr "oturum başlatma için ilke eklentisi başarısız"
+
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
+#, c-format
+msgid "unable to fork"
+msgstr "çatallanamıyor"
+
+#: src/exec.c:259
+#, c-format
+msgid "unable to create sockets"
+msgstr "soket oluşturulamıyor"
+
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
+#, c-format
+msgid "select failed"
+msgstr "seçim başarısız"
+
+#: src/exec.c:449
+#, c-format
+msgid "unable to restore tty label"
+msgstr "tty etiketi geri yüklenemiyor"
+
+#: src/exec_common.c:70
+#, c-format
+msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
+msgstr "PRIV_LIMIT'ten PRIV_PROC_EXEC kaldırılamıyor"
+
+#: src/exec_pty.c:183
+#, c-format
+msgid "unable to allocate pty"
+msgstr "pty ayırma başarısız"
+
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "iletişim tüneli oluşturulamıyor"
+
+#: src/exec_pty.c:676
+#, c-format
+msgid "unable to set terminal to raw mode"
+msgstr "uçbirim ham kipine ayarlanamıyor"
+
+#: src/exec_pty.c:1042
+#, c-format
+msgid "unable to set controlling tty"
+msgstr "tty denetleme ayarlaması başarısız"
+
+#: src/exec_pty.c:1139
+#, c-format
+msgid "error reading from signal pipe"
+msgstr "sinyal tünelinden okuma hatası"
+
+#: src/exec_pty.c:1160
+#, c-format
+msgid "error reading from pipe"
+msgstr "tünelden okuma hatası"
+
+#: src/exec_pty.c:1176
+#, c-format
+msgid "error reading from socketpair"
+msgstr "sockerpair'den okuma hatası"
+
+#: src/exec_pty.c:1180
+#, c-format
+msgid "unexpected reply type on backchannel: %d"
+msgstr "backchannel'da beklenmeyen yanıt türü: %d"
+
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "%s içerisinde, satır %d, `%s' eklentisi yüklenirken hata"
+
+#: src/load_plugins.c:72
+#, c-format
+msgid "%s: %s"
+msgstr "%s: %s"
+
+#: src/load_plugins.c:81
+#, c-format
+msgid "%s%s: %s"
+msgstr "%s%s: %s"
+
+#: src/load_plugins.c:140
+#, c-format
+msgid "%s must be owned by uid %d"
+msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli"
+
+#: src/load_plugins.c:146
+#, c-format
+msgid "%s must be only be writable by owner"
+msgstr "%s sadece sahibi tarafından yazılabilir olmalı"
+
+#: src/load_plugins.c:187
+#, c-format
+msgid "unable to dlopen %s: %s"
+msgstr "dlopen %s yapılamıyor: %s"
+
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "%s içerisinde `%s' sembolü bulunamıyor"
+
+#: src/load_plugins.c:201
+#, c-format
+msgid "unknown policy type %d found in %s"
+msgstr "bilinmeyen ilke türü %d bulundu: %s içerisinde"
+
+#: src/load_plugins.c:207
+#, c-format
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "uyumsuz temel ilke sürümü %d bulundu (beklenen %d): %s içerisinde"
+
+#: src/load_plugins.c:216
+#, c-format
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "`%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d"
+
+#: src/load_plugins.c:218
+#, c-format
+msgid "only a single policy plugin may be specified"
+msgstr "sadece tek ilke eklentisi belirtilebilir"
+
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "yinelenmiş `%s' ilke eklentisi yoksayılıyor, %s içinde, satır %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "yinelenmiş `%s' G/Ç eklentisi yoksayılıyor, %s içinde, satır %d"
+
+#: src/load_plugins.c:313
+#, c-format
+msgid "policy plugin %s does not include a check_policy method"
+msgstr "%s ilke eklentisi, bir check_policy yöntemi içermiyor"
+
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
+#, c-format
+msgid "load_interfaces: overflow detected"
+msgstr "load_interfaces: taşma tespit edildi"
+
+#: src/net_ifs.c:226
+#, c-format
+msgid "unable to open socket"
+msgstr "soket açılamıyor"
+
+#: src/parse_args.c:197
+#, c-format
+msgid "the argument to -C must be a number greater than or equal to 3"
+msgstr "-C argümanı 3 veya daha büyük bir sayı olmalıdır"
+
+#: src/parse_args.c:286
+#, c-format
+msgid "unknown user: %s"
+msgstr "bilinmeyen kullanıcı: %s"
+
+#: src/parse_args.c:345
+#, c-format
+msgid "you may not specify both the `-i' and `-s' options"
+msgstr "`-i' ve `-s' seçeneklerini aynı anda belirtemezsiniz"
+
+#: src/parse_args.c:349
+#, c-format
+msgid "you may not specify both the `-i' and `-E' options"
+msgstr "`-i' ve `-E' seçeneklerini aynı anda belirtemezsiniz"
+
+#: src/parse_args.c:359
+#, c-format
+msgid "the `-E' option is not valid in edit mode"
+msgstr "düzenleme kipinde `-E' seçeneği geçerli değil"
+
+#: src/parse_args.c:361
+#, c-format
+msgid "you may not specify environment variables in edit mode"
+msgstr "düzenleme kipinde ortam değişkenlerini belirtemezsiniz"
+
+#: src/parse_args.c:369
+#, c-format
+msgid "the `-U' option may only be used with the `-l' option"
+msgstr "`-U' seçeneği sadece `-l' seçeneği ile kullanılabilir"
+
+#: src/parse_args.c:373
+#, c-format
+msgid "the `-A' and `-S' options may not be used together"
+msgstr "`-A' ve `-S' seçenekleri birlikte kullanılamaz"
+
+#: src/parse_args.c:456
+#, c-format
+msgid "sudoedit is not supported on this platform"
+msgstr "sudoedit bu platformda desteklenmiyor"
+
+#: src/parse_args.c:529
+#, c-format
+msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
+msgstr "-e, -h, -i, -K, -l, -s, -v veya -V seçeneklerinden sadece biri belirtilebilir"
+
+#: src/parse_args.c:543
+#, c-format
+msgid ""
+"%s - edit files as another user\n"
+"\n"
+msgstr ""
+"%s - dosyaları farklı kullanıcı olarak düzenle\n"
+"\n"
+
+#: src/parse_args.c:545
+#, c-format
+msgid ""
+"%s - execute a command as another user\n"
+"\n"
+msgstr ""
+"%s - bir komutu farklı kullanıcı olarak çalıştır\n"
+"\n"
+
+#: src/parse_args.c:550
+#, c-format
+msgid ""
+"\n"
+"Options:\n"
+msgstr ""
+"\n"
+"Seçenekler:\n"
+
+#: src/parse_args.c:552
+msgid "use helper program for password prompting\n"
+msgstr "parola istemi için yardımcı programı kullan\n"
+
+#: src/parse_args.c:555
+msgid "use specified BSD authentication type\n"
+msgstr "belirtilen BSD yetkilendirme türü kullan\n"
+
+#: src/parse_args.c:558
+msgid "run command in the background\n"
+msgstr "komutu arkaplanda çalıştır\n"
+
+#: src/parse_args.c:560
+msgid "close all file descriptors >= fd\n"
+msgstr "tüm dosya tanımlayıcılarını kapat >= fd\n"
+
+#: src/parse_args.c:563
+msgid "run command with specified login class\n"
+msgstr "komutu belirtilen oturum sınıfında çalıştır\n"
+
+#: src/parse_args.c:566
+msgid "preserve user environment when executing command\n"
+msgstr "komutu çalıştırırken kullanıcı ortamını koru\n"
+
+#: src/parse_args.c:568
+msgid "edit files instead of running a command\n"
+msgstr "komut çalıştırmak yerine dosyaları düzenle\n"
+
+#: src/parse_args.c:570
+msgid "execute command as the specified group\n"
+msgstr "komutu belirtilen grup olarak çalıştır\n"
+
+#: src/parse_args.c:572
+msgid "set HOME variable to target user's home dir.\n"
+msgstr "hedef kullanıcının ev dizinine HOME değişkeni ata.\n"
+
+#: src/parse_args.c:574
+msgid "display help message and exit\n"
+msgstr "yardım iletisini göster ve çık\n"
+
+#: src/parse_args.c:576
+msgid "run a login shell as target user\n"
+msgstr "hedef kullanıcı olarak bir oturum kabuğu çalıştır\n"
+
+#: src/parse_args.c:578
+msgid "remove timestamp file completely\n"
+msgstr "dosyadan zaman damgasını tamamen kaldır\n"
+
+#: src/parse_args.c:580
+msgid "invalidate timestamp file\n"
+msgstr "zaman damgası dosyasını geçersiz kıl\n"
+
+#: src/parse_args.c:582
+msgid "list user's available commands\n"
+msgstr "kullanıcının kullanılabilir komutlarını listele\n"
+
+#: src/parse_args.c:584
+msgid "non-interactive mode, will not prompt user\n"
+msgstr "etkileşimsiz kip, kullanıcı istemi yapılmayacak\n"
+
+#: src/parse_args.c:586
+msgid "preserve group vector instead of setting to target's\n"
+msgstr "hedefe ayarlamak yerine grup vektörünü koru\n"
+
+#: src/parse_args.c:588
+msgid "use specified password prompt\n"
+msgstr "belirtilen parola istemini kullan\n"
+
+#: src/parse_args.c:591 src/parse_args.c:599
+msgid "create SELinux security context with specified role\n"
+msgstr "belirtilen görev ile SELinux güvenlik bağlamı oluştur\n"
+
+#: src/parse_args.c:594
+msgid "read password from standard input\n"
+msgstr "parolayı standart girdiden oku\n"
+
+#: src/parse_args.c:596
+msgid "run a shell as target user\n"
+msgstr "hedef kullanıcı olarak bir kabuk çalıştır\n"
+
+#: src/parse_args.c:602
+msgid "when listing, list specified user's privileges\n"
+msgstr "listelerken, belirtilen kullanıcının haklarını listele\n"
+
+#: src/parse_args.c:604
+msgid "run command (or edit file) as specified user\n"
+msgstr "belirtilen kullanıcı olarak komut çalıştır (veya dosya düzenle)\n"
+
+#: src/parse_args.c:606
+msgid "display version information and exit\n"
+msgstr "sürüm bilgisini görüntüle ve çık\n"
+
+#: src/parse_args.c:608
+msgid "update user's timestamp without running a command\n"
+msgstr "bir komut çalıştırmadan kullanıcının zaman damgasını güncelle\n"
+
+#: src/parse_args.c:610
+msgid "stop processing command line arguments\n"
+msgstr "komut satırı argümanlarını işlemeyi durdur\n"
+
+#: src/selinux.c:77
+#, c-format
+msgid "unable to open audit system"
+msgstr "denetim sistemi açılamıyor"
+
+#: src/selinux.c:85
+#, c-format
+msgid "unable to send audit message"
+msgstr "denetim iletisi gönderilemiyor"
+
+#: src/selinux.c:113
+#, c-format
+msgid "unable to fgetfilecon %s"
+msgstr "fgetfilecon %s yapılamıyor"
+
+#: src/selinux.c:118
+#, c-format
+msgid "%s changed labels"
+msgstr "%s değişmiş etiket"
+
+#: src/selinux.c:123
+#, c-format
+msgid "unable to restore context for %s"
+msgstr "%s için bağlam geri yüklenemiyor"
+
+#: src/selinux.c:163
+#, c-format
+msgid "unable to open %s, not relabeling tty"
+msgstr "%s açılamadı, tty yeniden etiketlenemiyor"
+
+#: src/selinux.c:172
+#, c-format
+msgid "unable to get current tty context, not relabeling tty"
+msgstr "geçerli tty bağlamı alınamadı, tty yeniden etiketlenemiyor"
+
+#: src/selinux.c:179
+#, c-format
+msgid "unable to get new tty context, not relabeling tty"
+msgstr "yeni tty bağlamı alınamadı, tty yeniden etiketlenemiyor"
+
+#: src/selinux.c:186
+#, c-format
+msgid "unable to set new tty context"
+msgstr "yeni tty bağlamı alınamıyor"
+
+#: src/selinux.c:252
+#, c-format
+msgid "you must specify a role for type %s"
+msgstr "%s türü için bir görev belirtmelisiniz"
+
+#: src/selinux.c:258
+#, c-format
+msgid "unable to get default type for role %s"
+msgstr "%s görevi için öntanımlı tür alınamıyor"
+
+#: src/selinux.c:276
+#, c-format
+msgid "failed to set new role %s"
+msgstr "%s yeni görevi atanamadı"
+
+#: src/selinux.c:280
+#, c-format
+msgid "failed to set new type %s"
+msgstr "yeni tür %s atanamadı"
+
+#: src/selinux.c:289
+#, c-format
+msgid "%s is not a valid context"
+msgstr "%s geçerli bir bağlam değil"
+
+#: src/selinux.c:324
+#, c-format
+msgid "failed to get old_context"
+msgstr "old_context alınamadı"
+
+#: src/selinux.c:330
+#, c-format
+msgid "unable to determine enforcing mode."
+msgstr "zorlama kipini belirleme başarısız."
+
+#: src/selinux.c:342
+#, c-format
+msgid "unable to setup tty context for %s"
+msgstr "%s için tty bağlamı ayarlanamıyor"
+
+#: src/selinux.c:381
+#, c-format
+msgid "unable to set exec context to %s"
+msgstr "%s için exec bağlamı ayarlanamıyor"
+
+#: src/selinux.c:388
+#, c-format
+msgid "unable to set key creation context to %s"
+msgstr "%s için anahtar oluşturma bağlamı ayarlanamıyor"
+
+#: src/sesh.c:57
+#, c-format
+msgid "requires at least one argument"
+msgstr "en az bir argüman gerektirir"
+
+#: src/sesh.c:78 src/sudo.c:1126
+#, c-format
+msgid "unable to execute %s"
+msgstr "%s çalıştırılamıyor"
+
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "kaynak denetim sınırına ulaşıldı"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "\"%s\", bir \"%s\" projesi üyesi değil"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "çağırılan görev son"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "\"%s\" projesine katılamadı"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "\"%s\" projesi için hiçbir kaynak havuzu varsayılan atamaları kabul etmiyor"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "belirtilen kaynak havuzu \"%s\" projesi için mevcut değil"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "\"%s\" projesi için öntanımlı kaynak havuzu atanamadı"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "\"%s\" projesi için setproject başarısız"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "uyarı, \"%s\" projesi için kaynak denetim ataması başarısız"
+
+#: src/sudo.c:196
+#, c-format
+msgid "Sudo version %s\n"
+msgstr "Sudo sürüm %s\n"
+
+#: src/sudo.c:198
+#, c-format
+msgid "Configure options: %s\n"
+msgstr "Yapılandırma seçenekleri: %s\n"
+
+#: src/sudo.c:203
+#, c-format
+msgid "fatal error, unable to load plugins"
+msgstr "ölümcül hata, eklentiler yüklenemiyor"
+
+#: src/sudo.c:211
+#, c-format
+msgid "unable to initialize policy plugin"
+msgstr "ilke eklentisi başlatılamıyor"
+
+#: src/sudo.c:268
+#, c-format
+msgid "error initializing I/O plugin %s"
+msgstr "G/Ç eklentisi %s başlatılırken hata"
+
+#: src/sudo.c:293
+#, c-format
+msgid "unexpected sudo mode 0x%x"
+msgstr "beklenmeyen 0x%x sudo kipi"
+
+#: src/sudo.c:413
+#, c-format
+msgid "unable to get group vector"
+msgstr "grup vektörü alınamıyor"
+
+#: src/sudo.c:465
+#, c-format
+msgid "unknown uid %u: who are you?"
+msgstr "bilinmeyen kullanıcı kimliği %u: kimsiniz?"
+
+#: src/sudo.c:802
+#, c-format
+msgid "%s must be owned by uid %d and have the setuid bit set"
+msgstr "%s, %d kullanıcı kimliği tarafından sahiplenmeli ve setuid biti ayarlanmış olmalı"
+
+#: src/sudo.c:805
+#, c-format
+msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
+msgstr "etkin kullanıcı kimliği %d değil, %s 'nosuid' seçeneği ayarlanmış bir dosya sisteminde veya yetkisiz haklara sahip bir NFS dosya sisteminde mi?"
+
+#: src/sudo.c:811
+#, c-format
+msgid "effective uid is not %d, is sudo installed setuid root?"
+msgstr "etkin kullanıcı kimliği %d değil, sudo setuid root ile mi yüklendi?"
+
+#: src/sudo.c:915
+#, c-format
+msgid "unknown login class %s"
+msgstr "bilinmeyen \"%s\" oturum sınıfı"
+
+#: src/sudo.c:929 src/sudo.c:932
+#, c-format
+msgid "unable to set user context"
+msgstr "kullanıcı bağlamı ayarlama başarısız"
+
+#: src/sudo.c:944
+#, c-format
+msgid "unable to set supplementary group IDs"
+msgstr "ek grup kimlikleri ayarlanamıyor"
+
+#: src/sudo.c:951
+#, c-format
+msgid "unable to set effective gid to runas gid %u"
+msgstr "etkin grup kimliği, runas gid %u olarak ayarlanamıyor"
+
+#: src/sudo.c:957
+#, c-format
+msgid "unable to set gid to runas gid %u"
+msgstr "grup kimliği, runas gid %u olarak ayarlanamıyor"
+
+#: src/sudo.c:964
+#, c-format
+msgid "unable to set process priority"
+msgstr "süreç önceliği ayarlanamıyor"
+
+#: src/sudo.c:972
+#, c-format
+msgid "unable to change root to %s"
+msgstr "kök %s olarak değiştirilemiyor"
+
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
+#, c-format
+msgid "unable to change to runas uid (%u, %u)"
+msgstr "runas uid (%u, %u) olarak değiştirilemiyor"
+
+#: src/sudo.c:1005
+#, c-format
+msgid "unable to change directory to %s"
+msgstr "%s dizinine değiştirilemiyor"
+
+#: src/sudo.c:1089
+#, c-format
+msgid "unexpected child termination condition: %d"
+msgstr "beklenmeyen alt sonlandırma şartı: %d"
+
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "%s ilke eklentisi, bir `check_policy' yöntemi içermiyor"
+
+#: src/sudo.c:1159
+#, c-format
+msgid "policy plugin %s does not support listing privileges"
+msgstr "%s ilke eklentisi listeleme yetkilerini desteklemiyor"
+
+#: src/sudo.c:1171
+#, c-format
+msgid "policy plugin %s does not support the -v option"
+msgstr "%s ilke eklentisi -v seçeneğini desteklemiyor"
+
+#: src/sudo.c:1183
+#, c-format
+msgid "policy plugin %s does not support the -k/-K options"
+msgstr "%s ilke eklentisi -k/-K seçeneklerini desteklemiyor"
+
+#: src/sudo_edit.c:110
+#, c-format
+msgid "unable to change uid to root (%u)"
+msgstr "kullanıcı kimliği yetkili (%u) olarak değiştirilemiyor"
+
+#: src/sudo_edit.c:142
+#, c-format
+msgid "plugin error: missing file list for sudoedit"
+msgstr "eklenti hatası: sudoedit için eksik dosya listesi"
+
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
+#, c-format
+msgid "%s: not a regular file"
+msgstr "%s: düzenli bir dosya değil"
+
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
+#, c-format
+msgid "%s: short write"
+msgstr "%s: kısa yazım"
+
+#: src/sudo_edit.c:271
+#, c-format
+msgid "%s left unmodified"
+msgstr "%s düzenlenmemiş olarak bırakıldı"
+
+#: src/sudo_edit.c:284
+#, c-format
+msgid "%s unchanged"
+msgstr "%s değiştirilmemiş"
+
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
+#, c-format
+msgid "unable to write to %s"
+msgstr "%s dosyasına yazılamıyor"
+
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
+#, c-format
+msgid "contents of edit session left in %s"
+msgstr "düzenleme oturumu içerikleri %s içinde bırakıldı"
+
+#: src/sudo_edit.c:314
+#, c-format
+msgid "unable to read temporary file"
+msgstr "geçici dosya okunamıyor"
+
+#: src/tgetpass.c:89
+#, c-format
+msgid "no tty present and no askpass program specified"
+msgstr "tty bulunmuyor ve askpass programı belirtilmemiş"
+
+#: src/tgetpass.c:98
+#, c-format
+msgid "no askpass program specified, try setting SUDO_ASKPASS"
+msgstr "askpass programı belirtilmemiş, SUDO_ASKPASS ayarlamayı deneyin"
+
+#: src/tgetpass.c:230
+#, c-format
+msgid "unable to set gid to %u"
+msgstr "grup kimliği %u olarak ayarlanamıyor"
+
+#: src/tgetpass.c:234
+#, c-format
+msgid "unable to set uid to %u"
+msgstr "kullanıcı kimliği %u olarak ayarlanamıyor"
+
+#: src/tgetpass.c:239
+#, c-format
+msgid "unable to run %s"
+msgstr "%s çalıştırılamıyor"
+
+#: src/utmp.c:278
+#, c-format
+msgid "unable to save stdin"
+msgstr "stdin kaydedilemiyor"
+
+#: src/utmp.c:280
+#, c-format
+msgid "unable to dup2 stdin"
+msgstr "dup2 stdin yapılamıyor"
+
+#: src/utmp.c:283
+#, c-format
+msgid "unable to restore stdin"
+msgstr "stdin geri yüklenemiyor"
+
+#~ msgid "unable to allocate memory"
+#~ msgstr "bellek ayırma başarısız"
+
+#~ msgid ": "
+#~ msgstr ": "
# Ukrainian translation for sudo.
# This file is put in the public domain.
#
-# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2012.
+# Yuri Chornoivan <yurchor@ukr.net>, 2011, 2012, 2013.
msgid ""
msgstr ""
-"Project-Id-Version: sudo 1.8.6b4\n"
+"Project-Id-Version: sudo 1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-13 21:36+0300\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-03 13:36+0300\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <translation-team-uk@lists.sourceforge.net>\n"
"Language: uk\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 1.5\n"
+"X-Generator: Lokalize 1.4\n"
"Plural-Forms: nplurals=1; plural=0;\n"
#: common/aix.c:150
msgid "internal error, tried to emalloc(0)"
msgstr "внутрішня помилка, спроба виконання emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "не вдалося отримати потрібний об’єм пам’яті"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "внутрішня помилка, спроба виконання emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "внутрішня помилка, спроба виконання erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "непідтримуване джерело групи, «%s», у %s, рядок %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "некоректна максимальна кількість груп, «%s», у %s, рядок %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "не вдалося виконати stat для %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s не є звичайним файлом"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s належить uid %u, має належати %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "Запис до «%s» можливий для довільного користувача"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "Запис до «%s» може здійснювати будь-який користувач з групи"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "не вдалося відкрити %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Невідомий сигнал"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "не вдалося виконати ініціалізацію сеансу через додаток правил"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "не вдалося створити відгалуження"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "не вдалося створити сокети"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "не вдалося створити канал"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "спроба виконати select зазнала невдачі"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "не вдалося відновити позначку tty"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "не вдалося вилучити PRIV_PROC_EXEC з PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "не вдалося розмістити pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "не вдалося створити канал"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "не вдалося перевести термінал у режим без обробки"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "не вдалося встановити tty для керування"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "помилка під час спроби читання з каналу сигналів"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "помилка під час спроби читання з каналу"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "помилка під час спроби читання з пари сокетів"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "неочікуваний тип відповіді на зворотному каналі: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "помилка у %s, рядок %d під час спроби завантаження додатка «%s»"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s має належати користувачеві з uid %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s має бути доступним до запису лише для власника"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "не вдалося виконати dlopen для %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "у %2$s не вдалося знайти символ «%1$s»"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: не вдалося знайти символ %s"
+msgid "unknown policy type %d found in %s"
+msgstr "у %2$s виявлено невідомий тип правил, %1$d"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: невідомий тип правил %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "несумісна основна версія додатка, %d, (мало бути %d) у %s"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: несумісна основна версія правил %d, мало бути — %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "ігноруємо додаток правил, «%s», у %s, рядок %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: можна завантажувати лише єдиний додаток правил"
+msgid "only a single policy plugin may be specified"
+msgstr "можна визначати лише один додаток обробки правил"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "ігноруємо повторний запис додатка правил, «%s», у %s, рядок %d"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "ігноруємо повторний запис додатка введення-виведення, «%s», у %s, рядок %d"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "до додатка правил %s не включено метод check_policy"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces: виявлено переповнення"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "не вдалося відкрити сокет"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "аргументом параметра -C mмає бути число не менше за 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "невідомий користувач: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "не можна одночасно вказувати параметри «-i» і «-s»"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "не можна одночасно вказувати параметри «-i» і «-E»"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "не можна використовувати «-E» у режимі редагування"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "не можна вказувати змінні середовища у режимі редагування"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "параметр «-U» можна використовувати лише разом з параметром «-l»"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "параметри «-A» і «-S» не можна використовувати одночасно"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "підтримки sudoedit для цієї платформи не передбачено"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Можна використовувати лише такі параметри: -e, -h, -i, -K, -l, -s, -v та -V"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s — редагувати файли від імені іншого користувача\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s — виконати команду від імені іншого користувача\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Параметри:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "використовувати допоміжну програму для запитів щодо пароля\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "використовувати вказаний тип розпізнавання BSD\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "виконати команду у фоновому режимі\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "закрити всі дескриптори файлів >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "виконати команду з вказаним класом доступу\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "зберегти середовище користувача на час виконання команди\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "редагувати файли замість виконання команди\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "виконати команду від імені вказаної групи користувачів\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "встановити для змінної HOME значення домашнього каталогу вказаного користувача.\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "показати довідкове повідомлення і завершити роботу\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "запустити оболонку для входу до системи від імені вказаного користувача\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "повністю вилучити файл часового штампу\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "позбавити чинності файл часового штампу\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "показати список доступних користувачеві команд\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "неінтерактивний режим, не просити користувача відповідати на питання\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "зберегти вектор групи, не встановлювати вектор вказаного користувача\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "використовувати вказаний інструмент отримання паролів\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "створити контекст захисту SELinux з вказаною роллю\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "прочитати пароль зі стандартного джерела вхідних даних\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "запустити командну оболонку від імені вказаного користувача\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "у списку показати права доступу вказаного користувача\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "виконати команду (або редагувати файл) від імені вказаного користувача\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "показати дані щодо версії і завершити роботу\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "оновити штамп часу користувача без виконання команди\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "зупинити обробку аргументів командного рядка\n"
msgid "unable to setup tty context for %s"
msgstr "не вдалося налаштувати контекст tty для %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "не вдалося встановити контекст виконання у значення %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "не вдалося встановити контекст ключа створення у значення %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "потребує принаймні одного аргументу"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "не вдалося виконати %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "перевищено обмеження керування ресурсами"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "користувач «%s» не є учасником проекту «%s»"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "викликане завдання є завершальним"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "не вдалося приєднатися до проекту «%s»"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "для проекту «%s» не існує сховища ресурсів, яке приймає типові прив’язки"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "у проекті «%s» не існує вказаного сховища ресурсів"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "не вдалося виконати прив’язку до типового сховища ресурсів проекту «%s»"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "помилка під час виконання setproject для проекту «%s»"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "попередження, помилка призначення керування ресурсами проекту «%s»"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Версія sudo %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Параметри налаштування: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "критична помилка, не вдалося завантажити додатки"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "не вдалося ініціалізувати додаток правил"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "помилка під час спроби ініціалізації додатка введення/виведення даних %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "неочікуваний режим sudo 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "не вдалося отримати вектор групи"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "невідомий uid %u: хто ви такий?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s має належати користувачеві з uid %d, крім того, має бути встановлено біт setuid"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "поточним uid не є %d. Можливо %s зберігається у файловій системі зі встановленим параметром «nosuid» або у файловій системі NFS без прав доступу root?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "поточним uid не є %d, sudo встановлено з ідентифікатором користувача root?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "перевищено обмеження керування ресурсами"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "користувач «%s» не є учасником проекту «%s»"
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "викликане завдання є завершальним"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "не вдалося приєднатися до проекту «%s»"
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "для проекту «%s» не існує сховища ресурсів, яке приймає типові прив’язки"
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "у проекті «%s» не існує вказаного сховища ресурсів"
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "не вдалося виконати прив’язку до типового сховища ресурсів проекту «%s»"
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "помилка під час виконання setproject для проекту «%s»"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "попередження, помилка призначення керування ресурсами проекту «%s»"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "невідомий клас входу %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "не вдалося встановити контекст користувача"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "не вдалося встановити ідентифікатори додаткових груп"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "не вдалося встановити ефективний ідентифікатор групи для ідентифікатора групи запуску %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "не вдалося встановити ідентифікатор групи для ідентифікатора групи запуску %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "не вдалося встановити пріоритет процесу"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "не вдалося змінити root на %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "не вдалося змінити uid користувача, від імені якого відбувається виконання (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "не вдалося змінити каталог на %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "неочікувана умова переривання дочірнього процесу: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "до додатка правил %s не включено метод «check_policy»"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "у додатку правил %s не передбачено підтримки побудови списку прав доступу"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "у додатку правил %s не передбачено підтримки параметра -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "у додатку правил %s не передбачено підтримки параметрів -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "не вдалося змінити значення uid на значення root (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "помилка додатка: не вистачає списку файлів для sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: не є звичайним файлом"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: короткий запис"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s залишено без змін"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s не змінено"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "не вдалося виконати запис до %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "дані сеансу редагування залишилися у %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "не вдалося виконати читання з файла тимчасових даних"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "не виявлено tty і не вказано програми askpass"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "не вказано програми askpass, спробуйте встановити значення змінної SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "не вдалося встановити gid у значення %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "не вдалося встановити uid у значення %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "не вдалося виконати %s"
msgid "unable to restore stdin"
msgstr "не вдалося відновити stdin"
+#~ msgid "unable to allocate memory"
+#~ msgstr "не вдалося отримати потрібний об’єм пам’яті"
+
+#~ msgid ": "
+#~ msgstr ": "
+
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "внутрішня помилка, переповнення emalloc2()"
# Vietnamese translation for sudo.
-# Copyright © 2012 Free Software Foundation, Inc.
-# This file is distributed under the same license as the sudo package.
-# Trần Ngọc Quân <vnwildman@gmail.com>, 2012.
+# This file is put in the public domain.
+# Trần Ngọc Quân <vnwildman@gmail.com>, 2012-2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo-1.8.6b4\n"
+"Project-Id-Version: sudo-1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-14 13:34+0700\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-05 08:20+0700\n"
"Last-Translator: Trần Ngọc Quân <vnwildman@gmail.com>\n"
"Language-Team: Vietnamese <translation-team-vi@lists.sourceforge.net>\n"
"Language: vi\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"Language-Team-Website: <http://translationproject.org/team/vi.html>\n"
"Plural-Forms: nplurals=2; plural=1;\n"
"X-Generator: LocFactoryEditor 1.8\n"
-"X-Poedit-Language: Vietnamese\n"
-"X-Poedit-Country: VIET NAM\n"
-"X-Poedit-SourceCharset: utf-8\n"
+"X-Poedit-SourceCharset: UTF-8\n"
#: common/aix.c:150
#, c-format
#: common/aix.c:153
#, c-format
msgid "unable to switch to registry \"%s\" for %s"
-msgstr "không thể chuyển đến sổ đăng ký \"%s\" cho %s"
+msgstr "không thể chuyển đến sổ đăng ký “%s” cho %s"
#: common/aix.c:170
#, c-format
msgid "internal error, tried to emalloc(0)"
msgstr "lỗi nội bộ, dùng thử erealloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "không thể cấp phát vùng nhớ"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "lỗi nội bộ, dùng thử erealloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "lỗi nội bộ, đã dùng erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s: %s: %s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s: %s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "nguồn nhóm không được hỗ trợ “%s” trong %s, dòng %d"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "nhóm tối đa không hợp lệ “%s” trong %s, dòng %d"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "không thể lấy trạng thái về %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s không phải tập tin thường"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s được sở hữu bởi uid %u, nên là %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s ai ghi cũng được"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s là nhóm có thể ghi"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "không mở được %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "Không hiểu tín hiệu"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ": "
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "phần bổ xung chính sách gặp lỗi khi khởi tạo phiên"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "không thể tạo tiến trình con"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "không thể tạo sockets"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "không tạo được đường ống pipe"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "lựa chọn gặp lỗi"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "không thể phục hồi nhãn cho tty"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "không thể xóa bỏ PRIV_PROC_EXEC từ PRIV_LIMIT"
msgid "unable to allocate pty"
msgstr "không thể phân bổ pty"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "không tạo được đường ống pipe"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
-msgstr "không thể đặt thiết bị cuối sang chế độ raw"
+msgstr "không thể đặt thiết bị cuối sang chế độ thô"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "không thể đặt điều khiển cho tty"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "lỗi khi đọc từ đường ống dẫn tín hiệu"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "gặp lỗi khi đọc từ một đường ống dẫn lệnh"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "gặp lỗi khi đọc từ socketpair"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "kiểu trả về không như mong đợi từ backchannel: %d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "lỗi trong %s, dòng %d, trong khi tải phần bổ sung “%s”"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s: %s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s: %s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s phải được sở hữu bởi uid %d"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s phải là những thứ chỉ có thể ghi bởi chủ sở hữu"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "không thể dlopen %s: %s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "không tìm thấy ký hiệu “%s” trong %s"
+
+#: src/load_plugins.c:201
+#, c-format
+msgid "unknown policy type %d found in %s"
+msgstr "không hiểu kiểu chính sách %d tìm thấy trong %s"
+
+#: src/load_plugins.c:207
+#, c-format
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "không tương thích số hiệu phiên bản lớn %d (cần %d) tìm thấy trong %s"
+
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s: không thể tìm thấy liên kết tượng trưng (symbol) %s"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "lờ đi phần bổ xung chính sách “%s” trong %s, dòng %d"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s: không hiểu kiểu chính sách %d"
+msgid "only a single policy plugin may be specified"
+msgstr "chỉ được phép chỉ định một phần bổ xung chính sách"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:221
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s: chính sách không tương thích với phiên bản %d, mong chờ %d"
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "lờ đi phần bổ xung chính sách bị trùng lặp “%s” trong %s, dòng %d"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:236
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s: chỉ có một phần bổ xung chính sách được tải lên thôi"
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "lờ đi phần bổ xung I/O trùng lặp “%s” trong %s, dòng %d"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "phần bổ xung chính sách %s không bao gồm phương thức kiểm tra chính sách"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
-msgstr "load_interfaces: bị tràn"
+msgstr "load_interfaces: đã có chỗ bị tràn"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "không mở được socket"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "đối số cho -C phải là một số lớn hơn hoặc bằng 3"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "không hiểu người dùng: %s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
-msgstr "bạn không thể chỉ định cả hai tùy chọn `-i' và `-s'"
+msgstr "bạn không thể chỉ định đồng thời cả hai tùy chọn “-i” và “-s”"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
-msgstr "bạn không thể chỉ định cả hai tùy chọn `-i' và `-E'"
+msgstr "bạn không thể chỉ định cả hai tùy chọn “-i” và “-E”"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
-msgstr "tùy chọn `-E' không hợp lệ trong chế độ chỉnh sửa"
+msgstr "tùy chọn “-E” không hợp lệ trong chế độ chỉnh sửa"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "bạn có lẽ không được chỉ định biến môi trường trong chế độ soạn thảo"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
-msgstr "tùy chọn `-U' chỉ sử dụng cùng với tùy chọn `-l'"
+msgstr "tùy chọn “-U” chỉ sử dụng cùng với tùy chọn “-l”"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
-msgstr "tùy chọn `-A' và `-S' không thể dùng cùng một lúc với nhau"
+msgstr "tùy chọn “-A” và “-S” không thể dùng cùng một lúc với nhau"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "sudoedit không được hỗ trợ trên nền tảng này"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "Chỉ có một trong số các tùy chọn -e, -h, -i, -K, -l, -s, -v hay -V được chỉ định"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - sửa chữa các tập tin trên danh nghĩa người dùng khác\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - thực hiện câu lệnh với người dùng khác\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"Tùy chọn:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "sử dụng chương trình trợ giúp cho hỏi đáp mật khẩu\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "sử dụng kiểu xác thực BSD được chỉ ra\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "chạy lệnh ở chế độ nền\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "đóng tất cả các mô tả của tập tin >= fd\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "chạy lệnh với một lớp đăng nhập được chỉ ra\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "ngăn ngừa môi trường người dùng khi thi hành lệnh\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "chỉnh sửa các tập tin thay vì chạy lệnh\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "thực hiện câu lệnh như là nhóm được chỉ định\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "đặt biến HOME cho thư mục home của người dùng đích.\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "hiển thị trợ giúp này rồi thoát\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "chạy shell đăng nhập như là người dùng đích\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "gỡ bỏ timestamp tập tin\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
-msgstr "làm mất hiệu lực timestamp của tập tin\n"
+msgstr "làm mất hiệu lực dấu vết thời gian (timestamp) của tập tin\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
-msgstr "danh sách các câu lệnh người dùng có thể sử dụng\n"
+msgstr "Danh sách các biến câu lệnh người dùng có thể sử dụng\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
-msgstr "chế độ không tương tác, không hỏi tên tài khoản người dùng\n"
+msgstr "chế độ không-tương-tác, sẽ không hỏi tên người dùng\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
-msgstr "ngăn ngừa véc tơ nhóm thay vì các cài đặt cho đích\n"
+msgstr "dành riêng véc-tơ nhóm thay vì các cài đặt cho đích\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
-msgstr "sử dụng nhắc nhập mật khẩu.\n"
+msgstr "sử dụng nhắc nhập mật khẩu đã cho.\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
-msgstr "tạo ngữ cảnh an ninh SELinux với vai trò đã được chỉ định\n"
+msgstr "tạo ngữ cảnh an ninh SELinux với vai trò đã đưa ra\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "đọc mật khẩu từ đầu vào tiêu chuẩn\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "chạy shell như là người dùng đích\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "khi liệt kê, liệt kê các đặc quyền của người dùng\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "chạy lệnh (hay sửa chữa tập tin) trên tư cách của người dùng đã chỉ định\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "hiển thị thông tin phiên bản rồi thoát\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
-msgstr "cập nhật dấu thời gian (timestamp) của người dùng mà không chạy một lệnh\n"
+msgstr "cập nhật dấu vết thời gian (timestamp) của người dùng mà không chạy một lệnh\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "dừng việc xử lý đối số dòng lệnh\n"
#: src/selinux.c:276
#, c-format
msgid "failed to set new role %s"
-msgstr "lỗi khi đặt đặt vai trò mới %s"
+msgstr "gặp lỗi khi đặt đặt vai trò mới %s"
#: src/selinux.c:280
#, c-format
msgid "failed to set new type %s"
-msgstr "lỗi khi đặt kiểu mới %s"
+msgstr "gặp lỗi khi đặt kiểu mới %s"
#: src/selinux.c:289
#, c-format
#: src/selinux.c:324
#, c-format
msgid "failed to get old_context"
-msgstr "lỗi lấy ngữ cảnh cũ"
+msgstr "gặp lỗi khi lấy ngữ cảnh cũ"
#: src/selinux.c:330
#, c-format
msgid "unable to setup tty context for %s"
msgstr "không thể cài đặt ngữ cảnh tty mới cho %s"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "không thể đặt ngữ cảnh bảo thực thi thành %s"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "không thể đặt ngữ cảnh tạo khóa thành %s"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "cần thiết ít nhất một đối số"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "không thể thực thi %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "giới hạn điều khiển tài nguyên đã tới hạn"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "người dùng “%s” không phải là thành viên của dự án “%s”"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "tác vụ được gọi là cuối cùng"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "không thể gia nhập dự án “%s”"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "không kho tài nguyên chung nào được thừa nhận ràng buộc đã tồn tại sẵn cho dự án “%s”"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "nguồn tài nguyên chung được chỉ ra chưa tồn tại cho dự án “%s”"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "không thể buộc phần tài nguyên chung mặc định cho dự án “%s”"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "đặt dự án cho dự án “%s” gặp lỗi"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "cảnh báo, nguồn điều khiển gán gặp lỗi cho dự án “%s”"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Phiên bản sudo %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "Các tùy chọn cấu hình: %s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "lỗi nghiêm trọng, không thể tải plugins"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "không thể khởi tạo phần bổ xung chính sách"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "Gặp lỗi khi nạp phần bổ sung I/O %s"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "không mong đợi chế độ sudo 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
-msgstr "không thể lấy véc tơ nhóm"
+msgstr "không thể lấy véc-tơ nhóm"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "không hiểu uid %u: bạn là ai?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s phải được sở hữu bởi uid %d và bít setuid phải được đặt"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
-msgstr "uid hữu hiệu thì không là %d, %s trên hệ thống tập tin với tuỳ chọn 'nosuid' được đặt, hay một hệ thống tập tin NFS không có đặc quyền của root có phải vậy không?"
+msgstr "uid hữu hiệu thì không là %d, %s trên hệ thống tập tin với tuỳ chọn “nosuid” được đặt, hay một hệ thống tập tin NFS không có đặc quyền của root có phải vậy không?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "uid hữu hiệu thì không là %d, chương trình sudo có được cài với setuid root không?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "giới hạn điều khiển tài nguyên đã tới hạn"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "người dùng \"%s\" không phải là thành viên của dự án \"%s\""
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "tác vụ được gọi đã kết thúc"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "không thể gia nhập dự án \"%s\""
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "không kho tài nguyên chung nào được thừa nhận ràng buộc đã tồn tại sẵn cho dự án \"%s\""
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "nguồn tài nguyên chung được chỉ ra chưa tồn tại cho dự án \"%s\""
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "không thể buộc phần tài nguyên chung mặc định cho dự án \"%s\""
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "đặt dự án cho dự án \"%s\" gặp lỗi"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "cảnh báo, nguồn điều khiển gán gặp lỗi cho dự án \"%s\""
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "không rõ lớp đăng nhập %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "không thể đặt ngữ cảnh người dùng"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "không thể đặt nhóm phụ IDs"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "không thể đặt hiệu ứng gid chạy như là gid %u"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "không thể thay đổi gid thành runas gid %u"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "không thể đặt ưu tiên cho quá trình"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "không thể chuyển đổi thư mục gốc thành %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "không thể thay đổi thành runas uid (%u, %u)"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "không thể thay đổi thư mục thành %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "biểu thức điều kiện con kết thúc không như mong đợi: %d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "phần bổ xung chính sách %s bị thiếu phương thức kiểm tra chính sách “check_policy”"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "phần bổ xung chính sách %s không hỗ trợ liệt kê đặc quyền"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "phần bổ xung chính sách %s không hỗ trợ tùy chọn -v"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "phần bổ xung chính sách %s không hỗ trợ tùy chọn -k/-K"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "không thể thay đổi uid thành root (%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "lỗi phần bổ xung: thiếu danh sách tập tin cho sudoedit"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s: không phải là tập tin thường"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s: ghi ngắn"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s còn lại chưa thay đổi"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s không thay đổi"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "không thể ghi vào %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "nội dung của phiên chỉnh sửa chỉ còn %s"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "Không đọc tập tin tạm thời"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "không có tty hiện diện và không có chương trình hỏi mật khẩu nào được chỉ ra"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "không có chương trình hỏi mật khẩu nào được chỉ ra, hãy thử cài đặt SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "không thể đặt gid thành %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "không thể đặt uid thành %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "không thể chạy %s"
msgid "unable to restore stdin"
msgstr "không thể phục hồi stdin"
+#~ msgid "unable to allocate memory"
+#~ msgstr "không thể cấp phát vùng nhớ"
+
+#~ msgid ": "
+#~ msgstr ": "
+
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "lỗi nội bộ, erealloc2() bị tràn"
# Chinese simplified translation for sudo.
# sudo 的简体中文翻译。
# This file is put in the public domain.
-# Wylmer Wang <wantinghard@gmail.com>, 2011, 2012.
+# Wylmer Wang <wantinghard@gmail.com>, 2011, 2012, 2013.
#
msgid ""
msgstr ""
-"Project-Id-Version: sudo-1.8.6b4\n"
+"Project-Id-Version: sudo-1.8.7b1\n"
"Report-Msgid-Bugs-To: http://www.sudo.ws/bugs\n"
-"POT-Creation-Date: 2012-08-10 13:08-0400\n"
-"PO-Revision-Date: 2012-08-21 10:16+0800\n"
+"POT-Creation-Date: 2013-04-02 10:40-0400\n"
+"PO-Revision-Date: 2013-04-07 09:43+0800\n"
"Last-Translator: Wylmer Wang <wantinghard@gmail.com>\n"
"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
"Language: zh_CN\n"
msgid "internal error, tried to emalloc(0)"
msgstr "内部错误,试图 emalloc(0)"
-#: common/alloc.c:85 common/alloc.c:105 common/alloc.c:127 common/alloc.c:146
-#: common/alloc.c:168 common/alloc.c:192 common/alloc.c:256 common/alloc.c:270
-#: src/exec_common.c:111 src/parse_args.c:430 src/sudo.c:456 src/sudo.c:482
-#: src/sudo.c:489 src/sudo.c:500 src/sudo.c:759
-#, c-format
-msgid "unable to allocate memory"
-msgstr "无法分配内存"
-
#: common/alloc.c:99
msgid "internal error, tried to emalloc2(0)"
msgstr "内部错误,试图 emalloc2(0)"
msgid "internal error, tried to erecalloc(0)"
msgstr "内部错误,试图 erecalloc(0)"
-#: common/sudo_conf.c:305
+#: common/error.c:154
+#, c-format
+msgid "%s: %s: %s\n"
+msgstr "%s:%s:%s\n"
+
+#: common/error.c:157 common/error.c:161
+#, c-format
+msgid "%s: %s\n"
+msgstr "%s:%s\n"
+
+#: common/sudo_conf.c:172
+#, c-format
+msgid "unsupported group source `%s' in %s, line %d"
+msgstr "不支持 %2$s 第 %3$d 行的组来源“%1$s”"
+
+#: common/sudo_conf.c:186
+#, c-format
+msgid "invalid max groups `%s' in %s, line %d"
+msgstr "%2$s 第 %3$d 行的最大组数“%1$s”无效"
+
+#: common/sudo_conf.c:382
#, c-format
msgid "unable to stat %s"
msgstr "无法 stat %s"
-#: common/sudo_conf.c:308
+#: common/sudo_conf.c:385
#, c-format
msgid "%s is not a regular file"
msgstr "%s 不是常规文件"
-#: common/sudo_conf.c:311
+#: common/sudo_conf.c:388
#, c-format
msgid "%s is owned by uid %u, should be %u"
msgstr "%s 属于用户 ID %u,应为 %u"
-#: common/sudo_conf.c:315
+#: common/sudo_conf.c:392
#, c-format
msgid "%s is world writable"
msgstr "%s 可被任何人写"
-#: common/sudo_conf.c:318
+#: common/sudo_conf.c:395
#, c-format
msgid "%s is group writable"
msgstr "%s 可被用户组写"
-#: common/sudo_conf.c:327 src/selinux.c:196 src/selinux.c:209 src/sudo.c:331
+#: common/sudo_conf.c:405 src/selinux.c:196 src/selinux.c:209 src/sudo.c:328
#, c-format
msgid "unable to open %s"
msgstr "打不开 %s"
-#: compat/strsignal.c:47
+#: compat/strsignal.c:50
msgid "Unknown signal"
msgstr "未知信号"
-#: src/error.c:82 src/error.c:86
-msgid ": "
-msgstr ":"
-
-#: src/exec.c:113 src/exec_pty.c:674
+#: src/exec.c:127 src/exec_pty.c:685
#, c-format
msgid "policy plugin failed session initialization"
msgstr "策略插件会话初始化失败"
-#: src/exec.c:118 src/exec_pty.c:690 src/exec_pty.c:1035 src/tgetpass.c:221
+#: src/exec.c:132 src/exec_pty.c:701 src/exec_pty.c:1066 src/tgetpass.c:220
#, c-format
msgid "unable to fork"
msgstr "无法执行 fork"
-#: src/exec.c:268
+#: src/exec.c:259
#, c-format
msgid "unable to create sockets"
msgstr "无法创建套接字"
-#: src/exec.c:275 src/exec_pty.c:613 src/exec_pty.c:622 src/exec_pty.c:630
-#: src/exec_pty.c:960 src/exec_pty.c:1032 src/tgetpass.c:218
-#, c-format
-msgid "unable to create pipe"
-msgstr "无法创建管道"
-
-#: src/exec.c:365 src/exec_pty.c:1102 src/exec_pty.c:1240
+#: src/exec.c:347 src/exec_pty.c:1130 src/exec_pty.c:1268
#, c-format
msgid "select failed"
msgstr "select 失败"
-#: src/exec.c:467
+#: src/exec.c:449
#, c-format
msgid "unable to restore tty label"
msgstr "无法恢复终端标签"
-#: src/exec_common.c:69
+#: src/exec_common.c:70
#, c-format
msgid "unable to remove PRIV_PROC_EXEC from PRIV_LIMIT"
msgstr "无法从 PRIV_LIMIT 中移除 PRIV_PROC_EXEC"
msgid "unable to allocate pty"
msgstr "无法分配伪终端"
-#: src/exec_pty.c:665
+#: src/exec_pty.c:623 src/exec_pty.c:632 src/exec_pty.c:640 src/exec_pty.c:986
+#: src/exec_pty.c:1063 src/signal.c:126 src/tgetpass.c:217
+#, c-format
+msgid "unable to create pipe"
+msgstr "无法创建管道"
+
+#: src/exec_pty.c:676
#, c-format
msgid "unable to set terminal to raw mode"
msgstr "无法将终端设为原始模式"
-#: src/exec_pty.c:1013
+#: src/exec_pty.c:1042
#, c-format
msgid "unable to set controlling tty"
msgstr "无法设置控制终端"
-#: src/exec_pty.c:1111
+#: src/exec_pty.c:1139
#, c-format
msgid "error reading from signal pipe"
msgstr "从单管道读取出错"
-#: src/exec_pty.c:1132
+#: src/exec_pty.c:1160
#, c-format
msgid "error reading from pipe"
msgstr "从管道读取出错"
-#: src/exec_pty.c:1148
+#: src/exec_pty.c:1176
#, c-format
msgid "error reading from socketpair"
msgstr "从套接字对读取出错"
-#: src/exec_pty.c:1152
+#: src/exec_pty.c:1180
#, c-format
msgid "unexpected reply type on backchannel: %d"
msgstr "联络通道的回应类型异常:%d"
-#: src/load_plugins.c:74
+#: src/load_plugins.c:70 src/load_plugins.c:79 src/load_plugins.c:132
+#: src/load_plugins.c:138 src/load_plugins.c:144 src/load_plugins.c:185
+#: src/load_plugins.c:192 src/load_plugins.c:199 src/load_plugins.c:205
+#, c-format
+msgid "error in %s, line %d while loading plugin `%s'"
+msgstr "在加载插件“%3$s”时在 %1$s 第 %2$d 行出错"
+
+#: src/load_plugins.c:72
#, c-format
msgid "%s: %s"
msgstr "%s:%s"
-#: src/load_plugins.c:80
+#: src/load_plugins.c:81
#, c-format
msgid "%s%s: %s"
msgstr "%s%s:%s"
-#: src/load_plugins.c:90
+#: src/load_plugins.c:140
#, c-format
msgid "%s must be owned by uid %d"
msgstr "%s 必须属于用户 ID %d(的用户)"
-#: src/load_plugins.c:94
+#: src/load_plugins.c:146
#, c-format
msgid "%s must be only be writable by owner"
msgstr "%s 必须只对其所有者可写"
-#: src/load_plugins.c:101
+#: src/load_plugins.c:187
#, c-format
msgid "unable to dlopen %s: %s"
msgstr "无法 dlopen %s:%s"
-#: src/load_plugins.c:106
+#: src/load_plugins.c:194
+#, c-format
+msgid "unable to find symbol `%s' in %s"
+msgstr "在 %2$s 中找不到符号“%1$s”"
+
+#: src/load_plugins.c:201
#, c-format
-msgid "%s: unable to find symbol %s"
-msgstr "%s:找不到符号 %s"
+msgid "unknown policy type %d found in %s"
+msgstr "%2$s 中的策略类型 %1$d 未知"
-#: src/load_plugins.c:112
+#: src/load_plugins.c:207
#, c-format
-msgid "%s: unknown policy type %d"
-msgstr "%s:未知的策略类型 %d"
+msgid "incompatible plugin major version %d (expected %d) found in %s"
+msgstr "%3$s 中发现不兼容的插件主版本号 %1$d(应为 %2$d)"
-#: src/load_plugins.c:116
+#: src/load_plugins.c:216
#, c-format
-msgid "%s: incompatible policy major version %d, expected %d"
-msgstr "%s:不兼容的策略主版本号 %d,应为 %d"
+msgid "ignoring policy plugin `%s' in %s, line %d"
+msgstr "忽略位于 %2$s 第 %3$d 行的策略插件“%1$s”"
-#: src/load_plugins.c:123
+#: src/load_plugins.c:218
#, c-format
-msgid "%s: only a single policy plugin may be loaded"
-msgstr "%s:只能加载一个策略插件"
+msgid "only a single policy plugin may be specified"
+msgstr "只能指定一个策略插件"
-#: src/load_plugins.c:200
+#: src/load_plugins.c:221
+#, c-format
+msgid "ignoring duplicate policy plugin `%s' in %s, line %d"
+msgstr "忽略位于 %2$s 第 %3$d 行的重复策略插件“%1$s”"
+
+#: src/load_plugins.c:236
+#, c-format
+msgid "ignoring duplicate I/O plugin `%s' in %s, line %d"
+msgstr "忽略位于 %2$s 第 %3$d 行的重复 I/O 插件“%1$s”"
+
+#: src/load_plugins.c:313
#, c-format
msgid "policy plugin %s does not include a check_policy method"
msgstr "策略插件 %s 不包含 check_policy 方法"
-#: src/net_ifs.c:157 src/net_ifs.c:166 src/net_ifs.c:178 src/net_ifs.c:187
-#: src/net_ifs.c:298 src/net_ifs.c:322
+#: src/net_ifs.c:156 src/net_ifs.c:165 src/net_ifs.c:177 src/net_ifs.c:186
+#: src/net_ifs.c:297 src/net_ifs.c:321
#, c-format
msgid "load_interfaces: overflow detected"
msgstr "load_interfaces:检测到溢出"
-#: src/net_ifs.c:227
+#: src/net_ifs.c:226
#, c-format
msgid "unable to open socket"
msgstr "无法打开套接字"
-#: src/parse_args.c:187
+#: src/parse_args.c:197
#, c-format
msgid "the argument to -C must be a number greater than or equal to 3"
msgstr "-C 选项的参数必须是一个大于等于 3 的数字"
-#: src/parse_args.c:276
+#: src/parse_args.c:286
#, c-format
msgid "unknown user: %s"
msgstr "未知用户:%s"
-#: src/parse_args.c:335
+#: src/parse_args.c:345
#, c-format
msgid "you may not specify both the `-i' and `-s' options"
msgstr "您不能同时指定“-i”和“-s”选项"
-#: src/parse_args.c:339
+#: src/parse_args.c:349
#, c-format
msgid "you may not specify both the `-i' and `-E' options"
msgstr "您不能同时指定“-i”和“-E”选项"
-#: src/parse_args.c:349
+#: src/parse_args.c:359
#, c-format
msgid "the `-E' option is not valid in edit mode"
msgstr "“-E”选项在编辑模式中无效"
-#: src/parse_args.c:351
+#: src/parse_args.c:361
#, c-format
msgid "you may not specify environment variables in edit mode"
msgstr "在编辑模式中您不能指定环境变量"
-#: src/parse_args.c:359
+#: src/parse_args.c:369
#, c-format
msgid "the `-U' option may only be used with the `-l' option"
msgstr "“-U”选项只能与“-l”选项一起使用"
-#: src/parse_args.c:363
+#: src/parse_args.c:373
#, c-format
msgid "the `-A' and `-S' options may not be used together"
msgstr "“-A”和“-S”选项不可同时使用"
-#: src/parse_args.c:443
+#: src/parse_args.c:456
#, c-format
msgid "sudoedit is not supported on this platform"
msgstr "此平台不支持 sudoedit"
-#: src/parse_args.c:516
+#: src/parse_args.c:529
#, c-format
msgid "Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified"
msgstr "只能指定 -e、-h、-i、-K、-l、-s、-v 或 -V 选项中的一个"
-#: src/parse_args.c:530
+#: src/parse_args.c:543
#, c-format
msgid ""
"%s - edit files as another user\n"
"%s - 以其他用户身份编辑文件\n"
"\n"
-#: src/parse_args.c:532
+#: src/parse_args.c:545
#, c-format
msgid ""
"%s - execute a command as another user\n"
"%s - 以其他用户身份执行一条命令\n"
"\n"
-#: src/parse_args.c:537
+#: src/parse_args.c:550
#, c-format
msgid ""
"\n"
"\n"
"选项:\n"
-#: src/parse_args.c:540
+#: src/parse_args.c:552
msgid "use helper program for password prompting\n"
msgstr "使用助手程序进行密码提示\n"
-#: src/parse_args.c:543
+#: src/parse_args.c:555
msgid "use specified BSD authentication type\n"
msgstr "使用指定的 BSD 认证类型\n"
-#: src/parse_args.c:545
+#: src/parse_args.c:558
msgid "run command in the background\n"
msgstr "在后台运行命令\n"
-#: src/parse_args.c:547
+#: src/parse_args.c:560
msgid "close all file descriptors >= fd\n"
msgstr "关闭所有 >= fd 的文件描述符\n"
-#: src/parse_args.c:550
+#: src/parse_args.c:563
msgid "run command with specified login class\n"
msgstr "以指定的登录类别运行命令\n"
-#: src/parse_args.c:553
+#: src/parse_args.c:566
msgid "preserve user environment when executing command\n"
msgstr "在执行命令时保留用户环境\n"
-#: src/parse_args.c:555
+#: src/parse_args.c:568
msgid "edit files instead of running a command\n"
msgstr "编辑文件而非执行命令\n"
-#: src/parse_args.c:557
+#: src/parse_args.c:570
msgid "execute command as the specified group\n"
msgstr "以指定的用户组执行命令\n"
-#: src/parse_args.c:559
+#: src/parse_args.c:572
msgid "set HOME variable to target user's home dir.\n"
msgstr "将 HOME 变量设为目标用户的主目录。\n"
-#: src/parse_args.c:561
+#: src/parse_args.c:574
msgid "display help message and exit\n"
msgstr "显示帮助消息并退出\n"
-#: src/parse_args.c:563
+#: src/parse_args.c:576
msgid "run a login shell as target user\n"
msgstr "以目标用户身份运行一个登录 shell\n"
-#: src/parse_args.c:565
+#: src/parse_args.c:578
msgid "remove timestamp file completely\n"
msgstr "完全移除时间戳文件\n"
-#: src/parse_args.c:567
+#: src/parse_args.c:580
msgid "invalidate timestamp file\n"
msgstr "无效的时间戳文件\n"
-#: src/parse_args.c:569
+#: src/parse_args.c:582
msgid "list user's available commands\n"
msgstr "列出用户能执行的命令\n"
-#: src/parse_args.c:571
+#: src/parse_args.c:584
msgid "non-interactive mode, will not prompt user\n"
msgstr "非交互模式,将不提示用户\n"
-#: src/parse_args.c:573
+#: src/parse_args.c:586
msgid "preserve group vector instead of setting to target's\n"
msgstr "保留组向量,而非设置为目标的组向量\n"
-#: src/parse_args.c:575
+#: src/parse_args.c:588
msgid "use specified password prompt\n"
msgstr "使用指定的密码提示\n"
-#: src/parse_args.c:578 src/parse_args.c:586
+#: src/parse_args.c:591 src/parse_args.c:599
msgid "create SELinux security context with specified role\n"
msgstr "以指定的角色创建 SELinux 安全环境\n"
-#: src/parse_args.c:581
+#: src/parse_args.c:594
msgid "read password from standard input\n"
msgstr "从标准输入读取密码\n"
-#: src/parse_args.c:583
+#: src/parse_args.c:596
msgid "run a shell as target user\n"
msgstr "以目标用户身份运行 shell\n"
-#: src/parse_args.c:589
+#: src/parse_args.c:602
msgid "when listing, list specified user's privileges\n"
msgstr "在列表时,列出指定用户的权限\n"
-#: src/parse_args.c:591
+#: src/parse_args.c:604
msgid "run command (or edit file) as specified user\n"
msgstr "以指定用户身份运行命令(或编辑文件)\n"
-#: src/parse_args.c:593
+#: src/parse_args.c:606
msgid "display version information and exit\n"
msgstr "显示版本信息并退出\n"
-#: src/parse_args.c:595
+#: src/parse_args.c:608
msgid "update user's timestamp without running a command\n"
msgstr "更新用户的时间戳而不执行命令\n"
-#: src/parse_args.c:597
+#: src/parse_args.c:610
msgid "stop processing command line arguments\n"
msgstr "停止处理命令行参数\n"
msgid "unable to setup tty context for %s"
msgstr "无法设置 %s 的终端环境"
-#: src/selinux.c:373
+#: src/selinux.c:381
#, c-format
msgid "unable to set exec context to %s"
msgstr "无法向 %s 设置 exec 环境"
-#: src/selinux.c:380
+#: src/selinux.c:388
#, c-format
msgid "unable to set key creation context to %s"
msgstr "无法向 %s 设置键创建环境"
-#: src/sesh.c:70
+#: src/sesh.c:57
#, c-format
msgid "requires at least one argument"
msgstr "要求至少有一个参数"
-#: src/sesh.c:91
+#: src/sesh.c:78 src/sudo.c:1126
#, c-format
msgid "unable to execute %s"
msgstr "无法执行 %s"
-#: src/sudo.c:211
+#: src/solaris.c:88
+#, c-format
+msgid "resource control limit has been reached"
+msgstr "达到了资源控制限制"
+
+#: src/solaris.c:91
+#, c-format
+msgid "user \"%s\" is not a member of project \"%s\""
+msgstr "用户“%s”不是项目“%s”的成员"
+
+#: src/solaris.c:95
+#, c-format
+msgid "the invoking task is final"
+msgstr "调用的任务是最终的(final)"
+
+#: src/solaris.c:98
+#, c-format
+msgid "could not join project \"%s\""
+msgstr "无法加入项目“%s”"
+
+#: src/solaris.c:103
+#, c-format
+msgid "no resource pool accepting default bindings exists for project \"%s\""
+msgstr "不存在对应于项目“%s”的、接受默认绑定的资源池"
+
+#: src/solaris.c:107
+#, c-format
+msgid "specified resource pool does not exist for project \"%s\""
+msgstr "指定的对应于项目“%s”的资源池不存在"
+
+#: src/solaris.c:111
+#, c-format
+msgid "could not bind to default resource pool for project \"%s\""
+msgstr "无法为项目“%s”绑定到默认的资源池"
+
+#: src/solaris.c:117
+#, c-format
+msgid "setproject failed for project \"%s\""
+msgstr "对项目“%s”执行 setproject 失败"
+
+#: src/solaris.c:119
+#, c-format
+msgid "warning, resource control assignment failed for project \"%s\""
+msgstr "警告,对项目“%s”的资源控制分配失败"
+
+#: src/sudo.c:196
#, c-format
msgid "Sudo version %s\n"
msgstr "Sudo 版本 %s\n"
-#: src/sudo.c:213
+#: src/sudo.c:198
#, c-format
msgid "Configure options: %s\n"
msgstr "当前选项:%s\n"
-#: src/sudo.c:218
+#: src/sudo.c:203
#, c-format
msgid "fatal error, unable to load plugins"
msgstr "致命错误,无法加载插件"
-#: src/sudo.c:226
+#: src/sudo.c:211
#, c-format
msgid "unable to initialize policy plugin"
msgstr "无法初始化策略插件"
-#: src/sudo.c:281
+#: src/sudo.c:268
#, c-format
msgid "error initializing I/O plugin %s"
msgstr "初始化 I/O 插件 %s 出错"
-#: src/sudo.c:306
+#: src/sudo.c:293
#, c-format
msgid "unexpected sudo mode 0x%x"
msgstr "异常的 sudo 模式 0x%x"
-#: src/sudo.c:400
+#: src/sudo.c:413
#, c-format
msgid "unable to get group vector"
msgstr "无法获取组向量"
-#: src/sudo.c:452
+#: src/sudo.c:465
#, c-format
msgid "unknown uid %u: who are you?"
msgstr "未知的用户 ID %u:您是?"
-#: src/sudo.c:782
+#: src/sudo.c:802
#, c-format
msgid "%s must be owned by uid %d and have the setuid bit set"
msgstr "%s 必须属于用户 ID %d(的用户)并且设置 setuid 位"
-#: src/sudo.c:785
+#: src/sudo.c:805
#, c-format
msgid "effective uid is not %d, is %s on a file system with the 'nosuid' option set or an NFS file system without root privileges?"
msgstr "有效用户 ID 不是 %d,%s 位于一个设置了“nosuid”选项的文件系统或没有 root 权限的 NFS 文件系统中吗?"
-#: src/sudo.c:791
+#: src/sudo.c:811
#, c-format
msgid "effective uid is not %d, is sudo installed setuid root?"
msgstr "有效用户 ID 不是 %d,sudo 属于 root 并设置了 setuid 位吗?"
-#: src/sudo.c:860
-#, c-format
-msgid "resource control limit has been reached"
-msgstr "达到了资源控制限制"
-
-#: src/sudo.c:863
-#, c-format
-msgid "user \"%s\" is not a member of project \"%s\""
-msgstr "用户“%s”不是项目“%s”的成员"
-
-#: src/sudo.c:867
-#, c-format
-msgid "the invoking task is final"
-msgstr "调用的任务是最终的(final)"
-
-#: src/sudo.c:870
-#, c-format
-msgid "could not join project \"%s\""
-msgstr "无法加入项目“%s”"
-
-#: src/sudo.c:875
-#, c-format
-msgid "no resource pool accepting default bindings exists for project \"%s\""
-msgstr "不存在对应于项目“%s”的、接受默认绑定的资源池"
-
-#: src/sudo.c:879
-#, c-format
-msgid "specified resource pool does not exist for project \"%s\""
-msgstr "指定的对应于项目“%s”的资源池不存在"
-
-#: src/sudo.c:883
-#, c-format
-msgid "could not bind to default resource pool for project \"%s\""
-msgstr "无法为项目“%s”绑定到默认的资源池"
-
-#: src/sudo.c:889
-#, c-format
-msgid "setproject failed for project \"%s\""
-msgstr "对项目“%s”执行 setproject 失败"
-
-#: src/sudo.c:891
-#, c-format
-msgid "warning, resource control assignment failed for project \"%s\""
-msgstr "警告,对项目“%s”的资源控制分配失败"
-
-#: src/sudo.c:959
+#: src/sudo.c:915
#, c-format
msgid "unknown login class %s"
msgstr "未知的登录类别 %s"
-#: src/sudo.c:973 src/sudo.c:976
+#: src/sudo.c:929 src/sudo.c:932
#, c-format
msgid "unable to set user context"
msgstr "无法设置用户环境"
-#: src/sudo.c:988
+#: src/sudo.c:944
#, c-format
msgid "unable to set supplementary group IDs"
msgstr "无法设置补充组 ID"
-#: src/sudo.c:995
+#: src/sudo.c:951
#, c-format
msgid "unable to set effective gid to runas gid %u"
msgstr "无法设置有效组 ID 来以组 ID %u 运行"
-#: src/sudo.c:1001
+#: src/sudo.c:957
#, c-format
msgid "unable to set gid to runas gid %u"
msgstr "无法设置组 ID 来以组 ID %u 运行"
-#: src/sudo.c:1008
+#: src/sudo.c:964
#, c-format
msgid "unable to set process priority"
msgstr "无法设置进程优先级"
-#: src/sudo.c:1016
+#: src/sudo.c:972
#, c-format
msgid "unable to change root to %s"
msgstr "无法从 root 切换到 %s"
-#: src/sudo.c:1023 src/sudo.c:1029 src/sudo.c:1035
+#: src/sudo.c:979 src/sudo.c:985 src/sudo.c:991
#, c-format
msgid "unable to change to runas uid (%u, %u)"
msgstr "无法切换到以用户 ID(%u,%u)运行"
-#: src/sudo.c:1049
+#: src/sudo.c:1005
#, c-format
msgid "unable to change directory to %s"
msgstr "无法将目录切换到 %s"
-#: src/sudo.c:1133
+#: src/sudo.c:1089
#, c-format
msgid "unexpected child termination condition: %d"
msgstr "异常的子进程终止条件:%d"
-#: src/sudo.c:1194
+#: src/sudo.c:1146
+#, c-format
+msgid "policy plugin %s is missing the `check_policy' method"
+msgstr "“check_policy”方法中缺少策略插件 %s"
+
+#: src/sudo.c:1159
#, c-format
msgid "policy plugin %s does not support listing privileges"
msgstr "策略插件 %s 不支持列出权限"
-#: src/sudo.c:1206
+#: src/sudo.c:1171
#, c-format
msgid "policy plugin %s does not support the -v option"
msgstr "策略插件 %s不支持 -v 选项"
-#: src/sudo.c:1218
+#: src/sudo.c:1183
#, c-format
msgid "policy plugin %s does not support the -k/-K options"
msgstr "策略插件 %s 不支持 -k/-K 选项"
-#: src/sudo_edit.c:111
+#: src/sudo_edit.c:110
#, c-format
msgid "unable to change uid to root (%u)"
msgstr "无法将用户 ID 切换到 root(%u)"
-#: src/sudo_edit.c:143
+#: src/sudo_edit.c:142
#, c-format
msgid "plugin error: missing file list for sudoedit"
msgstr "插件错误:缺少 sudoedit 的文件列表"
-#: src/sudo_edit.c:171 src/sudo_edit.c:271
+#: src/sudo_edit.c:170 src/sudo_edit.c:270
#, c-format
msgid "%s: not a regular file"
msgstr "%s:不是常规文件"
-#: src/sudo_edit.c:205 src/sudo_edit.c:307
+#: src/sudo_edit.c:204 src/sudo_edit.c:306
#, c-format
msgid "%s: short write"
msgstr "%s:截短写入"
-#: src/sudo_edit.c:272
+#: src/sudo_edit.c:271
#, c-format
msgid "%s left unmodified"
msgstr "%s 并未修改"
-#: src/sudo_edit.c:285
+#: src/sudo_edit.c:284
#, c-format
msgid "%s unchanged"
msgstr "%s 已更改"
-#: src/sudo_edit.c:297 src/sudo_edit.c:318
+#: src/sudo_edit.c:296 src/sudo_edit.c:317
#, c-format
msgid "unable to write to %s"
msgstr "无法写入 %s"
-#: src/sudo_edit.c:298 src/sudo_edit.c:316 src/sudo_edit.c:319
+#: src/sudo_edit.c:297 src/sudo_edit.c:315 src/sudo_edit.c:318
#, c-format
msgid "contents of edit session left in %s"
msgstr "编辑会话的内容留在了 %s 中"
-#: src/sudo_edit.c:315
+#: src/sudo_edit.c:314
#, c-format
msgid "unable to read temporary file"
msgstr "无法读取临时文件"
-#: src/tgetpass.c:90
+#: src/tgetpass.c:89
#, c-format
msgid "no tty present and no askpass program specified"
msgstr "没有终端存在,且未指定 askpass 程序"
-#: src/tgetpass.c:99
+#: src/tgetpass.c:98
#, c-format
msgid "no askpass program specified, try setting SUDO_ASKPASS"
msgstr "没有指定 askpass 程序,尝试设置 SUDO_ASKPASS"
-#: src/tgetpass.c:231
+#: src/tgetpass.c:230
#, c-format
msgid "unable to set gid to %u"
msgstr "无法将组 ID 设为 %u"
-#: src/tgetpass.c:235
+#: src/tgetpass.c:234
#, c-format
msgid "unable to set uid to %u"
msgstr "无法将用户 ID 设为 %u"
-#: src/tgetpass.c:240
+#: src/tgetpass.c:239
#, c-format
msgid "unable to run %s"
msgstr "无法执行 %s"
msgid "unable to restore stdin"
msgstr "无法恢复 stdin"
+#~ msgid "unable to allocate memory"
+#~ msgstr "无法分配内存"
+
+#~ msgid ": "
+#~ msgstr ":"
+
#~ msgid "internal error, emalloc2() overflow"
#~ msgstr "内部错误,emalloc2() 溢出"
/*
- * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010, 2011 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
--- /dev/null
+/*
+ * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <unistd.h>
+#include <errno.h>
+
+#include "missing.h"
+#include "alloc.h"
+#include "error.h"
+
+__dso_public int main(int argc, char *argv[]);
+
+extern char *get_process_ttyname(void);
+
+int
+main(int argc, char *argv[])
+{
+ char *tty_libc, *tty_sudo;
+ int rval = 0;
+
+#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
+ setprogname(argc > 0 ? argv[0] : "check_ttyname");
+#endif
+
+ /* Lookup tty name via libc. */
+ if ((tty_libc = ttyname(STDIN_FILENO)) == NULL &&
+ (tty_libc = ttyname(STDOUT_FILENO)) == NULL &&
+ (tty_libc = ttyname(STDERR_FILENO)) == NULL)
+ tty_libc = "none";
+ tty_libc = estrdup(tty_libc);
+
+ /* Lookup tty name via sudo (using kernel info if possible). */
+ if ((tty_sudo = get_process_ttyname()) == NULL)
+ tty_sudo = estrdup("none");
+
+ if (strcmp(tty_libc, tty_sudo) == 0) {
+ printf("%s: OK (%s)\n", getprogname(), tty_sudo);
+ } else {
+ printf("%s: FAIL %s (sudo) vs. %s (libc)\n", getprogname(),
+ tty_sudo, tty_libc);
+ rval = 1;
+ }
+
+ efree(tty_libc);
+ efree(tty_sudo);
+ exit(rval);
+}
/*
- * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com>
*
* Borrowed heavily from newrole source code
/* Kernel may not have audit support. */
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT
)
- error(1, _("unable to open audit system"));
+ fatal(_("unable to open audit system"));
} else {
/* audit role change using the same format as newrole(1) */
easprintf(&message, "newrole: old-context=%s new-context=%s",
int noexec)
{
char **nargv;
+ const char *sesh;
int argc, serrno;
debug_decl(selinux_execve, SUDO_DEBUG_SELINUX)
+ sesh = sudo_conf_sesh_path();
+ if (sesh == NULL) {
+ warningx("internal error: sesh path not set");
+ errno = EINVAL;
+ debug_return;
+ }
+
if (setexeccon(se_state.new_context)) {
warning(_("unable to set exec context to %s"), se_state.new_context);
if (se_state.enforcing)
memcpy(&nargv[2], &argv[1], argc * sizeof(char *)); /* copies NULL */
/* sesh will handle noexec for us. */
- sudo_execve(_PATH_SUDO_SESH, nargv, envp, 0);
+ sudo_execve(sesh, nargv, envp, 0);
serrno = errno;
free(nargv);
errno = serrno;
/*
- * Copyright (c) 2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2008, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <string.h>
#include <signal.h>
#include <unistd.h>
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
#include "sudo_exec.h"
#include "sudo_plugin.h"
-sudo_conv_t sudo_conv; /* NULL in non-plugin */
-
-/*
- * Cleanup hook for error()/errorx()
- */
-void
-cleanup(int gotsignal)
-{
- return;
-}
+__dso_public int main(int argc, char *argv[], char *envp[]);
int
main(int argc, char *argv[], char *envp[])
int noexec = 0;
debug_decl(main, SUDO_DEBUG_MAIN)
-#ifdef HAVE_SETLOCALE
setlocale(LC_ALL, "");
-#endif
bindtextdomain(PACKAGE_NAME, LOCALEDIR);
textdomain(PACKAGE_NAME);
if (argc < 2)
- errorx(EXIT_FAILURE, _("requires at least one argument"));
+ fatalx(_("requires at least one argument"));
/* Read sudo.conf. */
- sudo_conf_read();
+ sudo_conf_read(NULL);
/* If argv[0] ends in -noexec, pass the flag to sudo_execve() */
if ((cp = strrchr(argv[0], '-')) != NULL && cp != argv[0])
--- /dev/null
+/*
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <errno.h>
+#include <signal.h>
+
+#include "sudo.h"
+
+int signal_pipe[2];
+
+static struct signal_state {
+ int signo;
+ int restore;
+ sigaction_t sa;
+} saved_signals[] = {
+ { SIGALRM }, /* SAVED_SIGALRM */
+ { SIGCHLD }, /* SAVED_SIGCHLD */
+ { SIGCONT }, /* SAVED_SIGCONT */
+ { SIGHUP }, /* SAVED_SIGHUP */
+ { SIGINT }, /* SAVED_SIGINT */
+ { SIGPIPE }, /* SAVED_SIGPIPE */
+ { SIGQUIT }, /* SAVED_SIGQUIT */
+ { SIGTERM }, /* SAVED_SIGTERM */
+ { SIGTSTP }, /* SAVED_SIGTSTP */
+ { SIGTTIN }, /* SAVED_SIGTTIN */
+ { SIGTTOU }, /* SAVED_SIGTTOU */
+ { SIGUSR1 }, /* SAVED_SIGUSR1 */
+ { SIGUSR2 }, /* SAVED_SIGUSR2 */
+ { -1 }
+};
+
+/*
+ * Save signal handler state so it can be restored before exec.
+ */
+void
+save_signals(void)
+{
+ struct signal_state *ss;
+ debug_decl(save_signals, SUDO_DEBUG_MAIN)
+
+ for (ss = saved_signals; ss->signo != -1; ss++)
+ sigaction(ss->signo, NULL, &ss->sa);
+
+ debug_return;
+}
+
+/*
+ * Restore signal handlers to initial state for exec.
+ */
+void
+restore_signals(void)
+{
+ struct signal_state *ss;
+ debug_decl(restore_signals, SUDO_DEBUG_MAIN)
+
+ for (ss = saved_signals; ss->signo != -1; ss++) {
+ if (ss->restore)
+ sigaction(ss->signo, &ss->sa, NULL);
+ }
+
+ debug_return;
+}
+
+static void
+sudo_handler(int signo)
+{
+ /*
+ * The pipe is non-blocking, if we overflow the kernel's pipe
+ * buffer we drop the signal. This is not a problem in practice.
+ */
+ ignore_result(write(signal_pipe[1], &signo, sizeof(signo)));
+}
+
+/*
+ * Trap tty-generated (and other) signals so we can't be killed before
+ * calling the policy close function. The signal pipe will be drained
+ * in sudo_execute() before running the command and new handlers will
+ * be installed in the parent.
+ */
+void
+init_signals(void)
+{
+ struct sigaction sa;
+ struct signal_state *ss;
+ debug_decl(init_signals, SUDO_DEBUG_MAIN)
+
+ /*
+ * We use a pipe to atomically handle signal notification within
+ * the select() loop without races (we may not have pselect()).
+ */
+ if (pipe_nonblock(signal_pipe) != 0)
+ fatal(_("unable to create pipe"));
+
+ memset(&sa, 0, sizeof(sa));
+ sigfillset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = sudo_handler;
+
+ for (ss = saved_signals; ss->signo > 0; ss++) {
+ switch (ss->signo) {
+ case SIGCHLD:
+ case SIGCONT:
+ case SIGPIPE:
+ case SIGTTIN:
+ case SIGTTOU:
+ /* Don't install these until exec time. */
+ break;
+ default:
+ if (ss->sa.sa_handler != SIG_IGN)
+ sigaction(ss->signo, &sa, NULL);
+ break;
+ }
+ }
+ debug_return;
+}
+
+/*
+ * Like sigaction() but sets restore flag in saved_signals[]
+ * if needed.
+ */
+int
+sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa)
+{
+ struct signal_state *ss;
+ int rval;
+ debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN)
+
+ for (ss = saved_signals; ss->signo > 0; ss++) {
+ if (ss->signo == signo) {
+ /* If signal was or now is ignored, restore old handler on exec. */
+ if (ss->sa.sa_handler == SIG_IGN || sa->sa_handler == SIG_IGN) {
+ sudo_debug_printf(SUDO_DEBUG_INFO,
+ "will restore signal %d on exec", signo);
+ ss->restore = true;
+ }
+ break;
+ }
+ }
+ rval = sigaction(signo, sa, osa);
+
+ debug_return_int(rval);
+}
--- /dev/null
+/*
+ * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+# include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_PROJECT_H
+# include <project.h>
+# include <sys/task.h>
+#endif
+#include <dlfcn.h>
+#include <errno.h>
+#include <pwd.h>
+
+#include "sudo.h"
+
+int
+os_init(int argc, char *argv[], char *envp[])
+{
+ /*
+ * Solaris 11 is unable to load the per-locale shared objects
+ * without this. We must keep the handle open for it to work.
+ * This bug was fixed in Solaris 11 Update 1.
+ */
+ void *handle = dlopen("/usr/lib/locale/common/methods_unicode.so.3",
+ RTLD_LAZY|RTLD_GLOBAL);
+ (void)&handle;
+
+ return os_init_common(argc, argv, envp);
+}
+
+#ifdef HAVE_PROJECT_H
+void
+set_project(struct passwd *pw)
+{
+ struct project proj;
+ char buf[PROJECT_BUFSZ];
+ int errval;
+ debug_decl(set_project, SUDO_DEBUG_UTIL)
+
+ /*
+ * Collect the default project for the user and settaskid
+ */
+ setprojent();
+ if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
+ errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
+ switch(errval) {
+ case 0:
+ break;
+ case SETPROJ_ERR_TASK:
+ switch (errno) {
+ case EAGAIN:
+ warningx(_("resource control limit has been reached"));
+ break;
+ case ESRCH:
+ warningx(_("user \"%s\" is not a member of project \"%s\""),
+ pw->pw_name, proj.pj_name);
+ break;
+ case EACCES:
+ warningx(_("the invoking task is final"));
+ break;
+ default:
+ warningx(_("could not join project \"%s\""), proj.pj_name);
+ }
+ case SETPROJ_ERR_POOL:
+ switch (errno) {
+ case EACCES:
+ warningx(_("no resource pool accepting default bindings "
+ "exists for project \"%s\""), proj.pj_name);
+ break;
+ case ESRCH:
+ warningx(_("specified resource pool does not exist for "
+ "project \"%s\""), proj.pj_name);
+ break;
+ default:
+ warningx(_("could not bind to default resource pool for "
+ "project \"%s\""), proj.pj_name);
+ }
+ break;
+ default:
+ if (errval <= 0) {
+ warningx(_("setproject failed for project \"%s\""), proj.pj_name);
+ } else {
+ warningx(_("warning, resource control assignment failed for "
+ "project \"%s\""), proj.pj_name);
+ }
+ }
+ } else {
+ warning("getdefaultproj");
+ }
+ endprojent();
+ debug_return;
+}
+#endif /* HAVE_PROJECT_H */
/*
- * Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/socket.h>
#if TIME_WITH_SYS_TIME
# include <time.h>
#endif
-#ifdef HAVE_SETLOCALE
-# include <locale.h>
-#endif
#ifdef HAVE_LOGIN_CAP_H
# include <login_cap.h>
# ifndef LOGIN_SETENV
# endif /* __hpux */
# include <prot.h>
#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
-#if defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined (HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV)
-# include <sys/sysctl.h>
-#elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV)
-# include <sys/sysctl.h>
-# include <sys/user.h>
-#endif
#include "sudo.h"
#include "sudo_plugin.h"
#include "sudo_plugin_int.h"
-#include <sudo_usage.h>
+#include "sudo_usage.h"
/*
* Local variables
struct plugin_container_list io_plugins;
struct user_details user_details;
const char *list_user, *runas_user, *runas_group; /* extern for parse_args.c */
+static struct command_details command_details;
static int sudo_mode;
/*
static struct rlimit nproclimit;
#endif
+__dso_public int main(int argc, char *argv[], char *envp[]);
+
int
main(int argc, char *argv[], char *envp[])
{
char **nargv, **settings, **env_add;
char **user_info, **command_info, **argv_out, **user_env_out;
struct plugin_container *plugin, *next;
- struct command_details command_details;
sigset_t mask;
debug_decl(main, SUDO_DEBUG_MAIN)
-#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
- {
- extern char *malloc_options;
- malloc_options = "AFGJPR";
- }
-#endif
-
-#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
- if (argc > 0)
- setprogname(argv[0]);
-#endif
+ os_init(argc, argv, envp);
-#ifdef HAVE_SETLOCALE
setlocale(LC_ALL, "");
-#endif
bindtextdomain(PACKAGE_NAME, LOCALEDIR);
textdomain(PACKAGE_NAME);
+#ifdef HAVE_TZSET
+ (void) tzset();
+#endif /* HAVE_TZSET */
+
/* Must be done before we do any password lookups */
#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
(void) set_auth_parameters(argc, argv);
fix_fds();
/* Read sudo.conf. */
- sudo_conf_read();
+ sudo_conf_read(NULL);
/* Fill in user_info with user name, uid, cwd, etc. */
memset(&user_details, 0, sizeof(user_details));
/* Load plugins. */
if (!sudo_load_plugins(&policy_plugin, &io_plugins))
- errorx(1, _("fatal error, unable to load plugins"));
+ fatalx(_("fatal error, unable to load plugins"));
/* Open policy plugin. */
ok = policy_open(&policy_plugin, settings, user_info, envp);
if (ok == -2)
usage(1);
else
- errorx(1, _("unable to initialize policy plugin"));
+ fatalx(_("unable to initialize policy plugin"));
}
+ init_signals();
+
switch (sudo_mode & MODE_MASK) {
case MODE_VERSION:
policy_show_version(&policy_plugin, !user_details.uid);
tq_foreach_fwd(&io_plugins, plugin) {
ok = iolog_open(plugin, settings, user_info, NULL,
nargc, nargv, envp);
- if (ok == 1)
+ if (ok != -1)
iolog_show_version(plugin, !user_details.uid);
}
break;
usage(1);
break;
default:
- errorx(1, _("error initializing I/O plugin %s"),
+ fatalx(_("error initializing I/O plugin %s"),
plugin->name);
}
}
if (ISSET(sudo_mode, MODE_BACKGROUND))
SET(command_details.flags, CD_BACKGROUND);
/* Become full root (not just setuid) so user cannot kill us. */
- (void) setuid(ROOT_UID);
+ if (setuid(ROOT_UID) == -1)
+ warning("setuid(%d)", ROOT_UID);
/* Restore coredumpsize resource limit before running. */
#ifdef RLIMIT_CORE
if (sudo_conf_disable_coredump())
/* The close method was called by sudo_edit/run_command. */
break;
default:
- errorx(1, _("unexpected sudo mode 0x%x"), sudo_mode);
+ fatalx(_("unexpected sudo mode 0x%x"), sudo_mode);
}
sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, exitcode);
exit(exitcode);
}
+int
+os_init_common(int argc, char *argv[], char *envp[])
+{
+#if !defined(HAVE_GETPROGNAME) && !defined(HAVE___PROGNAME)
+ if (argc > 0)
+ setprogname(argv[0]);
+#endif
+ return 0;
+}
+
/*
* Ensure that stdin, stdout and stderr are open; set to /dev/null if not.
* Some operating systems do this automatically in the kernel or libc.
miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1)
- error(1, _("unable to open %s"), _PATH_DEVNULL);
+ fatal(_("unable to open %s"), _PATH_DEVNULL);
if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1)
- error(1, "dup2");
+ fatal("dup2");
if (devnull > STDERR_FILENO)
close(devnull);
}
/*
* Allocate space for groups and fill in using getgrouplist()
- * for when we cannot use getgroups().
+ * for when we cannot (or don't want to) use getgroups().
*/
static int
-fill_group_list(struct user_details *ud)
+fill_group_list(struct user_details *ud, int system_maxgroups)
{
- int maxgroups, tries, rval = -1;
+ int tries, rval = -1;
debug_decl(fill_group_list, SUDO_DEBUG_UTIL)
-#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
- maxgroups = (int)sysconf(_SC_NGROUPS_MAX);
- if (maxgroups < 0)
-#endif
- maxgroups = NGROUPS_MAX;
-
/*
- * It is possible to belong to more groups in the group database
- * than NGROUPS_MAX. We start off with NGROUPS_MAX * 2 entries
- * and double this as needed.
+ * If user specified a max number of groups, use it, otherwise keep
+ * trying getgrouplist() until we have enough room in the array.
*/
- ud->groups = NULL;
- ud->ngroups = maxgroups;
- for (tries = 0; tries < 10 && rval == -1; tries++) {
- ud->ngroups *= 2;
- efree(ud->groups);
+ ud->ngroups = sudo_conf_max_groups();
+ if (ud->ngroups != -1) {
ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
- rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
+ /* No error on insufficient space if user specified max_groups. */
+ (void)getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
+ rval = 0;
+ } else {
+ /*
+ * It is possible to belong to more groups in the group database
+ * than NGROUPS_MAX. We start off with NGROUPS_MAX * 4 entries
+ * and double this as needed.
+ */
+ ud->groups = NULL;
+ ud->ngroups = system_maxgroups << 1;
+ for (tries = 0; tries < 10 && rval == -1; tries++) {
+ ud->ngroups <<= 1;
+ efree(ud->groups);
+ ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
+ rval = getgrouplist(ud->username, ud->gid, ud->groups, &ud->ngroups);
+ }
}
debug_return_int(rval);
}
{
char *cp, *gid_list = NULL;
size_t glsize;
- int i, len;
+ int i, len, maxgroups, group_source;
debug_decl(get_user_groups, SUDO_DEBUG_UTIL)
- /*
- * Systems with mbr_check_membership() support more than NGROUPS_MAX
- * groups so we cannot use getgroups().
- */
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+ maxgroups = (int)sysconf(_SC_NGROUPS_MAX);
+ if (maxgroups < 0)
+#endif
+ maxgroups = NGROUPS_MAX;
+
ud->groups = NULL;
-#ifndef HAVE_MBR_CHECK_MEMBERSHIP
- if ((ud->ngroups = getgroups(0, NULL)) > 0) {
- ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
- if (getgroups(ud->ngroups, ud->groups) < 0) {
- efree(ud->groups);
- ud->groups = NULL;
+ group_source = sudo_conf_group_source();
+ if (group_source != GROUP_SOURCE_DYNAMIC) {
+ if ((ud->ngroups = getgroups(0, NULL)) > 0) {
+ /* Use groups from kernel if not too many or source is static. */
+ if (ud->ngroups < maxgroups || group_source == GROUP_SOURCE_STATIC) {
+ ud->groups = emalloc2(ud->ngroups, sizeof(GETGROUPS_T));
+ if (getgroups(ud->ngroups, ud->groups) < 0) {
+ efree(ud->groups);
+ ud->groups = NULL;
+ }
+ }
}
}
-#endif /* HAVE_MBR_CHECK_MEMBERSHIP */
if (ud->groups == NULL) {
- if (fill_group_list(ud) == -1)
- error(1, _("unable to get group vector"));
+ /*
+ * Query group database if kernel list is too small or disabled.
+ * Typically, this is because NFS can only support up to 16 groups.
+ */
+ if (fill_group_list(ud, maxgroups) == -1)
+ fatal(_("unable to get group vector"));
}
/*
static char **
get_user_info(struct user_details *ud)
{
- char *cp, **user_info, cwd[PATH_MAX], host[MAXHOSTNAMELEN];
+ char *cp, **user_info, cwd[PATH_MAX], host[HOST_NAME_MAX + 1];
struct passwd *pw;
int fd, i = 0;
debug_decl(get_user_info, SUDO_DEBUG_UTIL)
pw = getpwuid(ud->uid);
if (pw == NULL)
- errorx(1, _("unknown uid %u: who are you?"), (unsigned int)ud->uid);
+ fatalx(_("unknown uid %u: who are you?"), (unsigned int)ud->uid);
user_info[i] = fmt_string("user", pw->pw_name);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->username = user_info[i] + sizeof("user=") - 1;
/* Stash user's shell for use with the -s flag; don't pass to plugin. */
if (getcwd(cwd, sizeof(cwd)) != NULL) {
user_info[++i] = fmt_string("cwd", cwd);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->cwd = user_info[i] + sizeof("cwd=") - 1;
}
if ((cp = get_process_ttyname()) != NULL) {
user_info[++i] = fmt_string("tty", cp);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->tty = user_info[i] + sizeof("tty=") - 1;
efree(cp);
}
strlcpy(host, "localhost", sizeof(host));
user_info[++i] = fmt_string("host", host);
if (user_info[i] == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
ud->host = user_info[i] + sizeof("host=") - 1;
get_ttysize(&ud->ts_lines, &ud->ts_cols);
break;
}
break;
+ case 'e':
+ if (strncmp("exec_background=", info[i], sizeof("exec_background=") - 1) == 0) {
+ if (atobool(info[i] + sizeof("exec_background=") - 1) == true)
+ SET(details->flags, CD_EXEC_BG);
+ break;
+ }
+ break;
case 'l':
SET_STRING("login_class=", login_class)
break;
#endif
details->pw = getpwuid(details->euid);
if (details->pw != NULL && (details->pw = pw_dup(details->pw)) == NULL)
- errorx(1, _("unable to allocate memory"));
+ fatalx(NULL);
#ifdef HAVE_SETAUTHDB
aix_restoreauthdb();
#endif
if (strchr(path, '/') != NULL && stat(path, &sb) == 0) {
/* Try to determine why sudo was not running as root. */
if (sb.st_uid != ROOT_UID || !ISSET(sb.st_mode, S_ISUID)) {
- errorx(1,
+ fatalx(
_("%s must be owned by uid %d and have the setuid bit set"),
path, ROOT_UID);
} else {
- errorx(1, _("effective uid is not %d, is %s on a file system "
+ fatalx(_("effective uid is not %d, is %s on a file system "
"with the 'nosuid' option set or an NFS file system without"
" root privileges?"), ROOT_UID, path);
}
} else {
- errorx(1,
+ fatalx(
_("effective uid is not %d, is sudo installed setuid root?"),
ROOT_UID);
}
debug_return;
}
-#ifdef HAVE_PROJECT_H
-static void
-set_project(struct passwd *pw)
-{
- struct project proj;
- char buf[PROJECT_BUFSZ];
- int errval;
- debug_decl(set_project, SUDO_DEBUG_UTIL)
-
- /*
- * Collect the default project for the user and settaskid
- */
- setprojent();
- if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
- errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
- switch(errval) {
- case 0:
- break;
- case SETPROJ_ERR_TASK:
- switch (errno) {
- case EAGAIN:
- warningx(_("resource control limit has been reached"));
- break;
- case ESRCH:
- warningx(_("user \"%s\" is not a member of project \"%s\""),
- pw->pw_name, proj.pj_name);
- break;
- case EACCES:
- warningx(_("the invoking task is final"));
- break;
- default:
- warningx(_("could not join project \"%s\""), proj.pj_name);
- }
- case SETPROJ_ERR_POOL:
- switch (errno) {
- case EACCES:
- warningx(_("no resource pool accepting default bindings "
- "exists for project \"%s\""), proj.pj_name);
- break;
- case ESRCH:
- warningx(_("specified resource pool does not exist for "
- "project \"%s\""), proj.pj_name);
- break;
- default:
- warningx(_("could not bind to default resource pool for "
- "project \"%s\""), proj.pj_name);
- }
- break;
- default:
- if (errval <= 0) {
- warningx(_("setproject failed for project \"%s\""), proj.pj_name);
- } else {
- warningx(_("warning, resource control assignment failed for "
- "project \"%s\""), proj.pj_name);
- }
- }
- } else {
- warning("getdefaultproj");
- }
- endprojent();
- debug_return;
-}
-#endif /* HAVE_PROJECT_H */
-
/*
* Setup the execution environment immediately prior to the call to execve()
* Returns true on success and false on failure.
set_project(details->pw);
#endif
#ifdef HAVE_PRIV_SET
- if (details->privs != NULL) {
- if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) {
- warning("unable to set privileges");
- goto done;
- }
- }
- if (details->limitprivs != NULL) {
- if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) {
- warning("unable to set limit privileges");
- goto done;
+ if (details->privs != NULL) {
+ if (setppriv(PRIV_SET, PRIV_INHERITABLE, details->privs) != 0) {
+ warning("unable to set privileges");
+ goto done;
+ }
}
- } else if (details->privs != NULL) {
- if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) {
- warning("unable to set limit privileges");
- goto done;
+ if (details->limitprivs != NULL) {
+ if (setppriv(PRIV_SET, PRIV_LIMIT, details->limitprivs) != 0) {
+ warning("unable to set limit privileges");
+ goto done;
+ }
+ } else if (details->privs != NULL) {
+ if (setppriv(PRIV_SET, PRIV_LIMIT, details->privs) != 0) {
+ warning("unable to set limit privileges");
+ goto done;
+ }
}
- }
#endif /* HAVE_PRIV_SET */
#ifdef HAVE_GETUSERATTR
policy_close(struct plugin_container *plugin, int exit_status, int error)
{
debug_decl(policy_close, SUDO_DEBUG_PCOMM)
- plugin->u.policy->close(exit_status, error);
+ if (plugin->u.policy->close != NULL)
+ plugin->u.policy->close(exit_status, error);
+ else
+ warning(_("unable to execute %s"), command_details.command);
debug_return;
}
policy_show_version(struct plugin_container *plugin, int verbose)
{
debug_decl(policy_show_version, SUDO_DEBUG_PCOMM)
+ if (plugin->u.policy->show_version == NULL)
+ debug_return_bool(true);
debug_return_bool(plugin->u.policy->show_version(verbose));
}
char **user_env_out[])
{
debug_decl(policy_check, SUDO_DEBUG_PCOMM)
+ if (plugin->u.policy->check_policy == NULL) {
+ fatalx(_("policy plugin %s is missing the `check_policy' method"),
+ plugin->name);
+ }
debug_return_bool(plugin->u.policy->check_policy(argc, argv, env_add,
command_info, argv_out, user_env_out));
}
{
debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM)
if (plugin->u.policy->invalidate == NULL) {
- errorx(1, _("policy plugin %s does not support the -k/-K options"),
+ fatalx(_("policy plugin %s does not support the -k/-K options"),
plugin->name);
}
plugin->u.policy->invalidate(remove);
iolog_close(struct plugin_container *plugin, int exit_status, int error)
{
debug_decl(iolog_close, SUDO_DEBUG_PCOMM)
- plugin->u.io->close(exit_status, error);
+ if (plugin->u.io->close != NULL)
+ plugin->u.io->close(exit_status, error);
debug_return;
}
iolog_show_version(struct plugin_container *plugin, int verbose)
{
debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM)
+ if (plugin->u.io->show_version == NULL)
+ debug_return_bool(true);
debug_return_bool(plugin->u.io->show_version(verbose));
}
/*
- * Copyright (c) 1993-1996, 1998-2005, 2007-2012
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
- *
- * $Sudo: sudo.h,v 1.290 2009/12/12 16:12:26 millert Exp $
*/
#ifndef _SUDO_SUDO_H
#endif
#ifdef __TANDEM
-# define ROOT_UID 65535
+# define ROOT_UID 65535
#else
-# define ROOT_UID 0
+# define ROOT_UID 0
#endif
/*
#define CD_RBAC_ENABLED 0x0800
#define CD_USE_PTY 0x1000
#define CD_SET_UTMP 0x2000
+#define CD_EXEC_BG 0x4000
struct command_details {
uid_t uid;
struct timeval;
-/* For error() and errorx() (XXX - needed?) */
+/* For fatal() and fatalx() (XXX - needed?) */
void cleanup(int);
/* tgetpass.c */
void zero_bytes(volatile void *, size_t);
/* exec.c */
+int pipe_nonblock(int fds[2]);
int sudo_execute(struct command_details *details, struct command_status *cstat);
-void save_signals(void);
-void restore_signals(void);
/* term.c */
int term_cbreak(int);
bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd);
int policy_init_session(struct command_details *details);
int run_command(struct command_details *details);
+int os_init_common(int argc, char *argv[], char *envp[]);
extern const char *list_user, *runas_user, *runas_group;
extern struct user_details user_details;
/* parse_args.c */
void usage(int);
+/* openbsd.c */
+int os_init_openbsd(int argc, char *argv[], char *envp[]);
+
/* selinux.c */
int selinux_restore_tty(void);
int selinux_setup(const char *role, const char *type, const char *ttyn,
void selinux_execve(const char *path, char *const argv[], char *const envp[],
int noexec);
+/* solaris.c */
+void set_project(struct passwd *);
+int os_init_solaris(int argc, char *argv[], char *envp[]);
+
/* aix.c */
void aix_prep_user(char *user, const char *tty);
void aix_restoreauthdb(void);
/* ttyname.c */
char *get_process_ttyname(void);
+/* signal.c */
+struct sigaction;
+extern int signal_pipe[2];
+int sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa);
+void init_signals(void);
+void restore_signals(void);
+void save_signals(void);
+
#endif /* _SUDO_SUDO_H */
/*
- * Copyright (c) 2004-2008, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004-2008, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/wait.h>
/* When restoring root, change euid first; otherwise change it last. */
if (euid == ROOT_UID) {
if (seteuid(ROOT_UID) != 0)
- error(1, "seteuid(ROOT_UID)");
+ fatal("seteuid(ROOT_UID)");
}
if (setegid(egid) != 0)
- error(1, "setegid(%d)", (int)egid);
+ fatal("setegid(%d)", (int)egid);
if (ngroups != -1) {
if (sudo_setgroups(ngroups, groups) != 0)
- error(1, "setgroups");
+ fatal("setgroups");
}
if (euid != ROOT_UID) {
if (seteuid(euid) != 0)
- error(1, "seteuid(%d)", (int)euid);
+ fatal("seteuid(%d)", (int)euid);
}
errno = serrno;
easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp);
}
if (seteuid(user_details.uid) != 0)
- error(1, "seteuid(%d)", (int)user_details.uid);
+ fatal("seteuid(%d)", (int)user_details.uid);
tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0);
if (seteuid(ROOT_UID) != 0)
- error(1, "seteuid(ROOT_UID)");
+ fatal("seteuid(ROOT_UID)");
if (tfd == -1) {
warning("mkstemps");
goto cleanup;
for (i = 0; i < nfiles; i++) {
rc = -1;
if (seteuid(user_details.uid) != 0)
- error(1, "seteuid(%d)", (int)user_details.uid);
+ fatal("seteuid(%d)", (int)user_details.uid);
if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) {
rc = fstat(tfd, &sb);
}
if (seteuid(ROOT_UID) != 0)
- error(1, "seteuid(ROOT_UID)");
+ fatal("seteuid(ROOT_UID)");
if (rc || !S_ISREG(sb.st_mode)) {
if (rc)
warning("%s", tf[i].tfile);
/*
- * Copyright (c) 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#define SIGCONT_FG -2
#define SIGCONT_BG -3
+/*
+ * Positions in saved_signals[]
+ */
+#define SAVED_SIGALRM 0
+#define SAVED_SIGCHLD 1
+#define SAVED_SIGCONT 2
+#define SAVED_SIGHUP 3
+#define SAVED_SIGINT 4
+#define SAVED_SIGPIPE 5
+#define SAVED_SIGQUIT 6
+#define SAVED_SIGTERM 7
+#define SAVED_SIGTSTP 8
+#define SAVED_SIGTTIN 9
+#define SAVED_SIGTTOU 10
+#define SAVED_SIGUSR1 11
+#define SAVED_SIGUSR2 12
+
/*
* Symbols shared between exec.c and exec_pty.c
*/
/* exec.c */
int sudo_execve(const char *path, char *const argv[], char *const envp[], int noexec);
-int pipe_nonblock(int fds[2]);
extern volatile pid_t cmnd_pid;
/* exec_pty.c */
int fork_pty(struct command_details *details, int sv[], int *maxfd, sigset_t *omask);
int perform_io(fd_set *fdsr, fd_set *fdsw, struct command_status *cstat);
int suspend_parent(int signo);
+void exec_cmnd(struct command_details *details, struct command_status *cstat,
+ int *errfd);
void fd_set_iobs(fd_set *fdsr, fd_set *fdsw);
#ifdef SA_SIGINFO
void handler(int s, siginfo_t *info, void *context);
void pty_close(struct command_status *cstat);
void pty_setup(uid_t uid, const char *tty, const char *utmp_user);
void terminate_command(pid_t pid, bool use_pgrp);
-extern int signal_pipe[2];
/* utmp.c */
bool utmp_login(const char *from_line, const char *to_line, int ttyfd,
/*
- * Copyright (c) 2004-2005, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2004-2005, 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
/*
- * Copyright (c) 2010-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
};
TQ_DECLARE(plugin_container)
-extern struct plugin_container_list policy_plugins;
+extern struct plugin_container policy_plugin;
extern struct plugin_container_list io_plugins;
int sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
/*
- * Copyright (c) 1996, 1998-2005, 2007-2011
+ * Copyright (c) 1996, 1998-2005, 2007-2013
* Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
static volatile sig_atomic_t signo[NSIG];
-static void handler(int);
+static void tgetpass_handler(int);
static char *getln(int, char *, size_t, int);
static char *sudo_askpass(const char *, const char *);
/* If using a helper program to get the password, run it instead. */
if (ISSET(flags, TGP_ASKPASS)) {
if (askpass == NULL || *askpass == '\0')
- errorx(1, _("no askpass program specified, try setting SUDO_ASKPASS"));
+ fatalx(_("no askpass program specified, try setting SUDO_ASKPASS"));
debug_return_str_masked(sudo_askpass(askpass, prompt));
}
zero_bytes(&sa, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */
- sa.sa_handler = handler;
+ sa.sa_handler = tgetpass_handler;
(void) sigaction(SIGALRM, &sa, &savealrm);
(void) sigaction(SIGINT, &sa, &saveint);
(void) sigaction(SIGHUP, &sa, &savehup);
debug_decl(sudo_askpass, SUDO_DEBUG_CONV)
if (pipe(pfd) == -1)
- error(1, _("unable to create pipe"));
+ fatal(_("unable to create pipe"));
if ((pid = fork()) == -1)
- error(1, _("unable to fork"));
+ fatal(_("unable to fork"));
if (pid == 0) {
/* child, point stdout to output side of the pipe and exec askpass */
warning("dup2");
_exit(255);
}
- (void) setuid(ROOT_UID);
+ if (setuid(ROOT_UID) == -1)
+ warning("setuid(%d)", ROOT_UID);
if (setgid(user_details.gid)) {
warning(_("unable to set gid to %u"), (unsigned int)user_details.gid);
_exit(255);
}
static void
-handler(int s)
+tgetpass_handler(int s)
{
if (s != SIGALRM)
signo[s] = 1;
#endif
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/stat.h>
#if defined(MAJOR_IN_MKDEV)
# include <sys/mkdev.h>
# endif
#endif
#if defined(HAVE_STRUCT_KINFO_PROC_P_TDEV) || defined (HAVE_STRUCT_KINFO_PROC_KP_EPROC_E_TDEV) || defined(HAVE_STRUCT_KINFO_PROC2_P_TDEV)
+# include <sys/param.h>
# include <sys/sysctl.h>
#elif defined(HAVE_STRUCT_KINFO_PROC_KI_TDEV)
+# include <sys/param.h>
# include <sys/sysctl.h>
# include <sys/user.h>
#endif
#elif defined(HAVE_SYS_PROCFS_H)
# include <sys/procfs.h>
#endif
+#ifdef HAVE_PSTAT_GETPROC
+# include <sys/param.h>
+# include <sys/pstat.h>
+#endif
#include "sudo.h"
debug_return_str(estrdup(tty));
}
-#else
+#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || defined(__linux__)
/*
* Devices to search before doing a breadth-first scan.
*/
if (dir[0] == '\0' || (d = opendir(dir)) == NULL)
goto done;
+ sudo_debug_printf(SUDO_DEBUG_INFO, "scanning for dev %u in %s",
+ (unsigned int)rdev, dir);
+
sdlen = strlen(dir);
if (dir[sdlen - 1] == '/')
sdlen--;
continue;
}
# if defined(HAVE_STRUCT_DIRENT_D_TYPE) && defined(DTTOIF)
- /* Use d_type to avoid a stat() if possible. */
- /* Convert d_type to stat-style type bits but follow links. */
- if (dp->d_type != DT_LNK && dp->d_type != DT_CHR)
+ /*
+ * Convert dp->d_type to sb.st_mode to avoid a stat(2) if possible.
+ * We can't use it for links (since we want to follow them) or
+ * char devs (since we need st_rdev to compare the device number).
+ */
+ if (dp->d_type != DT_UNKNOWN && dp->d_type != DT_LNK && dp->d_type != DT_CHR)
sb.st_mode = DTTOIF(dp->d_type);
else
# endif
}
if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev) {
devname = estrdup(pathbuf);
+ sudo_debug_printf(SUDO_DEBUG_INFO, "resolved dev %u as %s",
+ (unsigned int)rdev, pathbuf);
goto done;
}
}
if (S_ISCHR(sb.st_mode) && sb.st_rdev == rdev)
tty = estrdup(buf);
}
+ sudo_debug_printf(SUDO_DEBUG_INFO, "comparing dev %u to %s: %s",
+ (unsigned int)rdev, buf, tty ? "yes" : "no");
} else {
/* Traverse directory */
tty = sudo_ttyname_scan(devname, rdev, true);
#if defined(sudo_kp_tdev)
/*
* Return a string from ttyname() containing the tty to which the process is
- * attached or NULL if there is no tty associated with the process (or its
- * parent). First tries sysctl using the current pid, then the parent's pid.
- * Falls back on ttyname of std{in,out,err} if that fails.
+ * attached or NULL if the process has no controlling tty.
*/
char *
get_process_ttyname(void)
char *tty = NULL;
struct sudo_kinfo_proc *ki_proc = NULL;
size_t size = sizeof(*ki_proc);
- int i, mib[6], rc;
+ int mib[6], rc;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
/*
- * Lookup tty for this process and, failing that, our parent.
- * Even if we redirect std{in,out,err} the kernel should still know.
+ * Lookup controlling tty for this process via sysctl.
+ * This will work even if std{in,out,err} are redirected.
*/
- for (i = 0; tty == NULL && i < 2; i++) {
- mib[0] = CTL_KERN;
- mib[1] = SUDO_KERN_PROC;
- mib[2] = KERN_PROC_PID;
- mib[3] = i ? (int)getppid() : (int)getpid();
- mib[4] = sizeof(*ki_proc);
- mib[5] = 1;
- do {
- size += size / 10;
- ki_proc = erealloc(ki_proc, size);
- rc = sysctl(mib, sudo_kp_namelen, ki_proc, &size, NULL, 0);
- } while (rc == -1 && errno == ENOMEM);
- if (rc != -1) {
- if (ki_proc->sudo_kp_tdev != (dev_t)-1) {
- tty = sudo_ttyname_dev(ki_proc->sudo_kp_tdev);
- if (tty == NULL) {
- sudo_debug_printf(SUDO_DEBUG_WARN,
- "unable to map device number %u to name",
- ki_proc->sudo_kp_tdev);
- }
+ mib[0] = CTL_KERN;
+ mib[1] = SUDO_KERN_PROC;
+ mib[2] = KERN_PROC_PID;
+ mib[3] = (int)getpid();
+ mib[4] = sizeof(*ki_proc);
+ mib[5] = 1;
+ do {
+ size += size / 10;
+ ki_proc = erealloc(ki_proc, size);
+ rc = sysctl(mib, sudo_kp_namelen, ki_proc, &size, NULL, 0);
+ } while (rc == -1 && errno == ENOMEM);
+ if (rc != -1) {
+ if (ki_proc->sudo_kp_tdev != (dev_t)-1) {
+ tty = sudo_ttyname_dev(ki_proc->sudo_kp_tdev);
+ if (tty == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_WARN,
+ "unable to map device number %u to name",
+ ki_proc->sudo_kp_tdev);
}
- } else {
- sudo_debug_printf(SUDO_DEBUG_WARN,
- "unable to resolve tty via KERN_PROC: %s", strerror(errno));
}
+ } else {
+ sudo_debug_printf(SUDO_DEBUG_WARN,
+ "unable to resolve tty via KERN_PROC: %s", strerror(errno));
}
efree(ki_proc);
#elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV)
/*
* Return a string from ttyname() containing the tty to which the process is
- * attached or NULL if there is no tty associated with the process (or its
- * parent). First tries /proc/pid/psinfo, then /proc/ppid/psinfo.
- * Falls back on ttyname of std{in,out,err} if that fails.
+ * attached or NULL if the process has no controlling tty.
*/
char *
get_process_ttyname(void)
char path[PATH_MAX], *tty = NULL;
struct psinfo psinfo;
ssize_t nread;
- int i, fd;
+ int fd;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
/* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */
- for (i = 0; tty == NULL && i < 2; i++) {
- (void)snprintf(path, sizeof(path), "/proc/%u/psinfo",
- i ? (unsigned int)getppid() : (unsigned int)getpid());
- if ((fd = open(path, O_RDONLY, 0)) == -1)
- continue;
+ snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)getpid());
+ if ((fd = open(path, O_RDONLY, 0)) != -1) {
nread = read(fd, &psinfo, sizeof(psinfo));
close(fd);
if (nread == (ssize_t)sizeof(psinfo)) {
dev_t rdev = (dev_t)psinfo.pr_ttydev;
-#ifdef DEVNO64
+#if defined(_AIX) && defined(DEVNO64)
if (psinfo.pr_ttydev & DEVNO64)
rdev = makedev(major64(psinfo.pr_ttydev), minor64(psinfo.pr_ttydev));
#endif
#elif defined(__linux__)
/*
* Return a string from ttyname() containing the tty to which the process is
- * attached or NULL if there is no tty associated with the process (or its
- * parent). First tries field 7 in /proc/pid/stat, then /proc/ppid/stat.
- * Falls back on ttyname of std{in,out,err} if that fails.
+ * attached or NULL if the process has no controlling tty.
*/
char *
get_process_ttyname(void)
{
- char *line = NULL, *tty = NULL;
+ char path[PATH_MAX], *line = NULL, *tty = NULL;
size_t linesize = 0;
ssize_t len;
- int i;
+ FILE *fp;
debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
/* Try to determine the tty from tty_nr in /proc/pid/stat. */
- for (i = 0; tty == NULL && i < 2; i++) {
- FILE *fp;
- char path[PATH_MAX];
- (void)snprintf(path, sizeof(path), "/proc/%u/stat",
- i ? (unsigned int)getppid() : (unsigned int)getpid());
- if ((fp = fopen(path, "r")) == NULL)
- continue;
+ snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid());
+ if ((fp = fopen(path, "r")) != NULL) {
len = getline(&line, &linesize, fp);
fclose(fp);
if (len != -1) {
}
}
}
+ efree(line);
}
- efree(line);
debug_return_str(tty);
}
+#elif HAVE_PSTAT_GETPROC
+/*
+ * Return a string from ttyname() containing the tty to which the process is
+ * attached or NULL if the process has no controlling tty.
+ */
+char *
+get_process_ttyname(void)
+{
+ struct pst_status pstat;
+ char *tty = NULL;
+ debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL)
+
+ /* Try to determine the tty from psdev in struct pst_status. */
+ if (pstat_getproc(&pstat, sizeof(pstat), 0, (int)getpid()) != -1) {
+ if (pstat.pst_term.psd_major != -1 && pstat.pst_term.psd_minor != -1) {
+ tty = sudo_ttyname_dev(makedev(pstat.pst_term.psd_major,
+ pstat.pst_term.psd_minor));
+ }
+ }
+ debug_return_str(tty);
+}
#else
/*
* Return a string from ttyname() containing the tty to which the process is
- * attached or NULL if there is no tty associated with the process.
- * parent).
+ * attached or NULL if the process has no controlling tty.
*/
char *
get_process_ttyname(void)
/*
- * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <config.h>
#include <sys/types.h>
-#include <sys/param.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <stdio.h>
* doesn't take an argument.
*/
if ((sfd = dup(STDIN_FILENO)) == -1)
- error(1, _("unable to save stdin"));
+ fatal(_("unable to save stdin"));
if (dup2(ttyfd, STDIN_FILENO) == -1)
- error(1, _("unable to dup2 stdin"));
+ fatal(_("unable to dup2 stdin"));
slot = ttyslot();
if (dup2(sfd, STDIN_FILENO) == -1)
- error(1, _("unable to restore stdin"));
+ fatal(_("unable to restore stdin"));
close(sfd);
debug_return_int(slot);
The basic philosophy is to give as few privileges as possible but \
still allow people to get their work done."
vendor="Todd C. Miller"
- copyright="(c) 1993-1996,1998-2012 Todd C. Miller"
+ copyright="(c) 1993-1996,1998-2013 Todd C. Miller"
sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
$sbindir/visudo 0755
$bindir/sudoreplay 0755
$includedir/sudo_plugin.h 0644
- $libexecdir/* $shlib_mode optional
+ $libexecdir/sudo/ 0755
+ $libexecdir/sudo/sesh 0755 optional,ignore-others
+ $libexecdir/sudo/* $shlib_mode optional
$sudoersdir/sudoers.d/ 0750 $sudoers_uid:$sudoers_gid
$timedir/ 0700 root:
$docdir/ 0755
projects / debian / sudo / commitdiff